Measuring the Personal Data Protection Bill

The progress of the digital economy in Indonesia is increasingly rapid. This progress has actually become a loophole for other problems such as the many parties spreading fake news or hoaxes by misusing personal data. This condition then gave rise to a public debate related to the Personal Data Protection (PDP) Bill which is currently being discussed in parliament. So to what extent can the PDP Bill made by the DPR provide guarantees for the security of personal data? Is it necessary to form a special institution that serves as the owner of the personal data protection authority?

The Populi Forum discussed it in a discussion entitled "Assessing the PDP Bill" on Thursday (25/03/2021), presenting Damar Juniarto (Executive Director, SAFEnet), Susanti Simanjuntak (Researcher, Kompas Research and Development), and Dimas Ramadhan (Researcher, Populi Center) as speakers.

The first speaker, Susanti Simanjuntak stated that the results of the Litbang Kompas survey showed that 90.8 percent of respondents considered it important and very important for the law on personal data protection in cyberspace to be passed. 53 percent of respondents stated that they had known about criminal acts related to the theft of personal data. In fact, 14.4 percent of them admitted to having been victims. As many as 55 percent of respondents stated that they were afraid to use social media after knowing about or experiencing criminal acts in cyberspace. 63 percent of respondents considered that the state's protection of its citizens' personal data was inadequate.

The second speaker, Damar Juniarto, revealed that as of November 2019, 130 countries have adopted privacy protection laws. In general, the PDP Bill narrows the meaning of the right to privacy. In fact, personal data is not just property, but concerns virtual human dignity. The regulation regarding the prohibition of profiling is missing. Profiling is even considered as general personal data as in Article 3 paragraph 2 e. The practice of illegal wiretapping is not highlighted much in the PDP Bill. The PDP Bill eliminates criminal sanctions for State Institutions or so-called Public Agencies if they commit personal data violations in Articles 51 to 54. The sanctions applied by the PDP Bill are too high and there is discrimination in sanctions. And no implementing agency was appointed to supervise PDP.

Another resource person, Dimas Ramadhan highlighted that in the era of increasingly developing information technology, personal data is an asset or commodity with high economic value. As a result, various methods are used to collect as much personal data as possible in a way that often does not respect a person's right to privacy. Owners of personal data banks can profile individual or group data. In the financial services sector, one example of the use of personal data that is exchanged/traded is the offer of loans via SMS or even telephone which is now increasingly widespread. In the electoral political sector, candidates or political parties use it for microtargeting in campaigns, which Ira S Rubinstain (Voter Privacy in The Age of Big Data, 2014) calls "more precise, efficient, and individualized".