Jakarta (ANTARA) - Whether we realize it or not, our daily activities in cyberspace involve the exchange of a lot of data, including personal information.

Nowadays, beginning the morning by checking the phone—whether for new messages or the latest social media updates—has become common.

Take WhatsApp, for example. Users can access the application using their phone number. The application also has a feature allowing users to check the name and image on someone's profile.

Thus, from an exchange of messages alone, people can glean two pieces of data, which can be used to identify them -- their name and phone number. If they have used an image of themselves, it would just add to the data given away.

If users do not take care of the data properly, it can be abused or misused for taking out illegal online loans, among other things. Even if someone has never borrowed money, one day, they can suddenly be asked to repay a loan with interest.

Related news: Ministry to complete drafting Personal Data Protection Bill in 2022

Regulating personal data protection

With the continual development in technology, messaging is not the only activity the Internet has enabled. Nowadays, one can even sign documents online--and have them considered valid. Thus, data has become a digital identity.

Sati Rasuanto, the CEO of VIDA, an electronic signature service provider, told ANTARA that digital identity covers all the information available online that can identify a person or an organization, or an electronic device based on digital attributes (e-mail, password, face photo, data on ID card, photo ID card, OTP), and digital activities (online shopping and Internet search history).

As a provider of electronic certificates, VIDA views this digital identity as a means to enable the process of documenting citizens and make it much easier. However, such data is very sensitive, so it needs to be handled with care.

"These data are certainly very sensitive for digital service users, and should they fall into (the wrong or irresponsible) hands, these identities could be used for various kinds of criminal activities or things that can harm users, either in material or immaterial (things)," Rasuanto elaborated.

Thus, personal data protection efforts need to involve data owners. Users must exercise caution when sharing data and not allow access to their data to other people if not necessary. For example, they must not post photos of identity cards on social media.

When there is an abundance of activities requiring data exchange, securing them would become even more complex. Ultimately, the matter would need to involve the state and necessitate the formulation of regulations, which could serve as the legal basis for personal data protection.

“The importance of having regulations regarding personal data protection and data governance for Indonesia is because digital personal data (exchanges happen) every day; and yet, regulations such as the Personal Data Protection Act have not yet been finalized,” head of the Communication and Information System Security Research Center (CISSReC), Pratama Persadha, said on a separate occasion.

Related news: Hope personal data protection bill deliberations to end soon: minister

However, Indonesia is not completely without personal data protection regulations. Such regulations do exist, and they are spread across various industrial sectors. The regulation of personal data and data management for the telecommunications and digital sectors is under the purview of the Communication and Information Technology Ministry, including Government Regulation Number 71 of 2019 concerning electronic systems and transactions.

Generally, personal data protection refers to Law Number 19 of 2016 on electronic information and transactions, which is better known as the ITE Law.

Organizations such as VIDA refer to at least these two regulations in conducting their activities.

Despite the presence of regulations, Indonesia still needs a law, which can cover all sectors that manage personal data. Experts are confident that such a law would improve data protection and its governance.

Persadha said the Personal Data Protection Law would have a deterrent effect on perpetrators who misuse personal data. Countries that already have personal data regulations, such as South Korea and the European Union, could “force” mega technology corporations to play by their rules.

"Even with a fine of 20 million euros, the European Union still feels that giant technology (corporations) such as Facebook and Google (show no remorse), so they are working on digital service act regulations (as a basis to fine them with) up to 6 percent of the total global income of the giant (technology) corporations," he elaborated.

"It means we need a personal data protection law as soon as possible," he added.

Such a law would greatly impact data owners, the industry, and the state. By extension, the protection of personal data is also related to the sovereignty of state information and can assist the survival of the state in the digital era, he said.

According to VIDA, digital identity services involve trust. "Regulations on personal data protection and data governance will build trust between digital businesses and the public," he added.

"We believe that trust is very fundamental to the development of the digital economy, considering the current pattern of the low-touch economy (transactions with minimal direct contact), (in which) trust is increasingly needed because there are no face-to-face (exchanges)," Rasuanto expounded.

The Data Protection Law is seen as important at a time when Indonesia is cooperating with other countries regarding data.

Related news: Expert pushes government to ratify personal data protection bill


The G20 Digital Economy Working Group (DEWG), led by the Communication and Informatics Ministry, will this month discuss data governance issues, especially cross-country data flows.

As a digital industry player, VIDA has responded positively to the discussion plan in order to protect the community's digital identity.

"Since this mission requires support from all parties, we see the urgency for data governance regulation, both on global scope and by implementing integrated personal data protection rules in Indonesia," Rasuanto remarked.

According to cybersecurity expert Persadha, such international forums for data governance discussions could improve cooperation in security research and development, technology development, and data exchange practices at the regional and global levels.

"With the discussion on data governance at the G20 event, it can be seen later--if it is very in line with the spirit of the PDP Law, and comparisons of data governance in each country, for example, Europe's GDPR (General Data Protection Regulation). It's just a matter of information exchange, and technological adjustments in the discussion can be implemented in accordance with the standards in each country," he elaborated.

The third DEWG G20 meeting is scheduled to take place on July 20 and 21 in Labuan Bajo, East Nusa Tenggara.

Related news: Indonesians must protect two types of personal data: DPR

Editor: Suharto
Copyright © ANTARA 2022