Theft Of Personal Data Is A Terrible Thing, The Government Is Asked To Speed Up The PDP Bill

Pixabay illustration

JAKARTA - The government is asked to speed up the discussion of the Personal Data Protection Bill (PDP). One of the important goals is to become a legal umbrella for the data security of Indonesian citizens.

According to Maplecode.id Commissioner Ahmad Faizun, the regulation regarding the Private Scope Electronic System Operator (PSE) issued by the Ministry of Communication and Information (Kemnkominfo) is very positive as a non-negotiable regulation in enforcing the law. Not only that, the Private Scope PSE also protects Indonesian citizens and increases the confidence of foreign investors.

“Regulation without enforcement is nothing. The Indonesian government should do this more often. Creating strong regulations with non-negotiation implementation and law enforcement. Only with actions like this will increase the level of trust and foreign investors in Indonesia," said Faiz in a written statement received by VOI, Sunday, August 14.

Logically, Faiz believes that PSE is a detail or derivative regulation of the Electronic Information and Transactions Law (UU ITE) which was released in 2008 and updated in 2016.

“This is the beginning of the Indonesian government's protection of civil rights. Following the PSE regulations, the Indonesian government must immediately issue the PDP Law, which is currently still in the final draft version," he said.

Compared to other countries, Europe is known for the General Data Protection Regulation (GDPR). This regulation is a regulation in the EU legislation on data protection and privacy in the European Union and the European Economic Area.

With the implementation of GDPR, countries that make the rule a positive law can impose fines of up to 10 million euros or in the case of a business up to 2% of all global turnover in the previous fiscal year.

“According to the case law of the European Court of Justice, the concept of a business includes any entity that engages in economic activity, regardless of the legal status of the entity or the manner in which it is financed. Therefore, a business can not only consist of one individual company in the sense of a legal entity, but also of several individuals or legal entities. Thus, the entire group can be treated as one business and its total annual turnover worldwide can be used to calculate fines for GDPR violations from one of its companies,” said Fauzin.

Not only paying attention to the rules that apply internationally, Faiz emphasized that the application of punishment at the national level must be effective, proportional, and deterrent.

"Well, if we look at the draft of the PDP Law. The severe penalty is 70 billion rupiah or about 5 million USD. This number is too small for an international entity that has been operating in Indonesia as a giant multinational company whose reputation in the capital market is enjoyed by more than 250 million Indonesians,” said the man who also serves as the main commissioner of the Hygio health water company.

Returning to the implementation of the PSE, Faiz said that although it was a bit late, the government had good intentions to follow other countries to protect the rights and privacy of their citizens. From a micro perspective, the individual, every living citizen of the Republic of Indonesia, he emphasized, is very important to protect their data.

“Imagine all e-commerce in Indonesia, the main players. Who owns it? Can the Indonesian government guarantee that their data, which is currently collected into their website and mobile application, will not be shared with unnecessary parties without the prior written consent of the data owner?” said the man who was born in Cilacap in 1987.

'Will they protect their customer data from hackers? Will they store data inside Indonesia? Or will they send everything to their main data center in their country? Data, is the treasure of the future. Imagine Samsung and Xiaomi (two top successful mobile phone manufacturers in Indonesia) starting to collect their customers' behavior in using data, browser history, and even SMS into their systems," he added.

In the name of data protection, the manufacture of hardware that collects individual data, location of events, GPS, when the user moves and transmits data, without the user's consent in some way reminds Faiz to be legally reported to the government and stopped as much as possible. The reason is, firstly because it violates the privacy of handset users. While the second reason, because of the theft of user bandwidth for their own use without the user's permission.