Protection of personal data – ANTARA News
Whether we are aware of it or not, our daily activities in cyberspace involve the exchange of a lot of data, including personal information.
It’s common these days to start the morning by checking your phone, whether it’s for the latest news or the latest social media updates.
Take WhatsApp for example. Users can access the application through their phone number. The application also has a feature that allows users to check the name and picture on someone’s profile.
From just one exchange of messages, people can read two pieces of data that can be used to identify them – their name and phone number. If they used an image of themselves, it would only add to the data disclosed.
If users do not maintain the data properly, they can be misused or misused for taking out illegal online loans, among other things. Even if someone has never borrowed money, one day they may suddenly be asked to repay a loan with interest.
Related News: Ministry completes drafting of Personal Data Protection Law in 2022
regulate the protection of personal data
With the continuous advancement of technology, messaging is not the only activity that the internet has made possible. Nowadays you can even sign documents online – and consider them valid. This is how data becomes a digital identity.
Sati Rasuanto, the CEO of VIDA, an electronic signature service provider, said ANTARA This digital identity includes any information available online that can digitally identify a person or organization or electronic device based on digital attributes (email, password, face photo, ID card details, photo ID, OTP) and activities (online shopping and internet search history).
As a provider of electronic certificates, VIDA sees this digital identity as a means to enable and greatly simplify the process of documenting citizens. However, such data is very sensitive and must therefore be treated with care.
“This data is certainly very sensitive for users of digital services and should it fall into (the wrong or irresponsible) hands, these identities could be used for different types of criminal activities or things that can cause material or non-material harm to the users (things ),” Rasuanto explained.
Therefore, efforts to protect personal data must involve data owners. Users must exercise caution when sharing data and not allow others to access their data unless necessary. For example, they are not allowed to post photos of ID cards on social media.
When there is a plethora of activities that require data sharing, securing them becomes even more complex. Ultimately, the matter would have to involve the state and require the formulation of regulations that could serve as a legal basis for the protection of personal data.
“The importance of personal data protection and data management regulations for Indonesia is that digital personal data (sharing) happens every day; and yet regulations such as the Personal Data Protection Act are not yet complete,” said Pratama Persadha, head of the Communication and Information System Security Research Center (CISSReC), on another occasion.
Related news: Hoping deliberations on the Personal Data Protection Act will end soon: Minister
However, Indonesia is not completely without data protection regulations. Such regulations exist and are spread across various industries. The regulation of personal data and data management for the telecom and digital sectors falls under the purview of the Ministry of Communications and Information Technology, including Government Regulation No. 71 of 2019 on Electronic Systems and Transactions.
In general, the protection of personal data refers to Law No. 19 of 2016 on Electronic Information and Transactions, better known as the ITE Law.
Organizations like VIDA refer to at least these two regulations when carrying out their activities.
Despite existing regulations, Indonesia still needs a law that can cover all sectors that manage personal data. Experts are confident that such a law would improve data protection and its governance.
Persadha said the Personal Data Protection Act has a deterrent effect on perpetrators who misuse personal data. Countries that already have regulations protecting personal data, such as South Korea and the European Union, could “force” mega-tech companies to comply with their rules.
“Even with a €20 million fine, the European Union still thinks tech giants (companies) like Facebook and Google (show no remorse), so they are working on Digital Services Law regulations (as a basis for their fine) . up to 6 percent of the total global income of the (technology) giants,” he explained.
“This means that we need a law on the protection of personal data as soon as possible,” he added.
Such a law would have major implications for data owners, industry and the state. In a broader sense, the protection of personal data also relates to the sovereignty of state information and can support the state’s survival in the digital age, he said.
According to VIDA, digital identity services involve trust. “Regulations on personal data protection and data governance will build trust between digital businesses and the public,” he added.
“We believe that trust is very fundamental to the development of the digital economy, considering the current pattern of the low-touch economy (transactions with minimal direct contact), (in which) trust is increasingly needed because there are no face-to-face contacts are. face (exchange),” Rasuanto explained.
Data protection law is seen as important at a time when Indonesia is collaborating with other countries on data.
Related News: Expert Urges Government to Ratify Personal Data Protection Bill
The G20 Digital Economy Working Group (DEWG), led by the Department of Communications and Informatics, will this month discuss data governance issues, particularly cross-border data flows.
As a digital industry player, VIDA has responded positively to the discussion plan to protect the digital identity of the community.
“As this mission requires the support of all parties, we see the urgency of data governance regulation, both on a global scale and through the implementation of integrated personal data protection regulations in Indonesia,” Rasuanto noted.
According to cybersecurity expert Persadha, such international forums for data governance discussions could enhance collaboration in security research and development, technology development, and data sharing practices at regional and global levels.
“With the discussion of data governance at the G20 event, one can see later – whether it is very much in line with the spirit of the PDP law, and comparisons of data governance in each country, for example Europe’s GDPR (General Data Protection Regulation). It’s just a matter of information sharing, and technological adjustments under discussion can be implemented according to the standards in each country,” he said.
The third DEWG G20 meeting is scheduled to take place on July 20-21 in Labuan Bajo, East Nusa Tenggara.
Related News: Indonesians need to protect two types of personal information: DPR