In the third quarter of 2016, the Indonesian Parliament amended the 2008 Electronic Transaction and Information Law (ITE Law)
In addition, in this update is the Ministry of Telecommunication's regulation on data protection issued in November.
2016 Amendments to ITE Law
The 2008 ITE Law was amended in October 2016. The key changes to the 2008 ITE Law are set out below.
The 2016 ITE Law now expressly provides for the government to block access to "unlawful materials". This is a newly added power that was not in the previous ITE Law, probably a realisation that criminal sanctions are futile in taking foreign website operators to task. In any case, the government has been using an earlier ministerial regulation to block websites with negative contents - principally pornographic and copyright piracy. It is thought that the provision in the 2016 ITE Law was to remove any doubt on the source of the government's power to block access.
The data protection provisions are added with a provision for the data owner to ask for his data to be removed. This right can be exercised when supported by a court order. With the court order requirement, this new addition may only be cosmetic instead of giving real control to data subjects over their data since it is impractical to get a court order to give effect to this each time.
The provisions dealing with online defamation has been streamlined with their equivalent in the criminal code. The provision in the ITE Law reference to the criminal code rather than creating its own definition of defamation.
Ministerial Regulation on Data Protection
On 7 November 2016, the Ministry of Communication and Informatics (“Ministry”) issued Regulation No. 20 of 2016 on Personal-Data Protection Within Electronic Systems (The Ministerial Regulation).
This regulation was meant to give effect to certain provisions in Government Regulation 82 of 2012 on ELECTRONIC SYSTEM AND TRANSACTION OPERATION.
The noteworthy provisions from the Ministerial Regulation are discussed below.
Although regulations at the ministerial level are meant to implement higher level government regulations and parliament legislation, this latest round of ministerial regulation still contains gaps in areas that are said to be implemented "pursuant to regulations" that do not appear to be issued yet. Certain key areas are still unclear, such as whether the consent is required to be in writing or can still be done electronically; and also the requirements upon which electronic systems are to be certified.
Lending further uncertainty is the parliament's plan to pass a data protection legislation. This naturally creates uncertainty as to how the Ministerial Regulation will sit with the proposed data protection legislation.
Until we get greater clarity from the government, foreign businesses with online platforms should consider the following:
We understand that various industry groups and chambers have made representations to the government expressing concern over the overly prescriptive approach taken in this latest ministerial regulation and will continue to monitor the situation.