Indonesian data center operator calls for changes to data localization laws

A representative of the Indonesian digital infrastructure operator hopes to revise the country’s data sovereignty law because of concerns that it may harm the operations of local businesses.

The Indonesian government has revised the “Electronic Transactions and Systems Law Implementation Act” since 2012. These bills will modify several articles that have an impact on data positioning, which has been attacked by local data center operators.

Given that there is currently no law in Indonesia specifically targeting data protection, there are concerns that it could jeopardize data security.

A number of data sovereignty laws around the world have been in force for the past five years and have been introduced as a means of ensuring data security and personal privacy, such as the GDPR regulations implemented in Europe in May this year.

The proposed implementation of the electronic trading and system law reform will enable electronic system providers to store “strategic” data in Indonesia but does not specify what falls into this category.

The original text did not specify the type of data is referred to but instead asked the provider to establish its own data center in Indonesia as a requirement, hoping that the proposal would attract new investment from Indonesia.

In the media statement, the proposed changes related to the data localization policy should provide an in-depth, thorough and transparent assessment of the effectiveness of existing regulations, including enforcement, in a few years.

In addition, there are those who say that in the absence of laws related to data protection, careful calculations are needed to avoid potential impacts.

The document also mentioned that data rules on data ownership, access and control hope that the government will adopt a clearer attitude towards this matter.