Indonesia passes long-awaited data protection bill after string of leaks, including of Jokowi’s vaccine records

The bill’s passage came after a series of alleged breaches, including of a contact-tracing app that revealed President Joko Widodo’s vaccine records

The legislation stipulates that individuals can be jailed for up to six years for falsifying data, or up to five years for gathering data illegally

Reading Time:2 minutes

Lawmakers in Indonesia’s parliament overwhelmingly approved the data protection bill, which authorises the president to form an oversight body to fine data handlers for breaching rules. Photo: AFP

Published: 3:33pm, 20 Sep 2022Updated: 3:45pm, 20 Sep 2022

Indonesia’s parliament passed into law on Tuesday a personal data protection bill that includes corporate fines and up to six years imprisonment for those found to have mishandled data in the world’s fourth most populous country.

The bill’s passage comes after a series of data leaks and investigations into alleged breaches at government firms and institutions in Indonesia, from a state insurer, telecoms company and public utility to a Covid-19 contact-tracing app that revealed President Joko Widodo’s vaccine records.

Lawmakers overwhelmingly approved the bill, which authorises the president to form an oversight body to fine data handlers for breaching rules on distributing or gathering personal data.

Indonesian President Joko Widodo, also known as Jokowi, receives a dose of Covid-19 vaccine in January last year. Photo: Indonesia’s Presidential Palace Handout via AFP

The biggest fine is 2 per cent of a corporation’s annual revenue and could see their assets confiscated or auctioned off. The law includes a two-year “adjustment” period, but does not specify how violations would be addressed during that phase.

The legislation stipulates individuals can be jailed for up to six years for falsifying personal data for personal gain or up to five years for gathering personal data illegally.

Users are entitled to compensation for data breaches and can withdraw consent to use their data.

Communications minister, Johnny G. Plate, said the bill’s passage “marks a new era in the management of personal data in Indonesia, especially on the digital front.”