Personal Data Protection Law in Indonesia: The Law No. 11/2008 (“UU-ITE”) and its Amendment in 2016

By: Sonny Zulhuda

wonderful indonesiaIndonesia slowly emerges to put some regulations in place pertaining to the cyberspace activities. Few laws and regulations now come up that address personal data protection (PDP). In this first post, I would like to highlight some rules of personal data protection law as found in the first Indonesian cyberlaw, i.e. Law on e-Information and e-Transaction.

Law No. 11/2008 (“UU-ITE”)

First is the “Undang-undang Nomor 11 Tahun 2008 tentang Informasi dan Transaksi Elektronik” (popularly known as UU-ITE in Indonesian) or the Law No. 11 Year 2008 on the Electronic Information and Electronic Transaction (“Law No. 11/2008”).

This Law only has one section that addresses the issues of informational privacy or personal data protection, namely section 26. I had written some comments on this provision in my previous blog. In sum, section 26(1) provides for a general rule that consent is required whenever personal data is being electronically “used” (instead of “processed” – see my comments below). Section 26(2) provides that any breach or infringement of section 26(1) can be a basis for remedies.

Article 26 of the Law No. 11/2008 on the Electronic Information and Electronic Transaction (UU-ITE) stipulates that:

(1) Otherwise stipulated by the laws and regulations, the use of any information by means of electronic media relating to someone’s personal data shall be carried out with the approval from the person concerned.

(2) Every person whose privacy right is infringed upon as referred to in clause(1), may file a law-suit [action-added] for the loss incurred based on this Law. (As translated by the Ministry of Communication and Information Technology).

Meanwhile, the statutory elucidation of the Act explains that this provision is an acknowledgement of the privacy right protection. It goes on explaining that, the meaning of privacy right includes the following:

  1. A right to enjoy a private life free from interference;
  2. A right to communicate with other persons free from spying/surveillance;
  3. A right to access to information about his private life and private information.

Continue reading “Personal Data Protection Law in Indonesia: The Law No. 11/2008 (“UU-ITE”) and its Amendment in 2016″

From the 2nd Annual Summit on Personal Data Protection (KL, 12-13 Dec 2012)

By: Sonny Zulhuda

Brochure2 PDP Forum Dec 2012This 2nd Annual Personal Data Protection Summit was held in Royale Chulan of Kuala Lumpur. As admitted by the organiser (the World Asian Summit), this year edition showed much bigger interest. This impressive crowd attendance can only mean one thing: the undeniable importance of the PDP Act 2010.

The Deputy Minister Dato’ Joseph Salang had re-emphasised the Government’s seriousness about implementing the long-awaited legislation, which was already passed since June 2010. In his key-note speech, he again revealed that the Act will be enforced on the 1st January 2013 – echoing similar statement by the Minister of Information, Communications and Culture recently (Read reports on Dato’ Joseph’s announcement here, here and here).

I was invited to speak in the 2-day conference, on “Reality check on the right to privacy in Malaysia — and how is it affected by the mobile technologies and social media.” Continue reading “From the 2nd Annual Summit on Personal Data Protection (KL, 12-13 Dec 2012)”

Cyber Law and the Quest for the Information-Age Legal Education

By Sonny Zulhuda

Talk about the Information Age has filled many seminars, newspapers, books, web-pages, blogs, etc. But has it invited law students and law academia too? Have our students be adequately equipped by the understanding (conceptually, technically and so on) of what Information Age is, and how it challenges the notion of law taught in law schools? These are the questions that preoccupy many legal minds concerned of legal education.

Information Age is about the change, not only on gadgets, but also on the way we live as well as change of perspectives. For legal fraternities (i.e. lawyers, attorneys, judges and legal academia), it is critical to acknowledge this change, and not leaving it only to the hands of computer scientists. This is because the Information Age is a discourse of a cross-disciplinary realm. No less than information scientists, engineers, lawyers, accountants, sociologists, political scientists and business people are all concerned. They could even find themselves incapacitated if they choose to work separately. In the word of Boyle, this is called the collapse of disciplinary boundaries.

The above forms the background of my paper in the international seminar on Cyberlaw soon to be organised by the Faculty of Law, Islamic University of Sultan Agung (UNISSULA), Semarang, Indonesia on Wednesday, 26th October 2011.  Hopefully this can invite a fruitful discussion among the faculty members and the seminar attendees.

The paper basically hypothesizes that in order to capably address legal issues and challenges in future, our legal education should be re-looked at and reformed. The Information Age environment should become an integral consideration in learning law (regardless the area; commercial, civil, criminal, constitutional, administrative, etc.). It argues not only for the introduction of cyber law in the law syllabus, but also the integration of the issues and discussion with other major and disciplines. On top of that, we can borrow Prof Palfrey’s thesis on ‘digital native‘ and ‘digital migrant’ so as to allow law to improve and deliver in the future.