Indonesia’s parliament has enacted a personal data protection bill after discussions for more than a year, as reported by Reuters on September 20. Under the new law, data handlers who leak or misuse private information might face up to five years in prison. In addition, individuals who fabricate personal data for gains may also face up to six years in prison. Furthermore, corporate fines for data breaches can be as high as 2% of a company’s annual revenue. A company’s assets may potentially be taken or auctioned off if it infringes the law.
According to the new law, to access information such as an individual’s name, gender, and medical history, data handlers must first obtain the individual’s consent and reach an agreement with the individual on the use of data and accountability measures. Individuals have the right to revoke their authorization and be compensated for any violations. With the rapid development of the digital economy, Indonesia has begun to take punitive measures against internet companies operating in the country but not officially registered on the Indonesian government registration platform. As of July, 8,276 Internet businesses had registered on the platform.