Technology, Media & Telecommunication
The Rise of E-Commerce Use

Fundamental Rights of the Consumer

20 May 2020

All businesses except essential services (i.e. supermarkets and banks) remain shut. Consumers have now dramatically shifted their expenditures towards necessities, where top priority categories are food supplies, medicine, and takeaways[1]. A survey conducted by PT Snapcart Digital Indonesia stipulates that as much as 78% percent of Indonesian consumers have changed their shopping habits due to impacts of the Covid-19 upon daily activities[2].


Online shopping is the current new norm. Shoppers have been increasingly scouring online platforms to make purchases, as now it is essential for retailers and producers to sell their products through e-commerce platforms in order to survive. Retailers and consumers alike are being forced to explore e-commerce options and platforms to accommodate their needs.


E-Commerce platform Bukalapak has seen a spike in transactions with growths in new users as stated by Faijrin Rasyid, co-founder and president of Bukalapak[3]. Kusumo Martanto, CEO of Blibli also provides that “the long-term impact will be positive for online shopping as it will start to become habitual for consumers”[4].



Are Consumers rights ensured?


Whilst the rise of e-commerce is beneficial for both platforms and the consumers, there are still questions in regards to how are consumer’s personal data being utilised and secured. Are E-Commerce Organizers (“PPMSE”) utilizing personal data within the strictures of the law? Are PPMSEs enforcing proper practices to ensure data privacy? We discuss obligations that e-commerce platforms are bound by as pursuant to the prevailing laws and regulations of Indonesia.


Electronic System Organiser (“ESO”) is a Person, state administrator, business entity and community which provide, manage, and/or operate Electronic systems, either individually or jointly, towards Personal Data Users for their own needs and/or the needs of other parties[5]. PPMSEs also encompasses any individual business entity or government institution that facilitates electronic systems to enable e-commerce transactions.


Any personal data is treated as the personal property of the person or Business Practitioner concerned, where then ESOs and PPMSEs alike must implement principles of Personal Data Protection to avoid the occurrence of failure in the protection of Personal Data under its management. All personal data owners are entitled to the confidentiality of their Personal Data.


Should there be any disputes between such parties, it should be known that any personal data owner and ESO may file a complaint with the Ministry for the failure of Personal Data confidentiality protection.



Fundamental consumer rights


Millions of Indonesian e-commerce users should be aware and attentive of their rights as per the prevailing laws and regulations of Indonesia in regards to personal data protection and privacy. An example of a fundamental right is the following.


The data subject and any ESO (in this context e-commerce platforms/market places) must delete irrelevant Electronic information and/or electronic documents which are under their control based on the request of the relevant person. ESOs must also ensure the appropriate deletion of irrelevant Electronic Information and/or electronic documents by providing the option to users to delete their information/account from the database of the platform as per Article 15 of Government Regulation No. 71 of 2019 regarding the Organisation of Electronic Systems (“GR 71/2019”). This also includes accommodating the possibility to erasure (right to erasure) from the platform database.


The Ministry of Communication and Information Regulation No. 20 of 2016 regarding Personal Data Protection in the Electronic System (“MCI Regulation 20/2016”) also clearly stipulates that users have the right to have all his/her personal data removed whether it is an e-commerce, social media or other electronic platforms. This however, is subjected to two conditions (i) the personal data storing has passed the storing period according to the MCI Regulation or other relevant governmental regulations (ii) subject to the personal data owner request.


Pursuant to Article 59(3) in Government Regulation No.80 of 2019 regarding Trade Through Electronic Systems (“GR 80/2019”), this also provides that personal data owners are entitiled to request Business Practitioners to remove all relevant personal data in the event that the personal data owner declares the desire to leave. These are merely some fundamental rights of the customer in the ensurance that personal data owners are in fact protected.


Recent PPMSEs have been the target of cyber attacks through hacking and leaking of database information such as emails, passwords, and personal information. It was only then that it was apparent to users of some PPMSEs that they failed to accommodate the basic data privacy right of deletion. Users wanting to delete their personal data or remove their account from the PPMSEs database have found no option to do this, which strikes concerns of clear breaches of personal data privacy laws.



Closing Remarks


As rights of the personal data owner are currently scattered throughout numerous regulations, which are now combined with the inevitable rise in e-commerce use and rapid increase in newly signed up users, it is important for both parties to ensure transparency in terms of the rights associated with the use of e-commerce services. It is important for PPMSEs to accommodate and ensure legal compliance in the interests of the consumer. The Minister of Communications and Informatics (“MCI”) ensures that security capabilities of e-commerce actors must continue to be improved in order to maintain the digital economy, further assuring that the MCI and the State Cyber and Cryptography Agency will collaborate to strengthen proficiencies to protect personal data during a live video broadcast on the 4 May 2020.


It is also worth noting that the government is in current discussions of enacting a Personal Data Bill that would encapsulate comprehensive rights designated to the personal data owner amongst several other concepts such as definitive consideration of differentiation between personal data and general data.


If there are any queries with regards to how this may affect your respective business, please do contact us for further legal consultation.


This information does not, and is not intended to, constitute legal advice; instead, all information, content, and materials are for general informational purposes only.



©2024. BE Partners. All Rights Reserved

[1] Snapcart, ‘Covid-19 Impact on Indonesian Shopper Habits – Snapcart' (Snapcart, 2020) [Online] accessed through <>

[2] ibid

[3] Oxford Business Group, 'E-Commerce Provides Economic Boost for Indonesia As Shoppers Migrate Online During the Covid-19 Pandemic' (Oxford Business Group, 2020) [Online] <>.

[4] ibid

[5] Ministry of Communication and Informatics Regulation No.20/2016 Article on Personal Data Protection in Electronic Systems