Indonesia: Privacy and Data Protection-related Laws

The protection of personal data is the main responsibility of the Ministry of Communication and Informatics (MOCI). Apart from that MOCI is also responsible to engage as the main regulatory authority and as the supervisor of data protection activities in Indonesia. The name of the legislation governing data protection of citizens falls under Law No. 11 of 2008 regarding Electronic Information and Transactions, as amended by Law No. 19 of 2016.

MOCI Regulation 20 requires that the transfer of data overseas to be done through coordination with the Minister of Communication and Informatics (MOCI). Coordination entails reporting the plan to transfer the personal data including the destination, receiving party, data and reason of transfer. Unfortunately, MOCI Regulation 20 does not set out a specific procedure to implement the coordination with the MOCI.

There are also sectoral laws regarding data protection in Indonesia. They are as follows:

-Health: Article 57 of Law No 36 of 2009 stipulates confidentiality of all health related data gathered by healthcare providers

-Financial: Financial services providers are prohibited by Article 31 of Financial Services Authority (Otoritas Jasa Keuangan or OJK) Regulation No. 1/POJK.07/2013 regarding Financial Consumer Protection from disclosing customer data and/or information to third parties, unless they receive written consent from the customer or are required to by lawful authority

-Payments and Banking: The protection of consumers’ personal data and/or information in relation to the payment transaction process conducted by payment system service providers is provided under Article 25 of Bank Indonesia Regulation No. 18/40/PBI/2016 regarding the Provision of Payment Transaction Processing.


-SSEK Indonesia Legal Consultants

-Thomson Reuters Practical Law

Previous Section Next Section

Have a comment, edit, or item to add? Share your thoughts by commenting below!

comments powered by Disqus