Of all human rights, privacy can be one of the most difficult to balance. This is exacerbated by the Internet where free, easy and voluntary dissemination of information is routine both in the business and privately. The use of this rapidly developing technology continues to raise doubts regarding security of information and legal certainty. Data privacy is something that is very important as there are civil and criminal risks.

Indonesian data privacy protection is spread over several pieces of legislation such as the Human Rights Law, ITE Law, Code of Criminal Procedure and others, as we explain below.

Indonesia’s constitution does not explicitly regulate data protection or privacy, although it does state unequivocally the protection of human rights. In the 1945 Constitution, the provisions on data protection are in sections 28F and 28G (I) -the freedom to store information and protection of data and information attached to it.

Article 32 of Law No. 39 of 1999 concerning human rights provides that freedom and secrecy of communications by letter or any other electronic media shall not be disturbed or interrupted except upon the instruction of a judge or other lawful authority.

Article 26 (1) of Law No. 11 of 2008 on Information and Electronic Transactions contains a very brief section stating the right to enjoy personal life and be free from any invasion. Any person whose rights are infringed may lodge a claim for damages incurred. The ITE Law further prohibits anyone with intent and without valid rights from changing, adding, reducing, transmitting, destroying, eliminating, transferring or hiding electronic information and/or electronic documents owned by another person or by the public.

Article 47 of Law No. 8 of 1981 regarding Criminal Procedures gives the police permission (subject to keeping the contents of such confidential) to open private mail sent via post and telecommunications offices, if they obtain a special permit of the head of the district court.

Article 57 of Law No. 36 of 2009 regarding Health states that everyone is entitled to the confidentiality of their personal health information provided to or collected by health care providers.

Ministerial Decree from the Ministry of Communication and Information No. 01/per/m.kominfo/01/2009 prohibits the sending of broadcast SMS’s that are contrary to the public interest, morality, security or public order. Violation attracts administrative and/or criminal penalities.

In view of these fragmented regulations, the government is currently discussing with the relevant concerned parties consolidating to a single codified law of data privacy.