Technology, Media & Telecommunication
Indonesian National Cyber Security at an All-Time Low:

Are We Skating on Thin Ice?

20 September 2022

Is our data in fact safe and protected? Are governments taking the threat of data breaches seriously?  With a large increase in recent alleged incidents of personal data breaches, dire consequences will occur should someone successfully hack and obtain our government’s confidentially sensitive information.  Some of the recent alleged incidents of data breaches can be seen in the data leak of 150 million Indonesian nationals or the 1.3 billion Indonesian SIM card user data.


The incidents mentioned above are, unfortunately, not isolated incidents in Indonesia’s long battle with hackers. Over the course of the last two years, there were at least 10 alleged data breaches that has occurred in Indonesia. A fair question to ask following the alleged incidents would be whether the government is doing anything to circumvent such hacks.


The lack of data protection laws and governmental safeguards will eventually prove to be detrimental to the citizens of Indonesia since there is always a risk of the circulation of such personal data in the dark web for anyone to access, take advantage of, or utilize for purposes that sway away from the legalities that pertain to the rule of law. An example of such misuse of personal data leakage would be incidents of fraud such and bank fraud.




Indonesia’s current data protection construct does not include a specific umbrella regulation on personal data protection resembling that of the EU GDPR. The absence of such privacy or personal data protection renders existing laws on the matter as scattered and insufficient. A notable law amongst the various personal data regulations currently in effect is the Ministerial Decree concerning personal data protection, which was ratified in 2016. However, such Decree does not have the same level of enforceability as the long-awaited Personal Data Protection Law (“PDP Law”) shall supposedly and is predicted to have upon its ratification. Hence, this is a very crucial time for the  PDP Law to come into effect as it shall carve the standards of Indonesia’s view in data protection as well as pave the way for the implementing regulations below.


In a recent statement by the House of Representatives, it was said that efforts to speed up the approval of the PDP Law in order to aid in the protection and enforceability of the Indonesian people’s civil right to privacy by way of deterring and protecting their personal data. However, it is inherently clear from the leaks and breaches occurring not only in Indonesia but also in parts of the world already equipped with significant data protection laws that such regulation is only the first step. There must be substantial and concrete actions taken by the government to mitigate and counter the data privacy issues in this country, which will be discussed later section of this article.


Moreover, the government must be agile in keeping up with technological advancements since the digital era is still full of innovation and develops at a rapid speed. It is safe to say that we have barely surpassed the tip of the iceberg when it comes to tech and data, especially with the government encouraging its citizens to go digital during covid times.


This is illustrated in the government’s incentive to track and trade the spread of Covid-19 as well as vaccination rates through the Peduli Lindungi app. Peduli Lindungi, a Covid-19 tracking application that is officially used for digital contact tracing in Indonesia, developed by the Ministry of Communication and Information, to tackle Covid-19 pandemic. It took some time for the digital distribution service to verify the application. However, the government took matter into their own hands and distributed the app through a message forwarded share-download feature.


Although drastic times call for drastic measures, the government’s course of action in utilizing a message forwarded share-download feature is quite a contrasting move to what they have been trying to raise awareness of – to protect one’s personal data and to be uber cautious when it comes to potential scams or phishing expeditions from unknown users.




Firstly, the enactment of the PDP law shall be followed by its implementation to be practically overseen by a specific regulatory body ensure the adherence to the law to protect Indonesian citizens’ data. However, this has caused quite the stir as there have been debates revolving around this matter. On the one hand, there are people who are in support of this independent regulatory body, with more power to enforce relevant data protection laws that reaches both  private and public data, whereby latter will be directly reported to the Indonesian President.


On the other hand, there are those who deem the Ministry of Communication and Informatics (“MCI”) as sufficient governmental oversight. The shortfall associated with this structure is that the MCI is a lateral executive body that is below the government and does not have the enforcement power to access the public’s data.


Secondly, as the greatest innovations in history are done collaboratively, thereby it would translate as an enormous success should the government in collaboration with the State Cyber and Signal Agency or BSSN utilizing experts to work together safeguarding and mitigating leaks pertaining to our nation’s privacy needs. Moving forward, the government must allocate a generous budget in making this framework come from paper to reality.


As a developing nation with the fourth largest population in the world and with more and more people nowadays having access to smart devices, our nation must be prepared for the risks associated with the digital push. The next question is, can our government protect us? We await the enactment of the PDP law to see what is in store for the citizens of Indonesia moving forward.


Should there be any queries related to this regulation or to find out if this affects your business or personal interest, please do not hesitate to contact us.






©2024. BE Partners. All Rights Reserved