Gaduh Data Facebook

This post was first published by Indonesian Daily Harian Republika in its Op-ed column on Monday, 26 March 2018. Reproduced here for educational and non-commercial purposes.

Oleh: Sonny Zulhuda

Berita terungkapnya penggunaan data 50 juta pengguna Facebook di Amerika Serikat (AS) menambah panjang daftar keresahan dan keluhan masyarakat internasional terhadap media sosial yang dipimpin oleh Mark Zuckerberg itu.

Terungkap, data tersebut digunakan konsultan pemilu Cambridge Analytica di AS untuk menganalisa pola dan kecenderungan warga calon pemilih di Pemilu AS. Perusahaan ini juga dianggap menyukseskan kemenangan Donald Trump pada Pemilu 2016 lalu.

1775-1
Image credit to: http://origin-fastcompany.com

Walaupun sepak terjang konsultan Pemilu sudah sering kita dengar, kali ini kita mendapatkan fakta gamblang bagaimana analisis big data dilakukan terhadap jutaan calon pemilih dengan tujuan melakukan pemetaan pemilih serta penyebaran propaganda peserta pemilu secara langsung ke sasaran.

Gambaran mudahnya, jika dalam pilkada daerah X diketahui sejumlah besar warga pemilih dalam di wilayah itu menyukai sepakbola, maka sang konsultan akan mengemas si cagub atau cabup sebagai seorang yang gemar sepakbola serta mengusung agenda terkait sepak bola untuk bahan kampanyenya.

Yang menjadi kegundahan dan kegaduhan adalah data analytics tersebut dilakukan berdasarkan data pribadi pengguna media sosial yang sebelumnya tidak pernah diberitahu bahwa datanya akan dipakai untuk keperluan komersial oleh konsultan pemilu itu.

Dalam konteks etika dan hukum, hal ini bisa dianggap breach of confidence atau breach of privacy, semacam pelanggaran atas privasi dan kerahasiaan yang bisa mengakibatkan kesalahan perdata bahkan pidana.

Apalagi, kita tahu data pribadi kita di Facebook bisa sangat menyeluruh. Mulai dari identitas (nama, tanggal lahir, nomor KTP/Jaminan sosial); data historis (asal daerah, pendidikan, pekerjaan, karier); data geografis (tempat tinggal, perjalanan, komunikasi); biologis (gambar wajah dan anatomi tubuh yang memaparkan tinggi dan berat badan, wana kulit, rambut dan mata); sampai data lainnya, seperti preferensi, anggota keluarga, pilihan politik, pertemanan dan lain-lain.

Continue reading “Gaduh Data Facebook”

Personal Data Protection Law in Indonesia: The Law No. 11/2008 (“UU-ITE”) and its Amendment in 2016

By: Sonny Zulhuda

wonderful indonesiaIndonesia slowly emerges to put some regulations in place pertaining to the cyberspace activities. Few laws and regulations now come up that address personal data protection (PDP). In this first post, I would like to highlight some rules of personal data protection law as found in the first Indonesian cyberlaw, i.e. Law on e-Information and e-Transaction.

Law No. 11/2008 (“UU-ITE”)

First is the “Undang-undang Nomor 11 Tahun 2008 tentang Informasi dan Transaksi Elektronik” (popularly known as UU-ITE in Indonesian) or the Law No. 11 Year 2008 on the Electronic Information and Electronic Transaction (“Law No. 11/2008”).

This Law only has one section that addresses the issues of informational privacy or personal data protection, namely section 26. I had written some comments on this provision in my previous blog. In sum, section 26(1) provides for a general rule that consent is required whenever personal data is being electronically “used” (instead of “processed” – see my comments below). Section 26(2) provides that any breach or infringement of section 26(1) can be a basis for remedies.

Article 26 of the Law No. 11/2008 on the Electronic Information and Electronic Transaction (UU-ITE) stipulates that:

(1) Otherwise stipulated by the laws and regulations, the use of any information by means of electronic media relating to someone’s personal data shall be carried out with the approval from the person concerned.

(2) Every person whose privacy right is infringed upon as referred to in clause(1), may file a law-suit [action-added] for the loss incurred based on this Law. (As translated by the Ministry of Communication and Information Technology).

Meanwhile, the statutory elucidation of the Act explains that this provision is an acknowledgement of the privacy right protection. It goes on explaining that, the meaning of privacy right includes the following:

  1. A right to enjoy a private life free from interference;
  2. A right to communicate with other persons free from spying/surveillance;
  3. A right to access to information about his private life and private information.

Continue reading “Personal Data Protection Law in Indonesia: The Law No. 11/2008 (“UU-ITE”) and its Amendment in 2016″

Data Privacy in Indonesia — Quo Vadis?

Oleh: Sonny Zulhuda

(Disadur dari Kolom Telematika di Detikinet.com terbit tgl 24/1/2011 disini)

boss-spying-on-youBerita tentang kemungkinan kebocoran (atau tepatnya pembocoran) 25 juta data pelanggan telekomunikasi di Indonesia merupakan sebuah isu yang perlu dicermati lebih dalam. Kejadian serupa telah menghantui komunitas pengguna dan pelanggan jasa telekomunikasi (termasuk e-commerce) di berbagai belahan di dunia.

Dengan berbagai inovasi teknologi informasi, data pribadi tidak lagi dilihat sebagai kelengkapan transaksi, namun telah menjadi komoditas bisnis. Tidak salah jika muncul anggapan bahwa tambang data (data mining) tidak lama lagi akan menjadi primadona bisnis menggantikan tambang emas yang makin terkikis ketersediaannya.

Inti permasalahan tentang kebocoran data konsumen terletak pada beberapa kesalahan berpikir yang perlu segera dikoreksi. Pertama, bahwa DATA (termasuk data pribadi) tidak seperti harta/aset yang memiliki sifat dan hak-hak terkait perlindungan properti (property rights). Kedua, bahwa hak melindungi kepentingan dan kehidupan PRIBADI bukan merupakan bagian dari hak asasi manusia.

Continue reading “Data Privacy in Indonesia — Quo Vadis?”

IT Law Improves Country’s Competitiveness

By: Sonny Zulhuda

The above is my paper that I delivered in a seminar at Law Faculty, University Diponegoro (Undip), Semarang, this month (June 2o1o). More than 120 participants attended mostly academics, faculties and law students from that University. Beside me as speaker was Prof. Dr. Nyoman Sarikat Putrajaya from the Law Faculty of Undip.

We discussed how the cyberlaw and other IT-related legislation can improve the competitiveness of the country, in this respect Indonesia. Variety of issues were being highlighted and debated including international law, cybercrime, content regulation, e-commerce law, phishing and carding, personal data protection, and -unsurprisingly the most popular topic- the latest incident of online porn that involved some national celebrities.

The program was organised by the Asian Law Students Association (ALSA), Undip Local Chapter in cooperation with Law Firm Prihatwono & Partners. My long-time friend Rico from the Law Firm acted as the moderator. Should you are interested to know further about the paper, you can let me know by email (zulhuda at yahoo dot com). Ah, by the way, it is in Indonesian language! 🙂

Sistem ‘Co-regulatory’ Penanganan Konten Internet di Indonesia

Oleh: Sonny Zulhuda

Dalam menangani kelestarian berekspresi di Internet, diperlukan infrastruktur pengaturan yang bisa berbentuk self-regulatory (pengaturan sendiri) atau state regulatory (pengaturan via perangkat undang-undang oleh pemerintah).  Namun dari itu semua, yang ideal adalah dengan pendekatan sinergis antara semua pihak yg terkait, atau para pemangku kepentingan (stakeholders). Pendekatan ini biasa dikenal sebagai ‘pengaturan bersama’ atau ‘co-regulatory approach’). Bagaimana pendekatan ‘co-regulatory’ bagi isu pemuatan konten bisa dilaksanakan di Indonesia?

Di Indonesia, tindakan pemuatan informasi yang menimbulkan permusuhan/kebencian, misalnya, berdasarkan agama, dapat dikenakan sanksi berlapis di bawah Kitab Undang-undang Hukum Pidana (KUHP) dan UU No. 11/2008 tentang Informasi dan Transaksi Elektronik (UU-ITE) dengan ancaman denda maksimal satu milyar rupiah dan/atau penjara enam tahun.

Continue reading “Sistem ‘Co-regulatory’ Penanganan Konten Internet di Indonesia”

Pertanggungjawaban Penyedia Jasa Internet (ISP) di bawah UU Pornografi

 By: Sonny Zulhuda

UU Pornografi melarang pemuatan dan penyebarluasan Pornografi di berbagai media termasuk Internet. Masalahnya, seringkali pembuat atau pemasok pornografi di Internet adalah anonim alias tidak bernama atau beridentitas.

Hal ini sangat dimungkinkan mengingat fasilitas Internet seperti situs, blog, atau email pada umumnya tersedia secara gratis dan tidak memerlukan identitas asli pendaftar. Sementara data mutakhir di Indonesia menunjukkan mayoritas pengguna Internet memakai fasilitas umum seperti warnet, atau fasilitas kantor atau sekolah yang tidak diatur sistem aksesnya. Keadaan ini bisa mengaburkan identifikasi orang yang memproduksi, memuat atau meyebarkan pornografi di Internet.

Continue reading “Pertanggungjawaban Penyedia Jasa Internet (ISP) di bawah UU Pornografi”

Pengaturan Konten Internet: UU Pornografi vis a vis UU ITE

By: Sonny Zulhuda

Bangsa Indonesia sekali lagi mencatat peristiwa penting dengan lahirnya Undang-undang Pornografi (UUP) yang bertujuan menciptakan kepastian hukum atas penggunaan, penyediaan dan penyebaran produk dan jasa pornografi di tengah-tengah masyarakat Indonesia. Coretan kecil ini mencoba melihat beberapa tantangan implementasinya di ruang maya.

Continue reading “Pengaturan Konten Internet: UU Pornografi vis a vis UU ITE”

Indonesia’s first cyberlaw officially signed, gazetted and numbered

This had came to my knowledge over a month ago, but could only wrote it here now. The Indonesia’s first cyberlaw has now been officially gazetted and designated a new number. The law shall now be known as (in Indonesian) UNDANG-UNDANG REPUBLIK NO. 11 TAHUN 2008 TENTANG INFORMASI DAN TRANSAKSI ELEKTRONIK. The law is gazetted in ‘LEMBARAN NEGARA NO.58’ and ‘TAMBAHAN LEMBARAN NEGARA NO.4843. All these were done after the law was officially signed by the President of the Republic of Indonesia on 21 April 2008.

[Petikan UU-ITE] Perihal Muatan yang Dilarang (Content Regulation)

Sonny Zulhuda: Under UU-ITE (the ‘Act’), several offences are provided mainly to ensure the creation of safe and trustworthy electronic environment that should protect consumers and finally help Indonesia’s e-commerce prosper. Other than the computer-related cybercrimes (such as hacking), there are offences laid down relating to the online content regulations. This aspect of the law has apparently stolen the limelight the first day when the Act was passed. Understandable enough due to the mounting pressures from public who wish to see actions from the Government, especially in handling online pornography in Indonesia.

To the drafters’ credit, the law identifies broad criteria of content which are offensive and prohibited. These include elements of indecency, gambling, insult, defamation, threat, extortion, fraud or misrepresentation prejudicial against consumers, hate speech, violence, and threats. The law also provides for penal punishment for each of these prohibited content. Does it mean Indonesia opts for a strict Internet censorship? Not necessary. I shall reserve my comment in different section(s) later in near future. For the provisions on this issue, here you go:

Continue reading “[Petikan UU-ITE] Perihal Muatan yang Dilarang (Content Regulation)”

[Petikan UU-ITE] Cybersquatting, HAKI dan Perlindungan Data Pribadi

Sonny Zulhuda: UU ITE does cover more than what its name implies. This e-commerce law (note the name ‘e-Transaction’ ) does not only cover contractual issues, but also others such as evidentiary aspects, content regulation, cyber-squatting, IP and personal data protection, and also range of cybercrimes, although some aspects are dealt with in more details than others. This is one reason why this Indonesia’s first cyberlaw is distinct from other e-transaction laws in major countries and that in the UNCITRAL model law. In this respect, India is notably having similar approach.

In the following excerpt, one can find that the law provides some ruling on the cybersquatting, domain names management, protection of Intellectual Property Rights (IPR), and the personal data protection. The last two issues are touched in very minimum provisions, likely due to different reasons. While it is quite clear that regulations on IPR is minimum due to the existence of specific existing laws, it is not yet clear as to the Parliament’s intention in prescribing very minimum provisions on personal data protection. One may argue that the law on data protection should be specifically drafted on its own in near future.

Continue reading “[Petikan UU-ITE] Cybersquatting, HAKI dan Perlindungan Data Pribadi”