Struggle Is Not Over Yet
We can breathe a sigh of relief now, but just a little. This is because the struggle is not over yet.
The Personal Data Protection Bill was finally passed into law on Tuesday (20/9/2022) after more than 2.5 years of waiting.
First of all, we should certainly be grateful for the passing of the bill. With increasing cases of personal data breaches, the deliberation of the Personal Data Protection Bill (PDP) at the House of Representatives (DPR) was once considered to be progressing so slowly. Debates related to a data-protection supervisory agency had reached a dead end.
We can breathe a sigh of relief now, but just a little. This is because the struggle is not over yet. There is still a lot of work to be done to ensure the right of citizens to data protection, including the protection of personal data.
Also read:
> Fate of Personal Data Protection
The public, for example, should continue to oversee the establishment of the Data Protection Supervisory Agency by the President. The public should ideally be involved to actively discuss the details of the establishment of the institution especially related to technical regulations.
Do not let the institution eventually become a toothless agency. Do not let the institution only suck up the state budget, but give a little contribution to the citizens of this country, especially for citizens who pay taxes.
The struggle still has to be strengthened, at least during the two-year transition period, so that the PDP Law will be really useful in the future. Implementing regulations and related implementing agencies must also be designed by looking far ahead so that they can easily adapt to the dynamics of the digital world.
However, civil society groups have warned that there are articles in the PDP Law that contradict the spirit of public information disclosure. Article 67 Paragraph 2 in conjunction with Article 65 Paragraph 2 of the PDP Law, for example, threatens to punish someone who discloses personal data that is not theirs. This article can clearly threaten the work of the press.
We understand that the press can take shelter under the Press Law. However, it would be better if there were another article to ensure this so that potential differences in interpretation would not occur in the future.
Even if all implementing regulations of the PDP Law have been drafted, the security of personal data cannot be guaranteed, if the personal data controllers lack competence.
Another thing that needs to be understood is that the PDP Law is only one instrument in the protection of personal data. Even if all implementing regulations of the PDP Law have been drafted, the security of personal data cannot be guaranteed, if the personal data controllers lack competence.
Ideally, these competencies should not only be owned by private institutions, but also by government institutions. Without having competence in data storage, personal data belonging to citizens can be leaked.
(This article was translated by Hendarsyah Tarmizi).