Main Page

Indonesia has the following main instruments regulating data protection:

1. Law No. 11 of 2008 regarding electronic information and transaction, dated 21 April 2008, as amended by Law No. 19 of 2016, dated 25 November 2016
2. Government Regulation No. 71 of 2019 regarding the provision of electronic systems and transactions, dated 10 October 2019
3. Minister of Communication and Informatics Regulation No. 20 of 2016 regarding personal data protection in electronic systems, dated 1 December 2016 ¹

In accordance with GR 71 and MOCI Reg 20, personal data encompassing client information will be accorded the protections laid out in both instruments. GR 71 outlines that such data must be stored, maintained, ensured for accuracy and safeguarded for confidentiality. MOCI Reg 20 states that personal data includes any information pertaining to a person whether they are identified or can be identified through electronic or non-electronic means.¹

Protection under the Data Protection Regulations includes protection of confidentiality and accuracy, as well as requiring data owners to be given a reason for the collection of their data, and limiting the extent of collection to the necessary. While there are particular regulations that apply to some financial service providers, such as P2P lending platforms, they do not provide more protection than what is provided in the Data Protection Regulations. Finally, no special rules exist concerning digital profiling of clients.¹

Cross-border payments in Indonesia

Fintech in Indonesia

Fintech in other countries

Notes

1. https://thelawreviews.co.uk/title/the-financial-technology-law-review/indonesia