What does this cover?

The Indonesian Government has presented a draft of Indonesia's first modern privacy data law. The 'Draft Bill on the Protection of Private Data' (the Bill) aims to govern the management and transfer of personal data.

Below are a list of the key provisions addressed by the Bill:

  • Identification of two types of personal data (sensitive and normal);  
  • Permitted uses of different types of data;  
  • Collection and storage of personal data;  
  • Data transfers;  
  • Consent requirements;  
  • Disclosure requirements of data users (i.e. controllers);  
  • Video surveillance; and  
  • Introduction of an Information Commissioner.  

The next stage of the legislative process involves the discussion and debate of the Bill's provisions in the House of Representatives, after which point further information about the details of the Bill will be released. It has been indicated by the Ministry of Communications and Information that the Bill may come into effect in early 2016, however, the exact time frame is unconfirmed.

What action could be taken to manage risks that may arise from this development?

The introduction of the Bill will have significant consequences for businesses operating in Indonesia, given the insufficiencies of the current regulations in this area.

Financial services companies should monitor the progress of the Bill as it passes through the legislative process. 

Submitted by Nick O'Connell of Al Tamimi & Company – Dubai, UAE in partnership with DAC Beachcroft.