Privacy International defends the right to privacy across the world, and fights surveillance and other intrusions into private life by governments and corporations. Read more »


Chapter: 

II. Legal framework

Constitutional Protection for Privacy

Since the  fall of Suharto and the New Order regime in 1998, Indonesia has gone through a transformation, with the people now demanding that that the government be more democratic and transparent. As a result, from 1999 to 2002 an annual People's Consultative Assembly was held, and during this period the Constitution grew from 37 articles to 73, with only 11% of the original Constitution remaining unchanged.1

There is no strong tradition of the right to privacy in Indonesia's collectivist culture, which expects the individual  to melt within the group (family, clan, ethnic groups).2 However, such attitudes are gradually being influenced by international human rights instruments, the practices of other countries, and the use of information technology and the internet. Slowly, Indonesian civil society has begun to acknowledge the importance of privacy rights, and in the last ten years privacy has become an increasingly important issue, particularly with regard to the protection of personal data.

The Constitutional amendments adopt several articles on human rights protection including privacy rights. Although the term "privacy" is not explicitly stated, it is  implied in article 28G paragraph (1) of the fourth amendment of the Constitution, which provides that:
Each person is entitled to protection of self, his family, honor, dignity, the property he owns, and has the right to feel secure and to be protected against threats and fear to exercise or not exercise his basic rights.

This article was adopted from Article 12 of the Universal Declaration of Human Rights and Article 17 of the International Covenant on Civil and Political Right (ICCPR). Since Indonesia ratified the ICCPR with Law No.12 in 2005, privacy rights in Indonesia have legal protection and the government of Indonesia has the responsibility to adopt legislative and other measures to effectively protect privacy. Additionally, the Indonesian government is required to ensure that its actions are not inconsistent with Article 17.

Therefore, privacy rights in Indonesia are protected by the law.3  However, there is a clear gap between protection de jure and de facto.

Statutory Protections

In addition to the Human Rights Act, other pieces of legislation make reference to privacy.

The Law No.11/2008 on Information and Electronic Transaction4

Article 26 (1) of the Law No.11/2008 on Information and Electronic Transaction provides:

Unless provided otherwise by Laws and Regulations, use of any information through electronic media that involves personal data of a person must be made with the consent of the person concerned 5

This law entered into force on 21 April, 2008. The privacy rights named in Article 26 paragraph (1) relate to the protection of personal data, including:

  • The right to enjoy personal life;
  • The right to communicate;
  • The right to control access.

This law is still inadequate to protect personal data in Indonesia compared to other Asian countries that regulate data protection in specific legislation. In Indonesia, personal data breaches mostly come from the banking and telecommunications sectors.6

Indonesia has other laws that protect public information, for example the Law No.14/2006 on Transparency of Public Information and the Decision on Transparency of Public Information.7 These laws state that every public fund must be publicised.

Freedom of communication and reception, and the right to posses and retain information are guaranteed by Indonesian Constitution. Article 28 F states that:

Each person has the right to communicate and obtain information for individual developments and its social environment and also has the right to seek, receive, posses, and retain  information using any kinds of available connection."

In April 2008 Indonesia's parliament passed the open government law or the Transparency of Public Information Law. The law applies to all public agencies at the national, regional and municipal level (including state-owned enterprises) and it also applies to political parties and non-government organizations. During the discussion both in the government and parliament, this law was subject to heated debate and raised many disputes over which government agencies would fall under the proposed legislation (and whether state-owned enterprises would be included), how violations of the law would be penalized, what institutional mechanisms would be created to process requests for information and adjudicate appeals, and what exemptions the government could claim in the name of national security or state secrets.8

This law establishes an Information Commission, an independent body whose functions will be to oversee the law and its standard regulations. The Information Commission will specify general standard guidelines relating to public information and resolve disputes through mediation and/or adjudication. 9

The law also states that if an information dispute cannot be resolved at the Information Commission level, claims will be admitted to the Administrative Court if the respondent is a public state body or the State Court if the respondent is a non-governmental public body. Anyone who does not accept the judgment of these courts has 14 days to appeal to the High Court.

The implementation of this Act faces many challenges, including the low level of awareness of officials about the Act and their role in implementing it, and the lack of public awareness about their right to information. Up until 2012, 41 decisions had been made by the Commission.10

Broadcasting Act, Law Number 32/2002

The guidelines enshrined in Article 48 paragraph (4) of the Law No.32/2002 on  broadcasting requires broadcasters to respect personal privacy.11 Privacy is also mentioned in the journalist's code of ethics. In practice, many violations of privacy occur in the electronic media, which drives the trade of gossip and rumour in Indonesia. Because many people are unaware of their rights and they never bring such cases to the court or to the broadcasting commission.

Personal Data Protection

At present there are no specific regulations concerning personal data protection in Indonesia. However, Article 26 of the Information and Electronic Transaction Act states:12

The use of any information through electronic media concerning an individual's personal data must be conducted with the consent of the concerned person.

This article is very general, and does not specifically protect personal data the way other Asian countries such as Malaysia and Hong Kong do. Currently, there are many personal data violations in Indonesia, both offline and online. For example, credit card companies share customer credit data without the consent of the data subjects. There have been cases where service providers have leaked personal data, including sending advertisements to Indonesia's 180 million mobile phone users.13

Footnotes