• CIPS Indonesia

Newsletter March 2021 | Who gets to decide what's done with our data?

Dear readers,



If you’re like me, you may be reading this on your smartphone. A smartphone that was unlocked simply by pointing its camera at your face, or placing your finger on a sensor. Your device stores highly individualised records to keep private information secure. With biometric data being captured, one hopes this information is being safeguarded adequately.


Our lives are highly digitised. New innovations continue to advance, are made more cheaply, and are increasingly being widely adopted by all segments of society. It is unsurprising that legislation fails to keep up with the times.


66% of all countries in the world have some form of legislation on data protection and privacy. In the Asia-Pacific, this drops to 57% of countries in the region.


Indonesia is one of the 66% of countries but current laws exist in fragments. A new Personal Data Privacy (PDP) Bill will aim to provide a more comprehensive data protection law.


The Bill contains strong starting points in that it recognizes individuals as owners of their data, and holds companies responsible for compliance.


However, the Bill includes clauses that undermine this when it allows rights to be suspended for reasons of security, monetary and financial supervision, and state administration. The proposed supervisory authority is also a government ministry, which raises questions on conflicts of interest.


We’ve written a policy brief on the bill that we’ll share and launch next week.


Passing a sound PDP law is crucial, more Indonesians continue to reap the benefits of our digital economy. We see that in the millions of small businesses using online platforms, more accessible financial services, and cheaper transport and logistic services that are a touch away through our smartphones.


One area where sound data governance is urgently needed is the Peer-to-Peer lending sector.

P2P loans enable unbanked groups to access capital to invest in small businesses and manage household cash flow. However, to assess creditworthiness and a viable business model, P2P lenders need to access the personal smartphone data of the borrower. Without sound regulations to govern the use of data, Indonesia risks seeing more cases such as suicides as a result of intimidation tactics by unscrupulous ‘pay-day’ lenders. These types of lenders extract personal contact lists from the borrower’s smartphone data and target close social circles to shame and pressure borrowers. This week began with World Consumer Rights Day on March 15th, we focused on how to uphold the rights of low-income consumers to access capital through fintech platforms, but not at the expense of being criminally bullied and harassed. We recently launched our latest policy paper titled Improving Consumer Protection for Low-Income Customers in P2P Lending.




There are many more aspects of the digital economy that need further analysis and identification of sound policies to ensure the sector remains open and safe. You can expect more analysis from us in the coming months on topics such as content moderation, co-regulation approaches, and women’s participation in e-commerce.

With this, CIPS advocates to ensure that the benefits we’ve seen, and the myriad of future possibilities within the digital economy, remain accessible to all.



Salam hangat,


Rainer Heufers

Executive Director

Center for Indonesian Policy Studies






Don't forget to check out and download our policy papers here. Through these papers, we present evidence-based arguments to recommend policy changes that focus on building prosperity and better livelihoods for low-income Indonesians.



Our work relies on your support. Donate here.

If you want to receive our monthly newsletter and latest publications, please subscribe.


Recent Posts

See All