New licensing rules are coming into effect in Indonesia on July 20, and they could have a big impact on the privacy of internet users in the country.
Under the new rules, all “Electronic Service Operators” – which include big tech companies like Google, Facebook, and Twitter – must register with the government. So far, 5,900 domestic companies and 108 foreign companies have complied. Failure to do so could result in their platforms being blocked.
A recent report by Bloomberg notes that Indonesia first released a set of rules in November 2020 allowing authorities to order platforms to take down “unlawful” content within four hours if considered urgent and 24 hours if not.
As part of these rules, tech companies must register with the government before any sanctions are imposed. Johnny G. Plate, the country’s Minister of Communications and Informatics, has said that the government will “sanction” companies that don’t comply.
Analysts believe the state may not go so far as to block tech companies, given how widely used some platforms are in Indonesia.
Perhaps more troubling, however, is that the revised regulations grant government officials the authority to demand that companies reveal communications and personal information of particular persons if compelled by law enforcement or state agencies.
Glenn Wijaya, a contributor to the International Association of Privacy Professionals, said that as of February 2022, Indonesia did not have a comprehensive data protection law. However, the country has a set of laws and regulations in many sectors that govern personal data protection.
Interestingly, this is set to change soon, as the Personal Data Protection (PDP) Bill is expected to be ratified by August 2022. The bill was first introduced in 2016 and has undergone lengthy discussions to date.
According to the House of Representatives, the bill will also be used as a basis for Indonesia to have data sovereignty, or the management and use of data by industries and state institutions, for the protection and security of the public.
Damar Juniarto, a human rights activist, believes that the Indonesian government used COVID-19 to set the stage for digital authoritarianism behind the guise of invoking “national security” and “stability during the pandemic”.
As the pandemic situation improves, what remains to be seen is how the government will align the seeming contradictions between the PDP Bill and the revised licensing rules. For now, it looks like the government is more interested in controlling the internet than protecting the privacy of its citizens. Other governments in ASEAN are not much different.