This June 30, 2016 photo shows a general view of the city skyline in Jakarta, Indonesia. (BAY ISMOYO / AFP)
JAKARTA – Indonesia's parliament passed into law on Tuesday a personal data protection bill that includes corporate fines and up to six years imprisonment for those found to have mishandled data in the world's fourth most populous country.
The bill's passage comes after a series of data leaks and probes into alleged breaches at government firms and institutions in Indonesia, from a state insurer, telecoms company and public utility to a contact-tracing COVID-19 app that revealed President Joko Widodo's vaccine records
The bill's passage comes after a series of data leaks and probes into alleged breaches at government firms and institutions in Indonesia, from a state insurer, telecoms company and public utility to a contact-tracing COVID-19 app that revealed President Joko Widodo's vaccine records.
ALSO READ: Indonesia to review minimum wage after fuel price protests
Lawmakers overwhelmingly approved the bill, which authorizes the president to form an oversight body to fine data handlers for breaching rules on distributing or gathering personal data.
The biggest fine is 2 percent of a corporation's annual revenue and could see their assets confiscated or auctioned off. The law includes a two-year "adjustment" period, but does not specify how violations would be addressed during that phase.
The legislation stipulates individuals can be jailed for up to six years for falsifying personal data for personal gain or up to five years for gathering personal data illegally.
ALSO READ: Hundreds evacuated in west Indonesia after magnitude 6.1 earthquake
Users are entitled to compensation for data breaches and can withdraw consent to use their data.
Communications minister, Johnny G. Plate, said the bill's passage "marks a new era in the management of personal data in Indonesia, especially on the digital front."
Abdul Kharis Almasyhari, a member of the commission overseeing the law, said it would mean the state was ensuring protection of the personal data of its people.
The law has been in the works since 2016 and was held up by debate about financial penalties and control of the oversight body, lawmakers said. Authorities have said the law was based on the European Union legislation.
READ MORE: Indonesia beefs up COVID-19 control ahead of G20 summit
Satriyo Wibowo, a data protection expert who was consulted during its drafting, said it would force companies to improve their data protection.
However, Wahyudi Djafar, who researches data protection for the Institute for Policy Research and Advocacy, questioned whether the penalties were strict enough to force government bodies to improve their data handling.