Whether we are aware of it or not, our daily activities in cyberspace involve the exchange of a lot of data, including personal information.
These days, starting the morning by checking the phone, whether for new messages or the latest social media updates, has become commonplace.
Take WhatsApp, for example. Users can access the app using their phone number. The app also has a feature for users to check name and picture on someone’s profile.
So, from a single message exchange, people can glean two pieces of data, which can be used to identify them: their name and their phone number. If they used an image of themselves, that would only add to the data provided.
If users do not handle the data properly, it can be misused or abused to make illegal online loans, among other things. Even if someone has never borrowed money, one day they may suddenly be asked to repay a loan with interest.
Related News: Ministry to complete drafting of Personal Data Protection Bill in 2022
Personal data protection regulations
With the continuous development of technology, messaging is not the only activity enabled by the Internet. Nowadays, one can even sign documents online and have them considered valid. Thus, data has become a digital identity.
Sati Rasuanto, CEO of VIDA, an electronic signature service provider, said ANTARA that digital identity covers all information available online that can identify a person or an organization, or an electronic device based on digital attributes (email, password, facial photo, card data identity, photo ID, OTP) and digital activities (online purchases and internet search history).
As a provider of electronic certificates, VIDA sees this digital identity as a way to enable the documentation process for citizens and make it much easier. However, this data is very sensitive, so it should be handled with care.
“This data is certainly very sensitive for users of digital services, and if it falls into the (wrong or irresponsible) hands, these identities could be used for various types of criminal activities or things that can harm users, materially or immaterially (things),” Rasuanto explained.
Thus, efforts to protect personal data must involve data owners. Users should exercise caution when sharing data and not allow access to their data to others unless necessary. For example, they should not post photos of ID cards on social media.
When the activities requiring the exchange of data are numerous, their security would become even more complex. Ultimately, the issue should involve the state and require the development of regulation, which could serve as a legal basis for the protection of personal data.
“The importance of having regulations regarding personal data protection and data governance for Indonesia is because digital personal data (trading happens) every day; and yet, regulations such as personal data protection law are not yet finalized,” said Pratama Persadha, head of the Information and Communication Systems Security Research Center (CISSReC).
Related News: I hope deliberations on personal data protection bill will end soon: minister
However, Indonesia is not completely devoid of personal data protection regulations. Such regulations exist and are spread across various industry sectors. The regulation of personal data and data management for the telecommunications and digital sectors falls under the jurisdiction of the Ministry of Communication and Information Technology, including Government Regulation Number 71 of 2019 relating to Systems and Transactions electronics.
In general, the protection of personal data refers to the Electronic Information and Transactions Act Number 19 of 2016, better known as the ITE Act.
Organizations such as VIDA refer to at least these two regulations in the conduct of their activities.
Despite the presence of regulations, Indonesia still needs a law, which can cover all sectors that handle personal data. Experts are convinced that such a law would improve data protection and its governance.
Persadha said the Personal Data Protection Act would have a chilling effect on perpetrators who misuse personal data. Countries that already have personal data regulations, such as South Korea and the European Union, could “force” mega-tech companies to play by their rules.
“Even with a fine of 20 million euros, the European Union still feels that tech giants (companies) such as Facebook and Google (show no remorse), so they are working on regulating the law on digital services (as a basis to fine them) up to 6% of the total global revenue of giant (tech) companies,” he said.
“That means we need a personal data protection law as soon as possible,” he added.
Such a law would have a huge impact on data owners, industry and the state. By extension, the protection of personal data is also linked to state information sovereignty and can contribute to state survival in the digital age, he said.
According to VIDA, digital identity services involve trust. “Personal data protection and data governance regulations will build trust between digital businesses and the public,” he added.
“We believe that trust is very fundamental for the development of the digital economy, given the current model of the low-contact economy (transactions with minimal direct contact), (in which) trust is increasingly necessary because there is no face-to-face (exchanges),” Rasuanto explained.
Data protection law is considered important at a time when Indonesia is cooperating with other countries regarding data.
Related News: Expert Pushes Government to Ratify Personal Data Protection Bill
The G20’s Digital Economy Working Group (DEWG), led by the Department of Communications and Computing, will discuss data governance issues, in particular data flows between countries, this month.
As a player in the digital industry, VIDA responded positively to the discussion plan in order to protect the digital identity of the community.
“Given that this mission requires the support of all parties, we see the urgency for data governance regulation, both on a global scale and by implementing integrated personal data protection rules in Indonesia,” Rasuanto remarked.
According to cybersecurity expert Persadha, such international forums for data governance discussions could improve cooperation in security research and development, technology development and data exchange practices regionally and globally. .
“With the discussion of data governance at the G20 event, we can see later – if it is very much in line with the spirit of the PDP law, and comparisons of data governance in each country, for example, the European GDPR (General Data It is just a matter of information exchange, and the technological adjustments in the discussion can be implemented according to the standards of each country,” he explained.
The third DEWG G20 meeting is scheduled to take place on July 20-21 in Labuan Bajo, East Nusa Tenggara.
Related news: Indonesians must protect two types of personal data: DPR