Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Privacy Technology

Indonesia Parliament Passes Long-Awaited Data Protection Bill (reuters.com) 4

Indonesia's parliament passed into law on Tuesday a personal data protection bill that includes corporate fines and up to six years imprisonment for those found to have mishandled data in the world's fourth most populous country. From a report: The bill's passage comes after a series of data leaks and probes into alleged breaches at government firms and institutions in Indonesia, from a state insurer, telecoms company and public utility to a contact-tracing COVID-19 app that revealed President Joko Widodo's vaccine records. Lawmakers overwhelmingly approved the bill, which authorises the president to form an oversight body to fine data handlers for breaching rules on distributing or gathering personal data. The biggest fine is 2% of a corporation's annual revenue and could see their assets confiscated or auctioned off. The law includes a two-year "adjustment" period, but does not specify how violations would be addressed during that phase. The legislation stipulates individuals can be jailed for up to six years for falsifying personal data for personal gain or up to five years for gathering personal data illegally.
This discussion has been archived. No new comments can be posted.

Indonesia Parliament Passes Long-Awaited Data Protection Bill

Comments Filter:
  • I'm sure there will be plenty of companies opposed to all this, but really, if you can't protect your data, maybe you should just not collect it in the first place?

    There's very little data any company actually *needs*, and it's not exactly hard to protect that small amount of data, there are more than enough best practices for all that.

    And I personally am all for punishing those who collect data without permission. And even more so for hammering those who define 'permission' extremely loosely. No. You do NO

    • It's impossible to ship products to customers without collecting their name and address. It's also expensive to hire a representative in each region in which you do business, such as the representatives required pursuant to EU GDPR article 27 and UK GDPR article 27, especially if you don't have a lot of customers in that region.

    • They can have the best rules and it will not matter if they don't enforce it.

      And since this is Indonesia, am guessing it will not be enforced for anyone willing to pay some pocket money to the relevant people.

Pascal is not a high-level language. -- Steven Feiner

Working...