privacy policy in indonesia and
play

PRIVACY POLICY IN INDONESIA AND MALAYSIA: FROM DIGITAL ECONOMY TO - PowerPoint PPT Presentation

Jan 19, 2023 •38 likes •188 views

PRIVACY POLICY IN INDONESIA AND MALAYSIA: FROM DIGITAL ECONOMY TO PERSONAL DATA PROTECTION LAWS The 3 rd Asia Privacy Bridge Forum @Seoul 27-06-2017 Dr. Sonny Zulhuda Civil Law Department Ahmad Ibrahim Kulliyyah of Laws International Islamic

  1. PRIVACY POLICY IN INDONESIA AND MALAYSIA: FROM DIGITAL ECONOMY TO PERSONAL DATA PROTECTION LAWS The 3 rd Asia Privacy Bridge Forum @Seoul 27-06-2017 Dr. Sonny Zulhuda Civil Law Department Ahmad Ibrahim Kulliyyah of Laws International Islamic University Malaysia

  2. 2 Indonesia & Malaysia towards the Digital 2017 (c) Sonny Zulhuda Economy “2017 will be the year of the “Digital economy is inevitable.. Internet Economy for Malaysia. Indonesia is highly potential to To build a vibrant Digital develop digital economy that the Economy, we need inclusivity country should not be lagging behind from both the people and the in its development.. We must play a capital economy..” role in the process.” Prime Minister Mohammad President Joko Widodo Najib Razak

  3. 3 Indonesia & Malaysia towards the Digital 2017 (c) Sonny Zulhuda Economy But… Connectivity? But…Digitalization? Big Data? Privacy? Cloud? International Data breach? Direct data flow? Data marketing? localisation? Surveillance? Anonymous data?

  4. 4 Overview of the Law 2017 (c) Sonny Zulhuda • Malaysia ▫ Enforced Personal Data Protection Act 2010 (“Act 2010”) ▫ Seven PDP Principles – applies only to commercial transactions, excludes data processing by Government ▫ Enforced by a PDP Commissioner, appointed by the Minister ▫ Imposes penal sanctions on various types of offences ▫ What to watch: ENFORCEMENT time! 1 st court case started in May on illegal processing of personal data. • Indonesia ▫ Currently no comprehensive Act, but derives its norms from the broad Information and Electronic Transaction Act (Law No. 11 Year 2008) (“Law 2008”) ▫ A subsidiary law under the Law 2008: Imposing duties on the Controller of Electronic System and Electronic Transaction (By-Law No. 82 Year 2012) (“By - Law 2012”) ▫ Recently enforced the Ministerial Regulation No. 20 Year 2016 on the Protection of Personal Data by Electronic Processing (“Regulation 2016”) – Restricted scope: It regulates electronic system controller rather than data user. Only civil and administrative sanctions. ▫ What to watch: A more comprehensive DRAFT PDP BILL on its way!

  5. 5 2017 (c) Sonny Zulhuda The Challenges of Digital Economy (And how the PDP laws address them) 1. Personal data is a commodity 2. Data processing is getting automated 3. Cloud is a default choice 4. Trans-border data flow is inevitable 5. Data due diligence is a norm 6. Data breach gets sophisticated 7. Industries fight back with self-regulation 8. Bottom rule: Trust in the digital economy

  6. 6 2017 (c) Sonny Zulhuda #1. Personal Data is a Commodity. Who is affected, and who is in Charge? • Is Digital Economy a “Free Economy”? • Who controls the data? ▫ Individuals ▫ Government ▫ Businesses ▫ “Data user/controller” vs “Electronic system controller” • Malaysian 2010 Act applies on commercial transactions, excludes the Government; • Indonesia’s Regulation 2016 emphasises on the duties of “Electronic system controller” but applies extra-territorially.

  7. 7 2017 (c) Sonny Zulhuda #2. IoT: Data processing gets automated • In Europe: duty to inform about “the logic involved in that automated decision- taking”. • Both Malaysian and Indonesian laws are silent about a specific obligation when there is an automated decision-taking. • Nevertheless, they provide for an enforceable right of data subject to get an access or information about their data processed by the data controller.

  8. 8 2017 (c) Sonny Zulhuda #3. Cloud is a default choice • Under Malaysian 2010 Act: ▫ Data user’s own cloud = assumes a primary duty; while a data processor’s cloud = a secondary duty ▫ Control over Data Processor by:  Data security requirements under s. 9(1)(2)  Contractual obligation – s. 9(2)(a)  Subject to inspection by the Commissioner – s. 101 • Under Indonesian 2016 Regulation: ▫ Duties of “Electronic system controller” includes obtaining consent, giving notice & choice, having a certified system, local retention of data and written breach notification.

  9. 9 2017 (c) Sonny Zulhuda #4. Trans-border data flow is inevitable • Under Malaysian 2010 Act: data export control: ▫ S.129(1) – “white list” countries ▫ Alternatively: Data user to exercise reasonable precaution and due diligence to assess risks – s.129(3)(f) • Under Indonesian By-Law 2012 and Regulation 2016: Data localisation obligations: ▫ Both data center and disaster recovery center must be located in Indonesia. ▫ Also, e-transactions data has to be kept within the local jurisdiction.

  10. 10 2017 (c) Sonny Zulhuda #5. Data due diligence is a norm Due diligence is: putting appropriate & preventive measures + efforts to monitor such measures . • A statutory duty of data due diligence under the Malaysian 2010 Act ▫ On data security risks analysis – s.9(1) ▫ On organisational data governance – s.133(1) • Risk-based governance under the Indonesian 2016 Regulations and 2012 By Laws. ▫ Educational activities, preventive measures, disaster management training, etc. under reg. 5. ▫ Risk Management, audit and system governance under section 13-14 of the 2012 By law.

  11. 11 2017 (c) Sonny Zulhuda #6. When data breach takes place Malaysia: Malaysia: • • No breach notification duty No breach notification duty • • Commissioner may issue enforcement notice Commissioner may issue enforcement notice • • Disputes can be taken to and resolved by the Tribunal Disputes can be taken to and resolved by the Tribunal • • Aggrieved parties can alternatively take action in court for both civil and Aggrieved parties can alternatively take action in court for both civil and criminal remedies. criminal remedies. Indonesia: Indonesia: • • The By-Law 2012 imposes a breach notification duty (in writing) to the The By-Law 2012 imposes a breach notification duty (in writing) to the data subjects. Authorities must also be notified if the breach causes data subjects. Authorities must also be notified if the breach causes serious damage. serious damage. • • The Regulation 2016 also imposes breach notification duty to the data The Regulation 2016 also imposes breach notification duty to the data subjects. subjects. • • Disputes to be resolved through mediation, or other alternatives. Disputes to be resolved through mediation, or other alternatives. • • Civil remedies and administrative sanctions can be given. Civil remedies and administrative sanctions can be given.

  12. 12 2017 (c) Sonny Zulhuda #7. Industry fights back: Self-regulation • With an array of various potential liabilities under Malaysian 2010 Act, it is best for the industries to put up a Self-regulatory mechanism – a bottom-up rather than top-down approach • A common rule of game for specific industries can be pre- defined by the “Data User Forum” where all players of a particular sector can sit and discuss. • Data User Forum – s. 21 PDPA • They can come up with a specific Code of Practice. Already registered 3 Codes of Practice: Electricity Sector, Insurance and Takaful Sector, and Banking Sector. ▫ Code of Practice – s. 23 PDPA • No similar provision exists in Indonesian laws

  13. 13 2017 (c) Sonny Zulhuda #8. Back to Basic: Importance of Trust • 64% believes managing people’s • How to build a trust? “PDP as • How to build a trust? “PDP as a Design ” lessons from the data is a corporate differentiating Uberisation factor • Data protection is not only • 84% say breaches of data privacy about complying with laws – it is about constructing the and ethics causes them to lose trust in trust and helping your companies business. • 90% thinks that breaches of data • Data protection law as a privacy have negative impact on design: privacy policy, stakeholder trust in the next 5 years transfer guarantee, cloud agreements, etc. to help create agreements, etc. to help create PwC 20 th 2017 Global CEO Survey the trust in digital economy. From 1,379 CEOs interviewed in 79 countries

  14. 14 2017 (c) Sonny Zulhuda Next: International Collaboration Agenda • Malaysia and Indonesia are the backbone for ASEAN – the ASEAN Economic Community (AEC), established in 2015, has as one of its e-commerce objectives the development of a “coherent and comprehensive framework for personal data protection.” • Also, we have to collaborate globally, as the threat of data breach is ubiquitous, global, and borderless. Not to forget the borderless effect of other laws e.g. the GDPR. • Data privacy agencies are to emulate the international work-frame from the worldwide data security agencies.

  15. THANK YOU 고맙습니다 Dr. Sonny Zulhuda sonny@iium.edu.my http://sonnyzulhuda.com

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Bridging Privacy Definitions: Differential Privacy and Concepts from Privacy Law & Policy

Bridging Privacy Definitions: Differential Privacy and Concepts from Privacy Law & Policy

Bridging Privacy Definitions: Differential Privacy and Concepts from Privacy Law & Policy Alexandra Wood Berkman Klein Center for Internet & Society at Harvard University DIMACS/Northeast Big Data Hub Workshop on Overcoming Barriers to

964 views • 54 slides
Pollution Pollution and EST and EST in in Indonesia Indonesia Minis inistry of of E Env

Pollution Pollution and EST and EST in in Indonesia Indonesia Minis inistry of of E Env

Policy to Reduce Air Policy to Reduce Air Pollution Pollution and EST and EST in in Indonesia Indonesia Minis inistry of of E Env nvir ironment onment and and For Fores estry (Indones ndonesia) ia) Dasrul rul Chaniago ago

671 views • 44 slides
PEXit PRIVACY and COOKIES POLICY This PRIVACY and COOKIES POLICY conveys how PEXit collects, uses,

PEXit PRIVACY and COOKIES POLICY This PRIVACY and COOKIES POLICY conveys how PEXit collects, uses,

PEXit PRIVACY and COOKIES POLICY This PRIVACY and COOKIES POLICY conveys how PEXit collects, uses, shares, stores and manages your information. We have built our business based on (a) our integrity, (b) our sincere effort to meet your

206 views • 3 slides
Privacy Policy This privacy policy sets out how the Talking Slides Ltd websites use and protect

Privacy Policy This privacy policy sets out how the Talking Slides Ltd websites use and protect

Privacy Policy This privacy policy sets out how the Talking Slides Ltd websites use and protect any information that you provide when you use this website. Talking Slides Ltd is committed to ensuring that your privacy is protected. Should we ask

164 views • 4 slides
Privacy engineering, privacy by design, and privacy governance Engineering & Public Policy

Privacy engineering, privacy by design, and privacy governance Engineering & Public Policy

CyLab Privacy engineering, privacy by design, and privacy governance Engineering & Public Policy Lorrie Faith Cranor November 17, 2015 y & c S a e v c i u r P r i t e y l b L a a s b U o 8-533 / 8-733 /

539 views • 22 slides
T Towards Integrated Policy d I t t d P li Managem ent for Privacy Managem ent for Privacy

T Towards Integrated Policy d I t t d P li Managem ent for Privacy Managem ent for Privacy

T Towards Integrated Policy d I t t d P li Managem ent for Privacy Managem ent for Privacy Dr Nick Papanikolaou e-Security Group International Digital Laboratory WMG, University of Warwick , y http: / / go.warwick.ac.uk/ nikos C

168 views • 15 slides
Privacy CS 4720 Mobile Application Development CS 4720 Creating a Privacy Policy A

Privacy CS 4720 Mobile Application Development CS 4720 Creating a Privacy Policy A

Privacy CS 4720 Mobile Application Development CS 4720 Creating a Privacy Policy A privacy policy is a document created to go with a product (app, website, etc.) that describes how the product and company behind it will do the

523 views • 13 slides
Privacy Surveys Privacy Surveys Week 12 - April 6, 8 1 Privacy Policy, Law and Technology

Privacy Surveys Privacy Surveys Week 12 - April 6, 8 1 Privacy Policy, Law and Technology

Privacy Surveys Privacy Surveys Week 12 - April 6, 8 1 Privacy Policy, Law and Technology Carnegie Mellon University Spring 2004 Lorrie Cranor http://lorrie.cranor.org/courses/sp04/ Current events Current events n Gmail

883 views • 31 slides
Automatic Privacy Policy Clustering ... applicable privacy preferences settings to formalise the

Automatic Privacy Policy Clustering ... applicable privacy preferences settings to formalise the

Automatic Privacy Policy Clustering ... applicable privacy preferences settings to formalise the data disclosure decisions and for visualization IFIP Summer School on Identity Management Karlstad, Sweden August, 6 th -10 th 2007

338 views • 15 slides
Privacy engineering, CyLab privacy by design, privacy impact assessments, and privacy governance

Privacy engineering, CyLab privacy by design, privacy impact assessments, and privacy governance

Privacy engineering, CyLab privacy by design, privacy impact assessments, and privacy governance Engineering & Public Policy Lorrie Faith Cranor November 11, 2014 y & c S a e v c i u r P r i t e y l b L a a s

555 views • 21 slides
Privacy engineering, CyLab privacy by design, privacy impact assessments, and privacy governance

Privacy engineering, CyLab privacy by design, privacy impact assessments, and privacy governance

Privacy engineering, CyLab privacy by design, privacy impact assessments, and privacy governance Engineering & Public Policy Lorrie Faith Cranor October 29, 2013 y & c S a e v c i u r P r i t e y l b L a a s

245 views • 20 slides
Access and Privacy Update Renee Barrette, Director of Policy Lauren Silver, Policy Analyst

Access and Privacy Update Renee Barrette, Director of Policy Lauren Silver, Policy Analyst

Access and Privacy Update Renee Barrette, Director of Policy Lauren Silver, Policy Analyst Information and Privacy Commissioner of Ontario AMCTO Zone 4 Spring Meeting May 2, 2017 Our Office The Information and Privacy Commissioner (IPC)

485 views • 46 slides
United States Indonesia Energy Investment Roundtable Natural Gas Pricing and Policy February 6,

United States Indonesia Energy Investment Roundtable Natural Gas Pricing and Policy February 6,

United States Indonesia Energy Investment Roundtable Natural Gas Pricing and Policy February 6, 2012 Jim Taylor President IPA / ConocoPhillips Indonesia CAUTIONARY STATEMENT FOR THE PURPOSES OF THE SAFE HARBOR PROVISIONS OF THE PRIVATE

815 views • 18 slides
Privacy law overview Engineering & Public Policy Rebecca Balebako Lorrie Cranor September

Privacy law overview Engineering & Public Policy Rebecca Balebako Lorrie Cranor September

Privacy law overview Engineering & Public Policy Rebecca Balebako Lorrie Cranor September 22, 2015 8-533 / 8-733 / 19-608 / 95-818: Privacy Policy, Law, and Technology # Today you will learn Key models of privacy protection

465 views • 20 slides
Interaction of RFID Technology and Public Policy Presentation at RFID Privacy Workshop @ MIT

Interaction of RFID Technology and Public Policy Presentation at RFID Privacy Workshop @ MIT

Interaction of RFID Technology and Public Policy Presentation at RFID Privacy Workshop @ MIT 15 TH November 2003 By Rakesh Kumar Wipro Technologies India Privacy Consumers Perspective Privacy can be defined as customers ability to

284 views • 17 slides
Banking risks, the bank lending channel, and the macro-prudential policy in Indonesia NBRM 7 th

Banking risks, the bank lending channel, and the macro-prudential policy in Indonesia NBRM 7 th

Banking risks, the bank lending channel, and the macro-prudential policy in Indonesia NBRM 7 th Annual Research Conference The views expressed in this paper are of the authors only and do not necessarily reflect those of Bank Indonesia. All

618 views • 15 slides
CMP244: Extension of the TNUoS tariff notice period National Grid actions Place your chosen

CMP244: Extension of the TNUoS tariff notice period National Grid actions Place your chosen

CMP244: Extension of the TNUoS tariff notice period National Grid actions Place your chosen image here. The four corners must just cover the arrow tips. For covers, the three pictures should be the same size and in a straight line. 4 th

660 views • 49 slides
33:010:458 33:010:458 Accounting Information Accounting Information Systems Systems Dr. Peter

33:010:458 33:010:458 Accounting Information Accounting Information Systems Systems Dr. Peter

33:010:458 33:010:458 Accounting Information Accounting Information Systems Systems Dr. Peter R. Gillett Associate Professor Department of Accounting, Business Ethics and Information Systems Rutgers Business SchoolNewark and New

237 views • 12 slides
Prospective vs. Retrospective Target budget for each episode Will Bundled All providers

Prospective vs. Retrospective Target budget for each episode Will Bundled All providers

Fee For Service Payer Episode Based Payment: Are You Ready For Medicares Next Wave of Provider Payment Reform? $ $ $ $ $ Robert Mechanic, MBA Brandeis University The Estes Park Institute February 27, 2012 Post Acute Hospital

226 views • 6 slides
Fiscal Q2 2020 Earnings + May 7, 2020 Forward-Looking Statements and non-GAAP Financial

Fiscal Q2 2020 Earnings + May 7, 2020 Forward-Looking Statements and non-GAAP Financial

Fiscal Q2 2020 Earnings + May 7, 2020 Forward-Looking Statements and non-GAAP Financial Measures Energizer Holdings, Inc. (the Company) and its management may make certain statements that constitute forward -looking stateme nts

270 views • 10 slides
Standard network trouble tickets exchange Status & proposed plans 2 nd EGEE Technical Network

Standard network trouble tickets exchange Status & proposed plans 2 nd EGEE Technical Network

Enabling Grids for E-sciencE Standard network trouble tickets exchange Status & proposed plans 2 nd EGEE Technical Network Liaison Committee http://indico.cern.ch/conferenceDisplay.py?confId=51084

400 views • 9 slides
Outline The OECDs role in guiding financial education policy 1 The OECD/INFE themes and

Outline The OECDs role in guiding financial education policy 1 The OECD/INFE themes and

International initiatives on financial education: The OECD International Network on Financial Education Adele Atkinson, PhD Policy Analyst Financial Education and Consumer Protection Unit Outline The OECDs role in guiding financial

497 views • 18 slides
CS 188: Artificial Intelligence Decision Networks and Value of Information Instructors: Dan Klein

CS 188: Artificial Intelligence Decision Networks and Value of Information Instructors: Dan Klein

CS 188: Artificial Intelligence Decision Networks and Value of Information Instructors: Dan Klein and Pieter Abbeel University of California, Berkeley [These slides were created by Dan Klein and Pieter Abbeel for CS188 Intro to AI at UC

277 views • 13 slides
Decision Networks and Value of Perfect Information [These slides were created by Dan Klein and

Decision Networks and Value of Perfect Information [These slides were created by Dan Klein and

Decision Networks and Value of Perfect Information [These slides were created by Dan Klein and Pieter Abbeel for CS188 Intro to AI at UC Berkeley. All CS188 materials are available at http://ai.berkeley.edu.] Decision Networks Decision Networks

366 views • 18 slides

More recommend