Personal Data Protection Authority Institute

Last updated
Personal Data Protection Authority
Lembaga Pelindungan Data Pribadi
Agency overview
FormedTBA
Jurisdiction Indonesia
Agency executive
  • TBA, Chairman of Personal Data Protection Authority

The Personal Data Protection Authority (Indonesian : Lembaga Pelindungan Data Pribadi) is a future executive agency formed by the Indonesian government, working directly under the President of Indonesia. The agency will be tasked with information privacy safeguarding, personal data protection, and enforcing laws related/regarding to the personal data protection. [1]

Contents

History

The call for establishment of an institution to protect data privacy had been sounded since 2016. [2] Establishment of such institution deemed very needed to protect the constitutional rights of Indonesian citizens for information privacy protection and safeguarding national interests over the personal data protection. [3] [4]

During the formulation of the Bill of Personal Data Protection, there is an issue regarding to whom will be vested with power to safeguard and enforce the law regarding the personal data protection. There was discussed whether the Ministry of Communication and Information Technology, National Cyber and Crypto Agency, or a separate independent agency under the office of the President of Indonesia that will be vested with such power. [5]

On 20 September 2022, the Bill of Personal Data Protection passed by the People's Representative Council and signed into law by Joko Widodo on 17 October 2022 as Law No. 27/2022 (Law on Personal Data Protection). [6] When the bill passed into law, it later known that the third option is chosen instead giving such powers to the pre-existing agencies/ministries. Article 58, 59, and 60 of the Law No. 27/2022 detailed the agency establishment, mandate, and authorities. [7]

As of 24 November 2022, structure and regulations of the agency still being tabled by the Indonesian government. [8]

Powers

As mandated by Article 59 Law No. 27/2022, the agency mandated to: [9]

  1. Formulate and establish the policies and strategies for personal data protection, which will be used as standards and guide to the personal data subject, controller, and processor.
  2. Supervise of the personal data protection implementation.
  3. Law enforcing administrative violation of the personal data protection laws, including the violations against the Law No. 27/2022 itself and its derivative regulations.
  4. Facilitate dispute resolution outside the court.

As mandated by Article 60 Law No. 27/2022, the agency possessed authorities as follows: [10]

  1. Formulation and establishment of policies and strategies for personal data protection, which will be used as standards and guide to the personal data subject, controller, and processor.
  2. Supervision of the personal data protection implementation.
  3. Administrative law enforcement for the violation of the personal data protection laws, including the violations against the Law No. 27/2022 itself and its derivative regulations.
  4. Assisting the preexisting law enforcement agencies in Indonesia in handling alleged criminal acts against the laws.
  5. Establishing cooperation with other countries' data protection authorities.
  6. Assessing compliance requirements for transfer of personal data outside the region the laws of the Republic of Indonesia.
  7. Issuing orders in order to follow up the supervisory results of the Personal Data Controller and/or Personal Data Processors.
  8. Publishing the results of the implementation of supervision.
  9. Protection of Personal Data in accordance with the laws.
  10. Receiving complaints and/or reports regarding allegations there is a violation of Personal Data Protection
  11. Investigating over complaints, reports, and/or monitoring results against allegations of violations of the personal data protection laws.
  12. Summoning and presenting Everyone and/or public bodies related to alleged violations of the personal data protection laws.
  13. Requesting information, data, and documents from every related person and/or public Body alleged to violate personal data protection laws
  14. Summoning and presenting the necessary experts in investigations and investigations related to allegations of violations of personal data protection laws.

Related Research Articles

<span class="mw-page-title-main">Children's Online Privacy Protection Act</span> American federal cyber law in 2000

The Children's Online Privacy Protection Act of 1998 (COPPA) is a United States federal law, located at 15 U.S.C. §§ 65016506.

<span class="mw-page-title-main">Data Protection Directive</span> European Union directive which regulates the processing of personal data

The Data Protection Directive, officially Directive 95/46/EC, enacted in October 1995, is a European Union directive which regulates the processing of personal data within the European Union (EU) and the free movement of such data. The Data Protection Directive is an important component of EU privacy and human rights law.

<span class="mw-page-title-main">Privacy Act of 1974</span>

The Privacy Act of 1974, a United States federal law, establishes a Code of Fair Information Practice that governs the collection, maintenance, use, and dissemination of personally identifiable information about individuals that is maintained in systems of records by federal agencies. A system of records is a group of records under the control of an agency from which information is retrieved by the name of the individual or by some identifier assigned to the individual. The Privacy Act requires that agencies give the public notice of their systems of records by publication in the Federal Register. The Privacy Act prohibits the disclosure of information from a system of records absent of the written consent of the subject individual, unless the disclosure is pursuant to one of twelve statutory exceptions. The Act also provides individuals with a means by which to seek access to and amendment of their records and sets forth various agency record-keeping requirements. Additionally, with people granted the right to review what was documented with their name, they are also able to find out if the "records have been disclosed" and are also given the right to make corrections.

<span class="mw-page-title-main">Information Commissioner's Office</span> Non-departmental public body

The Information Commissioner's Office (ICO) is a non-departmental public body which reports directly to the Parliament of the United Kingdom and is sponsored by the Department for Digital, Culture, Media and Sport (DCMS). It is the independent regulatory office dealing with the Data Protection Act 2018 and the General Data Protection Regulation, the Privacy and Electronic Communications Regulations 2003 across the UK; and the Freedom of Information Act 2000 and the Environmental Information Regulations 2004 in England, Wales and Northern Ireland and, to a limited extent, in Scotland.

A privacy policy is a statement or legal document that discloses some or all of the ways a party gathers, uses, discloses, and manages a customer or client's data. Personal information can be anything that can be used to identify an individual, not limited to the person's name, address, date of birth, marital status, contact information, ID issue, and expiry date, financial records, credit information, medical history, where one travels, and intentions to acquire goods and services. In the case of a business, it is often a statement that declares a party's policy on how it collects, stores, and releases personal information it collects. It informs the client what specific information is collected, and whether it is kept confidential, shared with partners, or sold to other firms or enterprises. Privacy policies typically represent a broader, more generalized treatment, as opposed to data use statements, which tend to be more detailed and specific.

Information privacy, data privacy or data protection laws provide a legal framework on how to obtain, use and store data of natural persons. The various laws around the world describe the rights of natural persons to control who is using its data. This includes usually the right to get details on which data is stored, for what purpose and to request the deletion in case the purpose is not given anymore.

Privacy law is the body of law that deals with the regulating, storing, and using of personally identifiable information, personal healthcare information, and financial information of individuals, which can be collected by governments, public or private organisations, or other individuals. It also applies in the commercial sector to things like trade secrets and the liability that directors, officers, and employees have when handing sensitive information.

Privacy law in Denmark is supervised and enforced by the independent agency Datatilsynet based mainly upon the Act on Processing of Personal Data.

<span class="mw-page-title-main">General Data Protection Regulation</span> European Union regulation on personal data

The General Data Protection Regulation is a Regulation in EU law on data protection and privacy in the EU and the European Economic Area (EEA). The GDPR is an important component of EU privacy law and of human rights law, in particular Article 8(1) of the Charter of Fundamental Rights of the European Union. It also addresses the transfer of personal data outside the EU and EEA areas. The GDPR's primary aim is to enhance individuals' control and rights over their personal data and to simplify the regulatory environment for international business. Superseding the Data Protection Directive 95/46/EC, the regulation contains provisions and requirements related to the processing of personal data of individuals, formally called "data subjects", who are located in the EEA, and applies to any enterprise—regardless of its location and the data subjects' citizenship or residence—that is processing the personal information of individuals inside the EEA.

There are several national data protection authorities across the world, tasked with protecting information privacy. In the European Union and the EFTA member countries, their status was formalized by the Data Protection Directive and they were involved in the Madrid Resolution.

<span class="mw-page-title-main">Data Protection Act, 2012</span> Legislation enacted by the Parliament of the Republic of Ghana

The Data Protection Act, 2012 is legislation enacted by the Parliament of the Republic of Ghana to protect the privacy and personal data of individuals. It regulates the process personal information is acquired, kept, used or disclosed by data controllers and data processors by requiring compliance with certain data protection principles. Non compliance with provisions of the Act may attract either civil liability, or criminal sanctions, or both, depending on the nature of the infraction. The Act also establishes a Data Protection Commission, which is mandated to ensure compliance with its provisions, as well as maintain the Data Protection Register.

The EU–US Privacy Shield was a legal framework for regulating transatlantic exchanges of personal data for commercial purposes between the European Union and the United States. One of its purposes was to enable US companies to more easily receive personal data from EU entities under EU privacy laws meant to protect European Union citizens. The EU–US Privacy Shield went into effect on 12 July 2016 following its approval by the European Commission. It was put in place to replace the International Safe Harbor Privacy Principles, which were declared invalid by the European Court of Justice in October 2015. The ECJ declared the EU–US Privacy Shield invalid on 16 July 2020, in the case known as Schrems II. In 2022, leaders of the US and EU announced that a new data transfer framework called the Trans-Atlantic Data Privacy Framework had been agreed to in principle, replacing Privacy Shield. However, it is uncertain what changes will be necessary or adequate for this to succeed without facing additional legal challenges.

Data re-identification or de-anonymization is the practice of matching anonymous data with publicly available information, or auxiliary data, in order to discover the individual to which the data belong. This is a concern because companies with privacy policies, health care providers, and financial institutions may release the data they collect after the data has gone through the de-identification process.

The General Election Supervisory Agency is an independent supervisory agency tasked with oversight the administration of general elections throughout Indonesia. Originally established by Law No. 22 of 2007 concerning General Election Administrators and later replaced and repealed by Law No. 15 of 2011, the statute describes its duties as "to supervise the administration of general elections"

<span class="mw-page-title-main">California Privacy Rights Act</span> Privacy and data protection law in California, U.S.

The California Privacy Rights Act of 2020 (CPRA), also known as Proposition 24, is a California ballot proposition that was approved by a majority of voters after appearing on the ballot for the general election on November 3, 2020. This proposition expands California's consumer privacy law and builds upon the California Consumer Privacy Act (CCPA) of 2018, which established a foundation for consumer privacy regulations.

<span class="mw-page-title-main">General Personal Data Protection Law</span> Brazilian regulation on the processing of personal data

The General Personal Data Protection Law, is a statutory law on data protection and privacy in the Federative Republic of Brazil. The law's primary aim is to unify 40 different Brazilian laws that regulate the processing of personal data. The LGPD contains provisions and requirements related to the processing of personal data of individuals, where the data is of individuals located in Brazil, where the data is collected or processed in Brazil, or where the data is used to offer goods or services to individuals in Brazil.

<span class="mw-page-title-main">Personal Information Protection Law of the People's Republic of China</span> Chinese personal information rights law

The Personal Information Protection Law of the People's Republic of China referred to as the Personal Information Protection Law or ("PIPL") protecting personal information rights and interests, standardize personal information handling activities, and promote the rational use of personal information. It also addresses the transfer of personal data outside of China.

<span class="mw-page-title-main">Nusantara Capital City Authority</span>

Nusantara Capital City Authority is a cabinet level-agency formed by Indonesian government, working directly under the President of Indonesia. The agency will become a special agency tasked with managing and governing the city of Nusantara, future capital of Indonesia located on Kalimantan.

<span class="mw-page-title-main">Personal Information Protection Commission (South Korea)</span> South Korean government agency for data protection issues

The Personal Information Protection Commission is national data protection authority of South Korea. It is formed as independent agency in year 2011 by 'Personal Information Protection Act(PIPA, Korean: 개인정보 보호법)', and is now located in Government Complex Seoul. The Commission is constituted with 9 commissioners and one of them is the Chairperson, who is appointed by the President of South Korea.

The Act No. 1 of 2023 on Criminal Code, or the 2023 Indonesian Criminal Code, is the new Indonesian criminal code replacing the Dutch-era code. The law is the most expensive and longest ever made in Indonesia, being more than 50 years in the making since formulation until finally commenced by the Indonesian government.

References

  1. "Pelindungan Data Pribadi" [Personal Data Protection]. Article 58, Law No. 27 of 2022 (PDF) (in Indonesian). Dewan Perwakilan Rakyat of Indonesia.
  2. Finaka, Andrean W. "Perjalanan UU Perlindungan Data Pribadi". indonesiabaik.id (in Indonesian). Retrieved 2022-11-26.
  3. DA, Ady Thea. "LBH Jakarta Beberkan 3 Alasan Lembaga Pelindungan Data Pribadi Harus Independen". hukumonline.com (in Indonesian). Retrieved 2022-11-26.
  4. Sambas. "Lembaga Otoritas Perlindungan Data Pribadi sudah mendesak". ANTARA News Banten (in Indonesian). Retrieved 2022-11-26.
  5. Toewoeh, Titah Arum M. R. (2022-10-22). "Teguh: Amanat UU, Presiden Tetapkan Lembaga Otoritas PDP". Ditjen Aptika Kementerian Komunikasi dan Informatika (in Indonesian). Retrieved 2022-11-26.
  6. Asyari, Haekal Al. "Langkah Konkret Setelah UU Perlindungan Data Pribadi Disahkan". detiknews (in Indonesian). Retrieved 2022-11-26.
  7. Susanto, Vendy Yulia (2022-09-20). "Lembaga Otoritas Perlindungan Data Pribadi Berada di Bawah Presiden". kontan.co.id (in Indonesian). Retrieved 2022-11-26.
  8. CNN Indonesia (2022-11-24). "Sebulan Lebih UU Berlaku, Kapan Lembaga Pengawas PDP Dibuat?". CNN Indonesia (in Indonesian). Retrieved 2022-11-26.{{cite web}}: |last= has generic name (help)
  9. "Pelindungan Data Pribadi". Article 59, Law No. 27 of 2022.
  10. "Pelindungan Data Pribadi". Article 60, Law No. 27 of 2022.
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.