Indonesia has passed a long-awaited data protection bill, which authorises the president to form an oversight body to fine data handlers for breaching rules on distributing or gathering personal data.
The passing of the legislation follows a number of data leaks and alleged breaches that have impacted government firms as well as a state insurer, a telecoms company and a public utility. Last year, a contact-tracing app leaked Indonesian President Joko Widodo’s Covid vaccine records.
With the new move, Indonesia has become the fifth country in South-East Asia to have specific legislation on personal data protection after Singapore, Malaysia, Thailand and the Philippines.
The legislation includes strict consequences for data handlers that leak or misuse private information, such as fines of up to 2 per cent of a corporation's annual revenue, and prison sentences of up to six years. The law includes a two-year "adjustment" period, but does not specify...