The Indonesian government’s strategy to address data breach incidents are defined by much reluctance and buck passing. The passing of its Personal Data Protection Act (PDPA) should not be seen as the final answer to this persistent conundrum. Rather, it should be considered as the first step towards a more effective response.
Data Protection
As Indonesia was amidst passing its Personal Data Protection Act, the country was suddenly plunged into an unprecedented digital crisis as a hacker–going by the nom de guerre “Björka”–stole, sold and divulged the personal data of Indonesians including the elites. This incident not only exposes the vulnerability of Indonesia’s cybersecurity system, but also the government’s lacklustre response to the problem.
The drafting of the Personal Data Protection Act (Undang-Undang Pelindungan Data Pribadi) is almost complete. After delays since its initiation in early 2020, the Indonesian House of Representatives (Dewan Perwakilan Rakyat/DPR) and the government are in the final stages of discussions. The final result, however, might not satisfy those who initially sought this Act. This is due to the final draft having to accommodate the interests of the government and the DPR. Such accommodations may compromise the effectiveness of the Act.