BALI member of Commission III of the DPR RI, Bambang Soesatyo, emphasized that the transfer of cross-border personal data, including to the United States, was not a violation of the law. Bamsoet emphasized that this was only justified if it was in accordance with the Personal Data Protection Law (UU PDP) and was carried out legally, limitedly and accountably.
"The PDP Law is a legal basis in data traffic between countries. The digital economy, cloud services, artificial intelligence, and international financial transactions, all depend on the smoothness and security of personal data transfers," said Bamsoet in an official statement received by VOI, July 27.
According to the 15th chairman of the MPR RI, article 56 of the PDP Law strictly allows the transfer of personal data abroad, with three main conditions. First, destination countries have equivalent or better data protection from Indonesia. Second, there is an international agreement between countries or between data controllers. Third, the data owner gives approval after knowing the risks transparently.
"Without a legal basis, such as approval of data subjects, legal obligations, public interests, or official contracts, the transfer is illegal legally," he said.
Furthermore, Bamsoet also highlighted that the United States has not been as strict as the European Union in terms of data protection. However, since the enactment of the Data Privacy Framework (DPF) between the US and the European Union, in July 2023, America has been officially recognized to have adequate standards.
SEE ALSO:
"If the most stringent European Union has acknowledged the US, Indonesia should not be left behind. We must be realistic. The important thing is that the protection of data subjects is guaranteed and the legal basis is strong," he explained.
In the global cloud era such as Google Cloud, AWS, or Microsoft Azure, data transfer occurs almost every second. The challenge, not to stop the flow of data, but to ensure the security, verification, and protection that can be accounted for.
"Personal data transfer is not a problem, as long as it is in accordance with the PDP Law, is accountable, there is an adequate legal basis and protection. The government and business actors just have to consistently obey it," concluded Bamsoet.
The English, Chinese, Japanese, Arabic, and French versions are automatically generated by the AI. So there may still be inaccuracies in translating, please always see Indonesian as our main language. (system supported by DigitalSiber.id)
