SECURING THE FUTURE: INDONESIA PERSONAL DATA PROTECTION LAW AND IT’ S IMPLICATION FOR INTERNET OF THINGS (IOT) DATA PRIVACY

Authors

  • Muhamad Alfat Fauzie University of Melbourne

DOI:

https://doi.org/10.28946/scls.v2i1.3743

Abstract

This paper examines Indonesia's Personal Data Protection Law (PDP Law) in the rapidly expanding Internet of Things (IoT) context. It explores the effectiveness of the PDP Law in safeguarding personal data amidst increasing IoT integration in various sectors, notably smart homes and wearable technology. Inspired by the EU's General Data Protection Regulation (GDPR), the PDP Law addresses data protection with specific regard to the unique challenges posed by IoT, such as extensive data collection and heightened vulnerability to breaches. Through a comparative analysis with GDPR, the paper highlights strengths and potential areas for improvement within the Indonesian framework, suggesting enhancements like incorporating privacy by design, establishing a robust data protection authority, and creating detailed guidelines for IoT data handling. The goal is to enhance the PDP Law's capability to manage privacy risks in an interconnected digital era, ensuring adequate data protection and compliance with global standards.

References

“Undang-Undang Nomor 11 Tahun 2008 tentang Informasi dan Transaksi Elektronik [Law No. 11 of 2008 on Electronic Information and Transaction] (n.d.).

Alhosani, Hussain Matar Mohamed Ghaith, Amiruddin Ahhamat, and Norain Ismail. “Industrial Revolution 4.0 (IR 4.0) Competencies: A Literature Review of Manufacturing Industry.†Ethical and Regulatory, no. 1 (2021): 3.

cltc2015. “New CLTC Report Highlights Privacy Risks in the ‘Internet of Things’ - CLTC UC Berkeley Center for Long-Term Cybersecurity.†CLTC (blog), n.d.

Department, Statista Research. “Indonesia: IoT Connections 2018-2028.†Statista, n.d.

Diega, Guido Noto La. “Internet of Things and the Law: Legal Strategies for Consumer-Centric Smart Technologies.†Milton, UNITED KINGDOM: Taylor & Francis Group, 2022, 2.

Diega, Noto La. “No,†n.d., 21.

European Union Agency for Cybersecurity (EU body or agency) et al. “Threat Landscape and Good Practice Guide for Smart Home and Converged Media.†LU: Publications Office of the European Union, 2014.

Greenleaf, G.W. Asian Data Privacy Laws: Trade and Human Rights Perspectives. Oxford, United Kingdom ; New York: NY: Oxford University Press, 2014.

Ilic, Dejan, Branko Markovic, and Dragan Milosevic. “Strategic Business Transformation: An Industry 4.0 Perspective.†International Journal of Economics and Law 49, 2017, 50.

Jezova. “Principle of Privacy by Design and Privacy by Default,†n.d., 133.

Jezoya, Daniela. “Principle of Privacy by Design and Privacy by Default.†Regional Law Review 2020, 2020, 129.

Web page, Direktorat Jenderal Perhubungan Laut. “Kerjasama Luar Negeri,†n.d.

Kustiasih, Rini. “Kelayakan Regulasi Perlindungan Data Pribadi Syarat Kerja Sama Internasional.†Web page kompas.id, n.d.

NCSI. “National Cyber Security: Indonesia,†n.d.

Pattanasri. Mandatory Data Breach Notification and Hacking the Smart Home, n.d.

Pattanasri, Thanaphol. “Mandatory Data Breach Notification and Hacking the Smart Home: A Legal Response to Cybersecurity.†QUT Law Review 18, no. 2 (2018): 7.

“Penjelasan Undang-Undang Nomor 27 Tahun 2022 tentang Pelindungan Data Pribadi [Elucidation of the Law No. 27 of 2022 on Personal Data Protection],†Indonesia § (n.d.), Art 4. (n.d.).

Peppet, Scott R. “Regulating the Internet of Things: First Steps Toward Managing Discrimination, Privacy, Security & Consen.†SSRN Scholarly Paper, n.d., 98.

Peraturan Menteri Komunikasi dan Informatika Nomor 10 Tahun 2021 tentang Perubahan atas Peraturan Menteri Komunikasi dan Informatika Nomor 5 Tahun 2020 tentang Penyelenggara Sistem Elektronik Lingkup Privat [Minister of Communications & Informatics Regula (n.d.).

Peraturan Menteri Komunikasi dan Informatika Nomor 20 Tahun 2016 tentang Perlindungan Data Pribadi Dalam Sistem Elektronik [Minister of Communications & Informatics Regulation No. 20 of 2016 on the Protection of Personal Data in an Electronic System] (n.d.).

Peraturan Pemerintah Nomor 71 Tahun 2019 tentang Penyelenggaraan Sistem dan Transaksi Elektronik [Government Regulation No. 71 of 2019 on the Operation of Electronic Systems and Transaction] (n.d.).

“Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27 2016 on the Protection of Natural Persons with Regard to the Processing of Personal Data and on the Free Movement of Such Data, and Repealing Directive 95/46/EC.†General Data Protection Regulation, 2016.

“Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27 2016 on the Protection of Natural Persons with Regard to the Processing of Personal Data and on the Free Movement of Such Data, and Repealing Directive 95/46/EC,†2016.

“Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27 2016 on the Protection of Natural Persons with Regard to the Processing of Personal Data and on the Free Movement of Such Data, and Repealing Directive 95/46/EC.†General Data Protection Regulation OJ L 119/1, no. Art. 30(5). (2016).

“Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27 2016 on the Protection of Natural Persons with Regard to the Processing of Personal Data and on the Free Movement of Such Data, and Repealing Directive 95/46/EC.†General Data Protection Regulation OJ L 119/1 (2016): Art. 25(1).

“Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27 2016 on the Protection of Natural Persons with Regard to the Processing of Personal Data and on the Free Movement of Such Data, and Repealing Directive 95/46/EC.†General Data Protection Regulation OJ L 119/1, no. Art. 25(2). (2016).

Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Da (n.d.).

Sivaraman, Gharakheili, and Fernandes. “Inside Job: Security and Privacy Threats for Smart-Home IoT Devices,†n.d., 23–24.

Sivaraman, Vijay, Hassan Habibi Gharakheili, and Clinton Vernandes. “Inside Job: Security and Privacy Threats for Smart-Home IoT Devices.†Australian Communications Consumer Action Network, 2017, 2017, 7–10.

Statista Research Department. “Topic: Internet of Things (IoT) in Indonesia.†Statista, n.d.

Stojkoska, Biljana L. Risteska, and Kire V. Trivodaliev. “A Review of Internet of Things for Smart Home: Challenges and Solutions.†Journal of Cleaner Production, n.d., 140.

Office of the Privacy Commissioner of Canada. “The Internet of Things - An Introduction to Privacy Issues with a Focus on the Retail and Home Environments,†n.d.

cyberlands.io. “Top 10 Cybersecurity Breaches in Indonesia,†n.d.

Undang-Undang Nomor 19 Tahun 2016 tentang Perubahan atas Undang-Undang Nomor 11 Tahun 2008 tentang Informasi dan Transaksi Elektronik [Law No. 19 of 2016 on Amendment of Law No. 11 of 2008 on Electronic Information and Transaction] (n.d.).

Undang-Undang Nomor 27 Tahun 2022 tentang Pelindungan Data Pribadi [Law No. 27 of 2022 on Personal Data Protection].

Fortinet. “What Is IoT Security? Definition and Challenges of IoT Security,†n.d.

Yusuf. “Transfer Data Antarnegara Bisa Dilakukan Jika Memiliki Aturan Setara UU PDP.†Ditjen Aptika (blog), n.d.

Downloads

Published

06/30/2024

Issue

Volume 2 Issue 1 June 2024

Section

Articles

License

As a journal author, you have rights for a large range of uses of your article, including use by your employing institute or company. These Author rights can be exercised without the need to obtain specific permission. 

Authors publishing in SCLS journals have wide rights to use their works for teaching and scholarly purposes without needing to seek permission, including: use for classroom teaching by Author or Author's institution and presentation at a meeting or conference and distributing copies to attendees; use for internal training by author's company; distribution to colleagues for their research use; use in a subsequent compilation of the author's works; inclusion in a thesis or dissertation; reuse of portions or extracts from the article in other works (with full acknowledgement of final article); preparation of derivative works (other than commercial purposes) (with full acknowledgement of final article); voluntary posting on open web sites operated by author or author’s institution for scholarly purposes (follow CC by SA License).

Authors and readers can copy and redistribute the material in any medium or format, as well as remix, transform, and build upon the material for any purpose, even commercially, but they must give appropriate credit (cite to the article or content), provide a link to the license, and indicate if changes were made. If you remix, transform or build upon the material, you must distribute your contributions under the same license as the original.