J urna
I Qene fitian ffu RA*
DE JURE
JPHDJ
Volume
Nomor
No. Halaman
15
2
163 - 328
Terakreditas i LIPI No.
5
i
I I ltlcJ e dlP
Juni 2015
2MI-LPI/04
Jakarta I Z0 I 3
IKATAN PENELITI HUKUM INDONESIA TAHUN 2OI5
ISSN: 1410 - 5632
furnol Penelitinn lIuhum
(DgJurg#{:l!ii,'*1li":{",:,y,yi:'"d/p2Mr-Lnr/04/2013 DAFTAR ISI Halaman
DAFTAR IsI ADVERTORIAL KUMPUTAN ABSTRAK
Privasi
Atas Data Pribadi : Perlindungan Hukum Dan Bentuk Pengaturan Dilndonesia (personal data privacy : legalprotectionandforms of regulations
intndonesia)..................
163-183
Sinta Dewi Rosadi Perlindungan Konsumen Dalam Jual Beli Secara Online Melalui Media Elektronik (E-Commerce) Consumer Protection In Online Purchase Through Eleitronic
Media (E-Commerce)................ Sabungan Sibarani
185-198
Penetapan Direksi Perseroan BUMN Sebagai Pelaku Tindak Pidana Konrpsi Yang Merugikan Keuangan Negara (Detennination of Directors of The Company as Actors Soe Corruption
Harm The Financial Henry Donald Lbn. Toruan
State)........
.... 199-ZlB
Netralitas Birokrasi Dalam Rangka Pemberantasan Korupsi(Bureaucratic Neutrality in the Context of Anti-Corruption Efforts)....... ..... 219-229
Eko Noer Kristiyanto Optimalisasi Kinerja f"iuUut Publik Sebagai Strategi Pencegahan Korupsi .Di Indonesia (Performance Optimization as a Public Official Corntption Prevention Strategt in Indonesia) ......231-249 Nevey Varida Ariani Implementasi Pasal 35 Uncac Dalam Undang-Undang Tindak Pidana Korups6 (Implementation of Articel 35 UNCAC in the Criminal Corruption AcL.....................
zst-zal
Rooseno Upaya Pemerintah Dalam Pencegahan dan Penanganan Tindak Pidana Perdagangan Perempuan Dan Anak Yang Menjadi Korban Eksploitasi Seksual (Government Efforts in Crime Prevention and Handling Perdagangan Perempuan and Children Become Victims of Sexual Exploitation).... 269-290
Diana Yusyanti Konsistensi Penggunaan Dan Pemanfaatan Tanah Dalam Penataan Ruang Kawasan Perkotaan (consistency ofuse and land use planninginurban areas room)
291-305
Yul Ernis
Penataan Ruang
Dalam Kerangka otonomi Daerah (living arrangement in
Framework of regional
autonomy\..
the
................ ..:.......... .. . .. ...307-321
Melok Karyandani DAFTAR RTWAYAT HIDUP PEDOMAN PENULISAN
323-325 327-328
TEGISLATION
lndonesia issues draft Ministerial Regulation on Data Protection By Sinta Dewi Rosadi.
A
lthough mobile traffic
data
A;,n; i$'ji :: ilT::::,;'ff;
legal protection {or such digital-based activities is still weak. Currently there are no specific rules that ensure the protection of users' dataprivacy. \fith a wide range of applications, users are asked to provide their address, mobile
Ministerial Regulation.
criticised
on other
It
may also
be
grounds. The
PDPES does not clearly stipulate its scope (individuals or legal entities;
public and/or private secrors), although it does only apply ro 'E,lectronic System Operators'. The regulation only applies minimum basic
on transactions, travel routes, user habits, patterns of
data protection principles such as consent, right to verified content, and right to access and correction. The regulation requires data subjecrs' written consent, but does not clearly stipulate whether the rnechanism to be
communications and data about user
used is opt-in or opt-out.
phone number and credit card number and those details will be recorded. No less important is that data conrollers
process data
activity
in the context of a variety of
applications
or
Internet pages. To
address these developments, Indonesia's
Ministry of Communications and Informatics (Infocom) has drafted Ministerial Regulations on Personal -
Data Protection (PDPES) in Electronic Systems as an implementing regulation based on Governmenr Reguiation No. 82/2A12 on Electronic Transaction
Ministry regulations are
There is no specific rule in PDPES
that gives authority to a
stare
institution to supervise this system. To
Parliament. The PDPES will cover basic
protectlon.
as
the rights
of data subjects, user liabiliry liabiliry for operators of electronic systems; dispute
resolution, public participation and adrninistrative sancrions. A public consultation was completed in July, but it is not certain when the final Regulation
will
be released.
The draft regulation
deserves attention because for the first time the
of Indonesia will issue a specific regulation on protection of personal data. However, it is regretmble that PDPES will overlap with the Personal Data Bill being prepared
by another Directorate in
Personal data obtained
and collected indirectly musr be verified based on various sources
(d)
Personal data may
only
be
processed and analysed accordihg
to the needs/purpose of
the
Electronic Systems Operator rhat obtaining and collecting the data.
3.
Retention Electronic Systems operators may store personal data for 5 years or more
or iq
accordance
with
applicable
regulations.o
electronic
system administrator/management Each Electronic System Operator must have internal rules to carry out the process and ensure the protection of personal data. n 5. The rights of Eata subjects:
a. The confidentiality of
c.
of receiving input from the public. The Draft Minlstry Regulation will operate as follows':
1.
Protected personal data Personal data refers to any true and real information that can be direcriy or indirectly identified as relaring to an
dissemination and destruction of Personal Daa.
BUSINESS
(c)
territory. This drafr is still rentative because the Ministry is in the process
fundamental righq therefore requiring an Act' rather than the lesser form of a 2015 PRIVACY LAWS &
and
collected directly must be verified by the data subject
b.
individual, to be used with existing regulation.
@
Personal data obtained
their
personal data
A ministerial regulation is compatible vdth Indonesia's Constitution, according to which personal data protection is part of the Privacy Right which is protecred by the Constitution and considered as a Infocom.
not
consent
(b)
According to the 'data localisation' requirement in the draft governmental regulation (under which this ministerial regulation is made) the'data centre and disaster recovery centre' must be located on Indonesian
government
Data subjects have given their
4. Responsibility of
archive, not personal data.
protection mechanisms such
a
(a)
have been stated clearly when
The data rerenrion period is long under PDPES (5 years); this is in accordance with the National Retention Schedules Regulation in the National Archives Law, which was developed to regulate the public
effectively implement legislation, a supervision mechanism would be required, as well as a legal instrument which. g4overns personal data
Systems.2
lower form of legislation than Government regulations or Acts of
Personal data shall be processed only if:
in
accordance
2.
Data collection and processing The PDPES includes protection of the collection, processing, analysing, storing, notification, transmission,
The right to file a complaint with the personai data dispute resolution
institutions for failure of personal data confidentiality protection by the Operator Electronic Systems, and the right to sue in a civil court The right to reclaim one's personal data, when the services of an Electronic System Operator are no longer needed
d. The rigEt to access and the opportunity to"'change or update personal dam without disturbing
personal data
management
systems.
5. The
responsibility
of
data
controllers a. To maintain the confidentiaiity of personal da''a that it has obtained, collected, processed and analysed
b. To process accordance
personal data only in with the purposes for
which it was collected
PRIVACY LAWS &3I'SINESS TNTERNATIONAL REPORT
OCTOBER2Ol5
27
PRIVASI ATAS DATA PRIBADI : PERLINDUNGAN HUKUM DAN BENTUK PENGATURAN DI INDONESIA (Personal Data Privacy : Legal Protection And Forms Of Regulations In Indonesia) Sinta Dewi Rosadi Fakultas Hukum, UNPAD Jl. Dipati Ukur, No. 35, Bandung 08156282932, Email:
[email protected] Tulisan diterima 4-5-2015, Revisi 26-5-2015, Disetujui diterbitkan
ABSTRACT As a form of innovation, information and communication technology have now been able to conduct the collection, storage, sharing and analyzing the data where it can not be imagined previously, the activity has also resulted in various sectors of life to use information technology systems, such as the implementation of electronic commerce (e-commerce ) in trade / business, electronic education (e-education) in the field of education, eletornic health (e-health) in the health sector, electronic government (e-government) in the field of government coupled with the development of cloud computing industry or the use IOT (Internet of Things) through the advancement of information and communication technology that it is possible to do retrieval, storage, distribution and sale and purchase of personal data widely without the owner's consent in using data both online and offline. Within 5 (five) years there has been a lot of privacy breaches on personal data , giving rise to many public complaints and raised a number of cases have shown that the leakage of personal data ranging from names, phone numbers,, electronic mail addresses until all the personal data of citizens has been controlled by unauthorized parties. This article as a result of several studies conducted that aims to examine in depth about the urgency of the protection of personal data privacy laws in Indonesia because during now in Indonesia the form of protection is sectoral and unharmonized therefore the level of protection is very minimal and unable to provide maximum protection . Research conducted using the method yuridisnormative, empirical method and futurology legal method. The goal is finding the most appropriate form of regulation to be applied in Indonesia that will provide even more protection especially privacy laws on personal data . The purposes of the research is to provide the theoretical contribution of the study on personal data privacy law and in practice to provide recommendations to the Government in drafting the Protection of Personal Data Act. The conclusion is a forms protection the privacy of personal data that is appropriate for Indonesia is through the Co-Regulatory approach which will gives a similar role both to the government and businesses to protect personal dat aprivacy that are expected to provide maximum protection against all parties.The recommendations is to encourage the government of Indonesia to draft personal data bill in order to provide maximum legal protection. Keywords : Privacy, Personal Data, Form of Protection ABSTRAK Sebagai suatu bentuk inovasi, teknologi informasi dan komunikasi sekarang telah mampu melakukan pengumpulan, penyimpanan, pembagian dan penganalisaan data dimana hal tersebut tidak dapat dibayangkan sebelumnya, aktivitas tersebut juga telah mengakibatkan berbagai sektor kehidupan memanfaatkan sistem teknologi informasi, seperti penyelenggaraan electronic commerce (e-commerce) dalam sektor perdagangan/bisnis, electronic education (e-education) dalam bidang pendidikan, eletornic health (e-health) dalam bidang kesehatan, electronic government (e-government) dalam bidang pemerintahan
Jurnal Penelitian Hukum DE JURE, ISSN 1410-5632 Vol. 15 No. 2, Juni 2015 : 1 - 21
1
Jurnal Penelitin Hukum
De Jure
No:511/Akred/P2MI-LIPI/04/2013
ditambah dengan perkembangan industri komputasi awan atau cloud computing atau penggunaan IOT (internet of things) melalui kemajuan teknologi informasi dan komunikasi tersebut maka dimungkinkan dilakukan pengambilan, penyimpanan, penyebaran dan jual beli data pribadi secara luas tanpa adanya persetujuan pemilik data baik yang dilakukan secara online maupun offline. Dalam 5 (lima) tahun terakhir telah terjadi banyak pelanggaran privasi atas data pribadi masyarakat sehingga menimbulkan banyak keluhan masyarakat dan sejumlah kasus timbul telah memperlihatkan bahwa kebocoran data pribadi mulai dari nama, nomor telepon selurel, alamat surat elektronik hingga seluruh data pribadi warga sudah dikuasai oleh pihak yang tidak berhak. Artikel ini , ini adalah hasil dari beberapa penelitian yang dilakukan yang bertujuan untuk menelaah secara mendalam tentang urgensi perlindungan hukum privasi atas data pribadi di Indonesia karena selama ini pengaturannya bersifat sektoral dan tidak ada harmonisasi yaitu dengan pengaturan yang berbeda-beda dan sangat minimal sehingga belum dapat memberikan pengaturan yang maksimal. Penelitian yang dilakukan menggunakan metoda yuridis- normatif- empiris dan metode penelitian futurologi . Tujuan yang ingin dicapai yaitu menemukan bentuk pengaturan yang paling tepat untuk diterapkan di Indonesia sehingga akan lebih memberikan perlindungan hukum privasi khusunya atas data pribadi masyarakat. Kegunaan adalah untuk memberikan sumbangan secara teori tentang kajian hukum privasi atas data pribadi dan secara praktik memberikan rekomendasi kepada Pemerintah dalam menyusun RUU Perlindungan Data Pribadi. Isi pembahasan memaparkan pentingya perlindungan dengan memperhatikan potensi kerugian. Kesimpulan adalah bentuk perlindungan privasi atas data pribadi yang tepat untuk Indonesia adalah melalui pendekatan Co-Regulatori yaitu memberi peranan yang sama kepada pemerintah dan pelaku bisnis untuk melakukan pengaturan dan perlindungan sehingga diharapkan dapat memberikan perlindungan yang maksimal terhadap semua pihak. Saran adalah segera disusun undang-undang perlindungan data pribadi sehingga dapat memberikan perlindungan maksimal bagi masyarakat Indonesia. Kata Kunci: Privasi, Data Pribadi, Bentuk Perlindungan
2
Privasi Atas Data Pribadi: Perlindungan Hukum dan Bentuk Pengaturan...
(Sinta Dewi Rosadi)
