Data Privacy in the Indonesian Personal Data Protection Legislation
From e-lending to personalised business recommendations, there is a growing supply of customized digital services that require companies to acquire, process and store personal data. Meanwhile, these data remain the property of individuals and their owners have the right to control and manage their own data.
Since digital service companies constantly need to innovate, they often face uncertainties whether they are in breach of data privacy regulations. To mitigate this risk, the government should consider implementing a regulatory sandbox to facilitate the compliance of new technologies with existing data privacy regulations, and to co-create new policies similar to the Singaporean Personal Data Protection Commission (PDPC) when it tested and amended Singapore’s PDP Act.