The Government of Indonesia issued Government Regulation No. 71 of 2019 on the Implementation of Electronic Systems and Transactions (‘GR 71’), revoking Government Regulation No. 82 of 2012 (‘GR 82’). In particular, GR 71 became effective on 10 October 2019 and provides for, among other things, the classification of electronic system operators (‘ESOs’), data localisation, personal data protection, the right to be forgotten and the right to delist, as well as measures to prevent the circulation and use of prohibited content.
Lia Alizia and Budhy Apriastuti, Partner and Associate at Makarim & Taira S. respectively, told OneTrust DataGuidance, “[GR 71] introduces several new concepts, such as private and public categories of ESOs, the right to delist and the Government’s role in electronic systems and transactions […]. Before the issuance of GR 71, there was a lot of confusion regarding whether private ESOs, which provide electronic systems used, for example, for trading or financial transactions, need to be registered […] with the Ministry of Communication and Information Technology (‘Kominfo’). Now, under GR 71, it is clear that both ESOs in the public sector and in the private sector must be registered with Kominfo [and therefore] GR 71 does, to some extent, provide more legal certainty.”
Kominfo will likely issue a new implementing regulation of GR 71
In addition, GR 71 provides that the Government can prevent the dissemination and use of prohibited content by blocking access and/or instructing an ESO to block access. Furthermore, ESOs in the private sector include Indonesian or foreign individuals, business entities, and communities that manage and organise electronic systems in the form of an internet portal, site, or application. Moreover, Kominfo highlighted, on 4 November 2019, that prohibited content includes, among other things, pornography, human trafficking, drug trafficking, and radicalism that promotes terrorism and hate speech.
Alizia and Apriastuti further noted, “According to GR 71, the Government (especially Kominfo) will play a role in and be able to prevent the use and dissemination of [prohibited content], and this includes the ability to terminate access to electronic information that violates prevailing laws and regulations, is unsettling to the public and public order, or provides ways or access to distribute illegal electronic information or documents. It will be interesting to see how the [the authorities] will enforce the above, especially when GR 71 allows the public, law enforcement officers, and courts to submit requests for the termination of access.”
Kominfo also stated, on 4 November 2019, that GR 71 fills in a regulatory vacuum caused by the fact that the draft Personal Data Protection Act (‘the PDP Bill’) has been returned by the Ministry of State Secretary to Kominfo for review. However, Kominfo highlighted, on 5 November 2019, that protecting personal data is a priority of the current Government, and thus it is intended that the PDP Bill will be enacted in October 2020.
Alizia and Apriastuti added, “We believe it is unlikely that GR 71 will be amended due to the ongoing discussion about the PDP Bill because GR 71 contains only a limited number of provisions on data protection. [However], we [find] that Kominfo will likely issue a new implementing regulation of GR 71, since some of the regulations that remain under GR 82 and are no longer in line with GR 71.”
KOTRYNA KERPAUSKAITE Privacy Analyst