Background
In January 2020, President Joko Widodo submitted Indonesia’s Personal Data Protection bill (“Rancangan Undang-Undang Perlindungan Data Pribadi” or PDP) to the country’s House of Representatives for deliberation. The bill, strongly modeled on the European Union’s General Data Protection Regulation (GDPR), would be the country’s first comprehensive law on privacy and personal data, if passed. It would also, according to the Ministry of Communications and Informatics (KEMENKOMINFO), guarantee “national security and sovereignty.”5
The rationale for the PDP bill seems intuitive, given the scattered nature of Indonesia’s data protection and privacy landscape at present. Experts contend that the basis for the protection of personal data and privacy lies in the country’s foundational document itself. While the word “privacy” may not be explicitly mentioned in the country’s constitution (“Undang-undang Dasar Negara Republik Indonesia 1945” or UUD 1945), Article 28(G) guarantees every individual the right to the protection of their person, family, respect, dignity, and property.6
At least 30 other regulations, including sector-specific ones in telecommunications, finance, and banking, as well as health, provide for similar guarantees of privacy and data protection. The most frequently cited regulations concerning the use of electronic data are Law No. 11 of 2008 on Electronic Information and Transactions (EIT Law), amended by Law No. 19 of 2016; Government Regulation No. 71 of 2019 on the Implementation of Electronic Systems and Transactions (GR 71); and Minister of Communications and Informatics Regulation No. 20 of 2016 on Personal Data Protection in Electronic Systems (Reg. 20). However, scholars argue that these only offer minimal protection.7
As with its regional neighbors, Indonesia’s efforts at consolidating its data protection and privacy landscape are driven by the impetus to leverage the international digital economy. KEMENKOMINFO’s 2020 annual report references personal data as a “high value asset/commodity in the era of big data and digital economy,” and laments the “many cases of leakage and misuse of personal data, especially in the Digital Financial Technology sector,” that point to the need for a PDP law.8 Indonesia’s presidency of the G20 in 2022 and identification of digital transformation as a key pillar of its agenda only underscores the urgency of the bill’s passage at the domestic level.
However, what sets Indonesia apart from its neighbors is the imperative of human rights as an additional and equal basis for instituting a comprehensive set of laws to protect personal data and privacy in the country. The same annual report by KEMENKOMINFO explicitly affirms personal data as “part of the human rights that has been mandated by the state through the 1945 Constitution.”9 Commentators also point to Indonesia’s international and regional human rights obligations under the International Covenant on Civil and Political Rights, which Indonesia ratified in 2005, and the Association of Southeast Asian Nations (ASEAN) Human Rights Declaration, as compelling Jakarta to protect personal and privacy rights.10
Despite these pressures to advance the PDP bill and its prioritization for enactment within the National Legislation Program (“Program Legislasi Nasional”) in 2020 and 2021, it remains with the House of Representatives for further consideration, as of the time of writing.11
Usage and Impact
There is keen recognition that data will be the engine of a vibrant and inclusive digital economy for Indonesia. Data is also being used to institute more efficient public services at the federal and local levels, covering provinces, regions, and cities. That potential, however, remains vastly untapped due to structural challenges such as the country’s sheer geographic spread and topography, as well as a lack of awareness and trust among the public about safeguarding data.
Data for the digital economy
The combination of Indonesia’s market size and youthful demographics offers tremendous growth prospects for the country’s digital economy. With over half of Indonesia’s nearly 300 million population on the Internet and the bulk of Indonesians aged between 18 and 39 years old, according to the 2020 census survey, little wonder that the country’s Internet economy—powered by e-commerce—nearly doubled between 2019 and 2020.12
Yet uneven digitization across the country remains a barrier to greater digital economic growth. As in other regional countries, MSMEs form the backbone of Indonesia’s economy. They contribute about 60 percent of GDP and provide employment for about 97 percent of the nation’s 117 million workers. Of that 97 percent, women comprise 64.5 percent. However, only 13 percent of MSMEs adopt the Internet for marketing and delivering their products and services.13
Moreover, approximately 60 to 70 percent of Indonesians living in the eastern region of the country are inadequately connected due to infrastructural issues. Even those living in the three most populous islands of Sumatra, Java, and Bali face significant Internet access difficulties if they reside in non-metropolitan or rural areas. Indonesians with tertiary education are five times more likely to connect than those without, and those from low-income families are three times less likely to have Internet access compared to those from prosperous families.14
These structural challenges notwithstanding, e-commerce in particular has offered income diversification opportunities for women and youth.15 In a survey of over 2,000 respondents examining the impact of COVID-19 on women-owned micro- and small businesses in Indonesia by United Nations Women and Pulse Lab Jakarta, slightly over half (54 percent) of women-owned microbusinesses were found to use the Internet to sell products compared to 39 percent of those owned by men. Similarly, 68 percent of small businesses owned by women were online compared to 52 percent owned by men.16
The lack of a consolidated PDP law, however, means that the protection and privacy of personal data is observed unevenly even as the popularity of e-commerce rises. A 2018 study by the Institute for Policy Research and Advocacy of 10 information and communications technology-based enterprises in Indonesia found discrepancies between their privacy policy and terms of service, on the one hand, and the principles of personal data protection, on the other. Whereas some foreign companies had already begun incorporating GDPR provisions into their terms of business, a number of local enterprises had not yet done the same because there was no legal obligation to do so. A low level of understanding of the concept of privacy and consumer data protection was also a contributing factor.17
Additionally, a lack of trust in online transactions and payments, compounded by numerous high-profile data breaches, including of the popular e-commerce site Tokopedia in 2020, have only worsened apprehensions about the safety, security, and privacy of online transactions. Provisions in the PDP bill are meant to allay some of these concerns by tightening breach notifications. Individuals would also be granted more rights, such as those to revoke consent, to demand that personal data be deleted, and to object to automated decision-making.
Although Indonesia has often been cited as favoring data localization over freer flows of data, under GR71, the mandate for local storage of electronic systems and data only applies to “public electronic system operators,” which essentially refers to state administrative agencies. Private electronic system operators are allowed to manage, process, or store such systems and data abroad, provided there is coordination with KEMENKOMINFO. This requirement is echoed in Reg. 20, which obliges notification by the operator prior to transfer, as well as a report post-transfer.18 These regulations mark a relaxation of an earlier directive for electronic system operators providing public services to locate a data center in Indonesia for the purpose of enforcing protection and national sovereignty over the data of its citizens.19
Under the PDP bill, data transfers abroad would be subject to four conditions: an equivalent or higher level of protection in the destination country; where international agreements apply; with the availability of a contract between parties offering appropriate safeguards; and where the data subject has consented to the transfer.20
Given the importance of data to the global digital economy, Indonesia’s G20 presidency in 2022, and Jakarta’s own thematic push within the G20 for inclusive economic development, KEMENKOMINFO anticipated there would be discussions about cross-border data flows within the G20’s Digital Economy Working Group. In these working group meetings, deliberations on the future of interoperability of data practices across countries revolved around the definition of trust and four general principles: transparency, legitimacy, fairness, and reciprocity. Unsurprisingly, differing perspectives on data policy emerged, with some countries either not yet having formulated policies consistent with the free flow of data or deciding to “maintain their preferred domestic policy framework” for other reasons.21
Data for public policy
Indonesia has long recognized open data as a critical aspect of more accessible, responsive, and accountable governance. The country is, in fact, a founding member of the Open Government Partnership, and in its 2013/2014 chairmanship of the platform focused domestic and international attention on its open data policies and practices.22
In 2014, Indonesia launched its national open data portal, which now contains over 90,000 datasets on areas of governance, ranging from the economy and industry to culture and religion.23 The uptake, use, and impact of the portal initially fell short due to limitations in the availability and quality of data. A report from the Executive Office of the President revealed a lack of standard data management practices across government agencies and, consequently, little collaboration or coordination among them in sharing data.24
In 2019, Presidential Regulation No. 39 was issued to introduce the One Data policy for the production of accurate, up-to-date, integrated, and easily accessible data to be shared among central and regional agencies. This was to be done through compliance with data and metadata standards, including classification and adherence to data interoperability, among others.25 The One Data policy would complement Presidential Regulation No. 95 on e-government released a year earlier.26 Several provincial and municipal governments such as in Bojonegoro and West Java also launched their own open data portals.
There is, therefore, a recognition of the importance of data by government. But as even KEMENKOMINFO has conceded, there remains a lack of appreciation about the integration and interoperability of data and electronic systems needed for more efficient governance. This will be discussed below. What Jakarta is certain about, however, is that a growth in e-government services and volume of data will require specific cloud infrastructure in the form of a national data center to be maintained by the government itself. There are plans to build the first such center in Bekasi, West Java, with a groundbreaking target set for 2022 and operations to begin in 2023. Additional national data centers have also been outlined for the new capital city in East Kalimantan, Batam in the Riau islands, and Labuan Bajo in East Nusa Tenggara.27
The possibilities of harnessing big data for more robust, transparent, and accountable governance are already evident in examples such as the National Citizen Feedback Dashboard. Working together with the central government, Pulse Lab Jakarta scaled up an earlier provincial feedback system to the national level. Using short messaging service (SMS) and Twitter, the team developed a dashboard to collect, process, analyze, and visualize citizen feedback on a range of topics from the bureaucracy to social welfare. The presidential staff office welcomed the feedback as complementary to reports from line ministries, and useful for short- and medium-term policy planning and monitoring.28
Case Study
Utilizing Citizen Feedback Data to Enhance Local Government Decision-Making and Policymaking
Pulse Lab Jakarta, a joint data innovation facility of the United Nations (Global Pulse) and the Government of Indonesia, conducted advanced data analysis on citizen feedback from official channels and on social media in order to generate insights which could contribute to local government decision-making and policymaking. The citizen feedback systems they drew data from include LAPOR!, the national feedback system in Indonesia through which citizens could lodge a complaint via short messaging system (SMS), the Internet, and other provincial-level systems. Feedback from Twitter was also collected and analyzed, after refining and removing spam and irrelevant tweets.
Analysis on the datasets allowed for local policymakers to understand the shifts in priorities and concerns of citizens over time. Between June and July of 2013, there was a spike in concerns regarding the unequal distribution of a social protection program. Geographical information was collected and analyzed, allowing the lab to pinpoint the province in which these concerns were being raised. Nusa Tenggara Barat province, one of Indonesia’s poorest regions, was identified by the analysts, and the data relayed was able to facilitate local authorities in planning an appropriate response. On top of aiding in policymaking, Pulse Lab Jakarta encouraged local governments to publish their citizen feedback analysis on public dashboards in order to enhance transparency and help constituents understand how their feedback is processed.
Challenges and Prospects
In May 2020, a hacker leaked the details of 15 million users of Tokopedia, before selling the site’s entire user database (said to number about 90 million accounts) on the dark web.29 In May 2021, the Healthcare and Social Security Agency suffered a data breach in which the personal information of 279 million Indonesians was allegedly offered for sale on an online forum. The data included identity card numbers, names, email and home addresses, and even salaries.30 In August 2021, the Ministry of Health’s electronic health alert card (eHAC) program exposed the data of more than one million people and that of 226 hospitals and clinics in Indonesia as a result of inadequate data privacy protocols. Since the eHAC application was used to test and trace entrants into Indonesia, data such as traveler identity, test type and result, passengers’ doctors, and hospital details were left on an open server.31
These three major data compromises in the space of just over a year jeopardized millions of personal records and underscore the urgency of a comprehensive law on data protection and privacy in Indonesia. Experts have urged for enforcement of the bill to be strengthened by an independent data protection authority. However, as informants also note, there is a need for greater awareness in at least three other areas: the importance of data protection and privacy, the complexities of inclusion in a country as geographically spread out and ethnically diverse as Indonesia, as well as the growth of the country’s data landscape in as sustainable a manner as possible.
Independent oversight in the PDP bill
Indonesia’s draft PDP has numerous features that make it among the strongest data protection and privacy laws in Asia. A key piece missing from the bill, however, is the matter of an independent data protection authority (DPA). Although earlier versions of the bill included a DPA, the latest draft places enforcement powers in the hands of the minister of communications and informatics. The desire to have a leaner administration, rather than multiple agencies that would drive up costs, is said to be a primary reason for this approach.32 The preference for authority to reside with the minister also accords with the status quo of Indonesia’s enforcement of data-related laws. However, this practice is said to have been a “conspicuous failure,” with only warnings issued in the past and to no deterrent effect.
With only 10 of 143 countries (as of 2020) having data privacy laws that omit a separate DPA, specialists argue that even a strong data protection regime means little without the existence of an independent authority to oversee and enforce the law separate from the executive.33
Awareness
While there is recognition among bureaucrats of the importance of data for efficient public administration, there is less of an appreciation for the need to curate quality data in order to facilitate engagement between the government and citizens, as well as the processes to collect, classify, and verify the accuracy of various datasets.
This involves setting baseline protocols and standards for various datasets held by different agencies. It also entails understanding what is needed to ensure or verify the accuracy of datasets. Civil servants may view the requisite procedures as additional administrative work, especially during times of crises and other pressures. Integrating these steps as part of digital record-keeping and having dedicated personnel, or data stewards, could lessen the bureaucratic burden.
Studies suggest that open data initiatives should be context-specific and designed methodically with clearly defined goals. The selection and deployment of relevant technology solutions should then follow an incremental approach to allow for scalability and sustainability. This process should also involve community leaders and other non-technical stakeholders, particularly since the onus to understand the local context when designing technical solutions now seems to be on software developers and engineers. But advocates also acknowledge that technology has its limitations and that having people access, understand, interpret, and visualize data is equally valuable in promoting more inclusive data governance.34
Similarly, greater consciousness about data protection and privacy would go a long way toward internalizing and socializing good practices among the public while awaiting the codification of the PDP bill. A 2021 survey by KEMENKOMINFO and Katadata Insight Center revealed that more than 60 percent of respondents did not even know about the draft PDP and only 31.8 percent of enterprises were aware of the bill.35 Informants explained that in Indonesia, privacy is often viewed as a western notion. Many Indonesians have few qualms about disclosing personal information, such as their date of birth or contact details, to a third party or on social media. In fact, although privacy as a legal concept only really crystallized during Indonesia’s colonial era, there are historical accounts of household privacy in Javanese and Balinese society even earlier.36 Still, there are difficulties with explaining the significance of protecting personal data or keeping it private in the modern context, given contrasting social conventions. In a strategy document to implement data protection regulations in Indonesia that predated the PDP Bill, KEMENKOMINFO had already acknowledged the need to socialize existing laws among the public.37
Data complexities and inclusion
In a country with about 17,000 islands and thousands of ethnic groups and tribes, even collecting and classifying data can be a challenge. Indonesia’s census bureau recorded 1,331 tribal categories in 2010. Determining ethnicities can itself be a tricky exercise, but even when categorized, the agency has to code these myriad categories for tribe names, other names or aliases, sub-tribe names, and even sub-names of sub-tribes.38
Given these layers of identity, large segments of society—particularly vulnerable and undocumented communities—can fall through the cracks in the process of digitization. Indonesia’s electronic identity card, e-KTP, is issued on the basis of documented proof of identity. Minority groups, including indigenous tribes and inhabitants of remote areas of the vast archipelago, who often have a historical distrust of government, may not have such documents. Nor would marginalized communities fleeing violence or abuse, such as refugees and transgender individuals, since the issuance of the e-KTP is predicated on the availability of other documents of identification. Without an e-KTP, these communities can find themselves systematically sidelined from social, healthcare, and other public services. The e-KTP, for example, was required for access to the COVID-19 vaccine program during the pandemic.39
But even the requirement for more conventional forms of identification, such as the identity card (KTP) or family card (KK), can be an entry barrier to the digital ecosystem. Some farmers and motorcycle taxi drivers have been precluded from joining application-based companies because of their lack of documentation. Additionally, although some online enterprises require data to expand their business, that data is not always readily available. For instance, TaniHub, an agricultural start-up, has found it difficult to reach regions where data on farmers is scant.40
Where data is either unavailable or denied to members of the public, proponents of data altruism argue that individuals or companies could voluntarily provide data for reuse for the common good, such as for scientific research or improving public welfare.41 One example is the use of drone technology to collect aerial mapping data on illegal mining activities in West Kalimantan. Such mining was violating indigenous land rights and resulting in environmental damage. It was eventually prosecuted in court using drone-mapping data.42
Sustainability
Indonesia captured the largest share (38.7 percent) of USD19 billion invested in Southeast Asia’s start-up scene between the first half of 2019 and that of 2021.43 The financial technology (fintech), e-commerce, and education technology (edtech) sectors received the most funding, with giants like GoTo, Bukalapak, and Traveloka dominating the list in Southeast Asia. Indonesia is also projected to account for more than 50 percent of the Southeast Asian e-commerce market by 2025.44
An outgrowth of the country’s burgeoning tech landscape is a rising demand for cloud storage. That demand was first met at scale by Alibaba, which built a data center in 2018 then another in 2019. Other cloud service providers like Amazon, Google, Microsoft, and Tencent have followed suit.45
With most of Indonesia’s data centers located in Jakarta—the capital city received over 60 percent of data center investment in the country in 2020—and plans to increase the number of data centers in the country as a part of the Ministry of Industry’s “Making Indonesia 4.0” roadmap, there will need to be alternative locations for these buildings in other parts of the country. This is especially so with the flooding problems in the capital and the potential strain on the electricity grid in and around Jakarta, given the amount of energy needed to power these data centers.
Experts assert that the whole process of building data centers should be reconsidered, from the beginning during the design stage, to near completion of construction, as opposed to being an after-thought to retrofit the structure. It should, for example, take into account power usage and efficiency along with the risk of natural calamities and changes in the environment.
Conclusion
Indonesia’s pending PDP bill promises to strengthen and consolidate the country’s fragmented data protection landscape, if the outstanding question of an independent DPA can be resolved. Significantly, it would align the nation’s data-driven aspirations with a comprehensive regulatory regime that would compel a rethink of concepts like personal data and privacy among the public in a modern, digital setting.
As with many other countries in Southeast Asia, Indonesia faces structural challenges related to infrastructure, access, and digital literacy. But these are complicated by the nation’s size, spread, and diversity on a scale that few other regional countries have to grapple with.
The good news is that Indonesia’s largely mobile-first population has proven highly adaptive to technology, and the government is determined to institute changes that will advance inclusive digital transformation. Its commitment to evolving discussions on global standards, in this regard, is reflected in its participation as an observing member in the International Organization for Standardization and the International Electrotechnical Commission Joint Technical Committee 1/SC 42 on artificial intelligence, as well as its re-election to the International Telecommunication Union (ITU) Council for the period 2018 to 2022.46 Indonesia has, in fact, been consecutively elected to the ITU Council four times since 2002. The country’s G20 presidency and focus on an equitable digital economy at the international level this year should help catalyze its own domestic progress with renewed urgency.
Selected Legal Instruments Related to Data Protection in Indonesia
- Cybersecurity
Government Regulation No. 71 of 2019 – Provisions of Electronic Systems and Transactions - Data Protection
Minister of Communication & Informatics Regulation No. 20– MOCI Reg. 2016
*Implementing regulation of Reg.71 - Data Protection
Penal Code 1982 (Kitab Undang-Undang Hukum Pidana) - Data Protection
Personal Data Protection Bill – introduced in January 2020 - Data Protection
LN 2008/58; TLN No 4843 Electronic Information and Transactions - Information Technology
Electronic Information and Transactions (EIT) Law – Amended 2016 - E-Commerce
Government Regulation No. 80 of 2019 - E-Commerce
Minister of Trade Regulation No. 50 of 2020 - Sectoral Law
Law No. 36 of 1999 on Telecommunications as partially amended by Law No. 11 of 2020 on Job Creation - Sectoral Law
Law No. 10 of 1992 on Banking as amended by Law No. 10 of 1998 - Sectoral Law
Law No. 8 of 1995 on Capital Markets - Sectoral Law
Law No. 14 of 2008 Disclosure of Public Information - Sectoral Law
Law No. 36 of 2009 on Health - Sectoral Law
Law No. 23 of 2006 on Residence Administration as amended by Law No. 24 of 2013
Endnotes
5 Ministry of Communications and Informatics, Connected Indonesia: More Digital, More Advanced, Annual Report 2020, Jakarta: Kementerian Komunikasi dan Informatika, 2020, 61.
6 Undang-undang Dasar Negara Republik Indonesia 1945 (State Constitution of the Republic of Indonesia 1945), Dewan Perwakilan Rakyat Indonesia (House of Representatives Indonesia), accessed June 3, 2022; Wahyudi Djafar, “Hukum Perlindungan Data Pribadi di Indonesia: Lanskap, Urgensi dan Kebutuhan Pembaruan,” ([Personal Data Protection Law in Indonesia: Landscape, Urgency and Need for Reform) (presentation, “Tantangan Hukum dalam Era Analisis Big Data” [Legal Challenges in the Era of Big Data Analysis], Gadjah Mada University Law Faulty Post-Graduate Program, Yogyakarta, Indonesia, August 26, 2019).
7 Sinta Dewi Rosadi, “Privacy vs. Democracy in the Digital Age: Indonesia’s Challenge”, in Issues on the Frontlines of Technology and Politics, ed. Steven Feldstein (Washington, DC: Carnegie Endowment for International Peace, 2021).
8 Ministry of Communications and Informatics, Connected Indonesia: More Digital, More Advanced, 39.
9 Ibid.
10 Edmon Makarim, S. Kom, and LLM SH. “Pelindungan Privacy dan Personal Data" [Privacy and Personal Data Protection], Presentation Material for Public Hearing Meeting with Commission I Republic of Indonesia House of Representatives, April 5, 2021; Wahyudi Djafar, Bernhard Ruben Fritz Sumigar, Blandina Lintang Setianti, Perlindungan Data Pribadi: Usulan Pelembagaan Kebijakan dari Perspektif Hak Asasi Manusia [Personal Data Protection: Proposed Institutional Policy from a Human Rights Perspective], Jakarta: Lembaga Studi dan Advokasi Masyarakat, 2016.
11 Sekretariat Jenderal, Dewan Perwakilan Rakyat-Republik Indonesia, “Program Legislasi Nasional”, Republic of Indonesia House of Representatives, accessed June 1, 2022.
12 “Individuals Using the Internet (% of population) – Indonesia”, International Telecommunication Union World Telecommunication/ICT Indicators Database, accessed June 4, 2022; “Sensus Penduduk 2020” [Population Census 2020], Badan Pusat Statistik, accessed June 4, 2022; Aadarsh Baijal, Alessandro Cannarsi, Florian Hoppe, Willy Chang, Stephanie Davis, and Rohit Sipahimalani, “e-Conomy SEA 2021”, Bain & Company, November 10, 2021.
13 Teguh Yudo Wicaksono and Andre Simangunsong, “Digital Technology Adoption and Indonesia’s MSMEs during the COVID-19 Pandemic”, ERIA Discussion Paper Series No. 426, March 2022.
14 Beyond Unicorns: Harnessing Digital Technologies for Inclusion in Indonesia, World Bank, July 29, 2021.
15 Ibid.
16 Leveraging Digitalization to Cope with COVID-19: An Indonesia Case Study on Women-Owned Micro and Small Businesses, UN Women and Pulse Lab Jakarta, November 2020.
17 Wahyudi Djafar, “Hukum Perlindungan Data Pribadi di Indonesia.”
18 Peraturan Pemerintah Republik Indonesia Nomor 71 Tahun 2019 Tentang Penyelenggaraan Sistem dan Transaksi Elektronik [Government Regulation No. 71 of 2019 on the Implementation of Electronic Systems and Transactions], Audit Board of the Republic of Indonesia, October 10, 2019; “Data Protected – Indonesia”, Linklaters LLP and Allen, March 2020.
19 Section 6, Article 17, Peraturan Pemerintah Republik Indonesia Nomor 82 Tahun 2012 Tentang Penyelenggaraan Sistem dan Transaksi Elektronik [Government Regulation No. 82 of 2012 on the Implementation of Electronic Systems and Transactions], October 15, 2012, Audit Board of the Republic of Indonesia.
20 Clarisse Girot, “Transferring Personal Data in Asia: A Path to Legal Certainty and Regional Convergence”, Asian Business Law Institute, March 2020, 17.
21 Rizka K. and Mecca Yumna, “Indonesia Pushing G20 Discussions on Cross-Country Data Flows” Antara, April 28, 2022.
22 Glenn Maail, “Key Challenges in Achieving Inclusive Open Data Governance in Indonesia,” Heinrich Böll Stiftung, March 6, 2021.
23 “Data Indonesia, Dalam Satu Portal” [Indonesian Data, In One Portal], Satu Data Indonesia, accessed June 4, 2022.
24 Glenn Maail, “Key Challenges in Achieving Inclusive Open Data Governance in Indonesia.”
25 “Peraturan Presiden (PERPRES) tentang Satu Data Indonesia” [Presidential Regulation on One Data Indonesia], Audit Board of the Republic of Indonesia, June 17, 2019.
26 “Peraturan Presiden (PERPRES) tentang Sistem Pemerintahan Berbasis Elektronik” [Presidential Regulation on Electronic-Based Government System], Audit Board of the Republic of Indonesia, October 5, 2018.
27 Arif Bambani, “Government to Build National Data Center in 2022,” The Indonesia, December 31, 2021.
28 Rajius Idzalika, Zakiya Pramestri, Imaduddin Amin, Yulistina Riyadi and George Hodge, “Big Data for Population and Social Policies,” Pulse Lab Jakarta and United Nations Global Pulse, January 24, 2019.
29 Catalin Cimpanu, “Hacker Leaks 15 Million Records from Tokopedia, Indonesia’s Largest Online Store,” ZDNet, May 2, 2020.
30 Arnidhya Nur Z and Mecca Yumna, “Ministry to Issue Decision on BJPS Data Leak Soon,” Antara, October 25, 2021.
31 “Report: Indonesian Government’s COVID-19 App Accidentally Exposes over 1 Million People in Massive Data Leak,” vpnMentor, June 1, 2022.
32 Glenn Wijaya, “Global Legislative Predictions 2022: Indonesia’s Personal Data Protection Bill,” International Association for Privacy Professionals, February 10, 2022; Graham Greenleaf and Andin Aditya Rahman, “Indonesia’s DP Bill Lacks a DPA, Despite GDPR Similarities,” Privacy Laws & Business International Report 164, no. 1 (March 2020): 3-7.
33 Stakeholder consultation; Graham Greenleaf and Andin Aditya Rahman, ibid.; Antoine Schweitzer-Chaput, “Independent data protection authority matters,” The Jakarta Post, June 8, 2021.
34 Stakeholder consultation; Glenn Maail, “Key Challenges in Achieving Inclusive Open Data Governance in Indonesia.”
35 “Kebijakan Perlindungan Data Pribadi Komprehensif Dibutuhkan di Indonesia” [Comprehensive Personal Data Protection Policy Needed in Indonesia], Media Indonesia, February 4, 2022.
36 Wahyudi Djafar, “Hukum Perlindungan Data Pribadi di Indonesia".
37 Strategi Implementasi Regulasi Perlindungan Data Pribadi di Indonesia [Implementation Strategy of Personal Data Protection Regulations in Indonesia], Jakarta: Ministry of Communications and Informatics, 2019.
38 “Mengulik Data Suku di Indonesia,” Badan Pusat Statistik (Central Bureau of Statistics), accessed June 5, 2022.
39 Adi Renaldi, “Indonesia’s Invisible People Face Discrimination, and Sometimes Death, by Database,” Rest of World, April 29, 2021.
40 “Towards an Inclusive Digital Economy,” Policy Brief No. 1, SMERU Research Institute, August 2020.
41 Glenn Maail, “Key Challenges in Achieving Inclusive Open Data Governance in Indonesia.”
42 Irendra Radjawali and Oliver Pye, 2015, “Counter-mapping Land Grabs with Community Drones in Indonesia,” Paper presented at Land-grabbing, Conflict, and Agrarian-Environmental Transformations: Perspectives from East and Southeast Asia, Chiang Mai, June 5-6.
43 The Indonesia Digital Lookbook: New Frontier of SEA Technology, accessed June 4, 2022.
44 S. Ganbold, “E-commerce Market Volume SEA 2019-2025 by Country,” Statista, December 7, 2021.
45 “Cloud Infrastructure Map,” TeleGeography, accessed June 4, 2022.
46 Azis Kurmala, “Indonesia Re-elected to ITU’s Administrative Council,” Antara, November 6, 2018.