Privacy & Cybersecurity Law Blog

On July 14, 2015, pursuant to an implementation requirement of Government Regulation 82 of 2012, the Indonesian government published the Draft Regulation of the Minister of Communication and Information (RPM) of the Protection of Personal Data in Electronic Systems (“Proposed Regulation”). The Proposed Regulation addresses the protection of personal data collected by a variety of government agencies, enumerates the rights of those whose personal data is collected and the obligations of users of Information Communication Technology. Agencies to which the Proposed Regulation would apply include: the Directorate General of Immigration, which manages passport data; the Financial Services Authority, which regulates financial sector data; the Bank Indonesia, which regulates banking data; the Indonesian Consumers Foundation, which regulates protection of consumer data; the National Archives; and the Ministry of Health, which regulates health data and archives. The government provided a 10-day comment period for the proposal.

The Indonesian government also recently issued proposed guidelines for the registration of software to be used in “public services.” The guidelines carry out a mandate from Government Regulation No. 82 of 2012. The guidelines, as proposed, would require such software to be registered with the Ministry of Communications and Information Technology and meet certain requirements for security and reliability. One potential weakness of the guidelines is their failure to define “public services.” The government will accept public comments on this proposal through July 31.