Indonesia e-Commerce – Data Breach And Cybersecurity.

29 January, 2020

Indonesian Ministry of Communication and Information (MOCI) Regulation No. 20 of 2016 on the Protection of Private Data in Electronic Systems (Data Privacy Regulation) provides that in case of a failure to keep personal data confidential, the relevant electronic system provider shall notify the owner of the personal data within a maximum of 14 days as of the date such failure becomes known to the provider.

Avoiding Data Breaches and Ensuring Cybersecurity

In terms of Indonesian regulation, there are no specific requirements or guidelines that electronic system providers must follow to avoid data breaches and ensure cybersecurity. If an electronic system provider wants to help ensure cybersecurity, it can retain the services of competent professionals. In Indonesia, information security consulting services are listed in the Indonesia Standard Industrial Classification (Klasifikasi Baku Lapangan Usaha Indonesia, or KBLI), which classifies the different business activities and fields in Indonesia.

Right to Be Forgotten

Indonesia recognized the “right to be forgotten” in 2016 through the issuance of an amendment to Electronic Information and Transactions Law. Only the relevant user can submit an application to erase electronic information or document, and the application to shall be addressed to the relevant competent court.

Electronic system providers must provide a mechanism to erase electronic information or documents, and they shall erase the concerned electronic information or documents upon receiving a court order.

Email Marketing

Indonesia does not have any specific rules on email. The definition of “electronic information” provided in the Electronic Information and Transactions Law includes “email”.

Consumer Rights

The individuals who own the personal data have the right to report the failure to process their personal data. The right to file a report is intended to allow negotiations between the parties to reach an amicable agreement.

The Data Privacy Regulation is silent on whether “owner of personal data” includes foreign citizens.

This article was first published in Lexology Getting the Deal Through – e-Commerce 2020 (Published: August 2019).

For Further Information, please contact:

Fahrul S. Yusuf, Partner, Soewito Suhardiman Eddymurthy Kardono

fahrulyusuf@ssek.com

Indonesia e-Commerce – Data Breach And Cybersecurity.

Employer Sponsorship And Work Permits In Indonesia.

- Stephen Igor Warokka - SSEK,

Labor And Employment Law Updates From Indonesia And The World.

Gross Split Production Sharing Contracts: Commercial Insights From Indonesia’s MEMR Regulation No. 13 Of 2024.

- Fitriana Mahiddin - SSEK, SSEK

UK – Shifts Workers – A New Right To Reasonable Notice.

Hong Kong – Keepwell Deeds: A Workable Solution To PRC’s Foreign Exchange Control?

The Catch And Kill Of Non-Disclosure Agreements? New UK Guidance.

EU – Tightening The European Union’s Powers To Review Foreign Direct Investments.

Malaysia – General Average And Salvage.

- Philip Teoh - Azmi & Associates, Azmi & Associates

Role Of Technology In Legal Service Delivery.

Process Optimisation In Legal Teams: Improving Workflow Efficiency.

CONVENTUS LAW

OTHERS

Indonesia e-Commerce – Data Breach And Cybersecurity.

Register for your monthly Asia legal updates from Conventus Law

- Manisha Singh - Lex Orbis,

Footer

CONVENTUS LAW

OTHERS