The Indonesian Government is proposing to amend Government Regulation No. 82 of 2012 on the Implementation of Electronic System and Transaction (GR 82), amongst other things, the data localization requirements. For context, GR 82 provides that electronic system operators that provide public services must have onshore data centers and disaster recovery centers, and that there was a 5-year transitional period, which expired on 15 October 2017. There has never been any clarification on the definition and coverage of "public services".
The Ministry of Communication and Informatics (MOCI) proposes to include a data categorization in the amended regulation for the purposes of the data localization requirements, namely:
- Strategic Data: data that falling under a strategic data category (eg, military affairs, intelligence affairs and government related affairs) must be placed and processed in Indonesia.
- Important Data: may include corporate or business related data which is not related to Indonesian strategic affairs (eg, military, intelligence or government affairs) and should be available in Indonesia if the data is required for law enforcement purposes.
- Low Priority Data: other data could be stored offshore BUT should also be available upon a valid request from law enforcement,although data localization requirements will also be subject to sectorial regulations, if issued.
The above data categorization represents the MOCI's intention and is not conclusive. The MOCI anticipates that a draft amendment to GR 82 will be made available for public discussion and consultation this month (November 2017).