Per­sonal data: A time bomb

The Jakarta Post - - OPINION - Bhredipta So­carana The writer is a le­gal prac­ti­tioner fo­cus­ing on tech­nol­ogy, me­dia, telecom­mu­ni­ca­tions and in­tel­lec­tual prop­erty law. He works as an as­so­ciate at a bou­tique law firm in Jakarta.

The dam­age has been done. The time bomb that we knew of has ex­ploded. Fol­low­ing the po­lice’s ar­rest of those sus­pected of leak­ing bank cus­tomers’ per­sonal data, the pub­lic should be con­cerned about the se­cu­rity of their per­sonal data.

In fact, many of us are un­aware of data se­cu­rity. Com­pounded by reg­u­la­tions that have changed con­stantly and their poor en­force­ment, cus­tomers are clearly vul­ner­a­ble to the mis­use of per­sonal data.

Per­sonal data is a new gold­mine in to­day’s era. Our lo­ca­tions, iden­ti­ties, gen­ders, fa­vorite foods, and re­li­gions, even sex­ual pref­er­ences, are in the sights of those who wish to uti­lize our data, com­monly for mar­ket­ing pur­poses. As such, per­sonal data has be­come a valu­able com­mod­ity. But there are also the down­sides to per­sonal data trans­ac­tions, rang­ing from iden­tity theft to unau­tho­rized fi­nan­cial trans­ac­tions, if they fall into the wrong hands.

While the gov­ern­ment is busy per­fect­ing le­gal in­stru­ments through a draft bill on per­sonal data pro­tec­tion, we ac­tu­ally bear per­sonal re­spon­si­bil­ity to pro­tect our own data. At the mi­cro level, be­ing cau­tious when fill­ing in per­sonal data, surf­ing a cer­tain web­site or us­ing cloud-based soft­ware is the first step to pro­tect­ing our per­sonal data.

Our lack of aware­ness about data se­cu­rity is evinced from how easy we fall prey to di­rect mar­ket­ing of­fi­cers through phone calls, or how ea­ger we are to share the re­sults of an on­line quiz app on our so­cial me­dia ac­counts. Those are only a few of the many in­stances when we give out our data for free.

How­ever, unau­tho­rized data col­lec­tion ac­tu­ally hap­pens with our con­sent. In such a case, the data col­lec­tor is ob­vi­ously not the one to blame.

In fact, most data col­lec­tors have been try­ing to com­ply with data pro­tec­tion reg­u­la­tions by pub­lish­ing pri­vacy no­tices and terms and con­di­tions on their web­sites. It is us, as web­site users, who of­ten fail to read care­fully and un­der­stand the con­se­quences of pro­vid­ing our in­for­ma­tion by us­ing the web­site.

On the other side of the is­sue, our aware­ness of our right to per­sonal data pro­tec­tion needs im­prov­ing.

The cur­rent ad­min­is­tra­tion rec­og­nizes the rights of per­sonal data own­ers, rang­ing from our right to re­quest records of how our per­sonal data is used, to our right to per­ma­nently delete our in­for­ma­tion stored by the data col­lec­tor.

Such rights, which are in­tended to pro­tect us, are en­force­able. But well-pub­lished in­for­ma­tion on how to en­force a data owner’s rights and how to keep data col­lec­tors from mis­us­ing our data re­mains min­i­mal.

The ar­rest of the seller of bank cus­tomers’ data pro­vides the mo­men­tum for the pub­lic to be­come fa­mil­iar with the is­sues of pro­tect­ing per­sonal data.

Apart from pub­lic ed­u­ca­tion and aware­ness, the gov­ern­ment should work harder to en­sure per­sonal data pro­tec­tion. The state needs to re­store its sovereignty over the dig­i­tal world through gov­er­nance, as this is im­por­tant to main­tain a level play­ing field in In­done­sia — one of the big­gest mar­kets for the tech­nol­ogy in­dus­try.

The gov­ern­ment’s bold move to re­quire app-based ser­vice providers to open of­fices in the coun­try de­serves credit. But there is still more work to be done.

First and fore­most, the vague­ness of pro­vi­sions in the ex­ist­ing reg­u­la­tion on per­sonal data pro­tec­tion must be fixed with the up­com­ing Per­sonal Data Pro­tec­tion Law. The House of Rep­re­sen­ta­tives needs to give pri­or­ity to de­lib­er­a­tion of the draft bill, as we are rac­ing against time in light of the rapid de­vel­op­ment of new tech­nolo­gies.

The draft bill should pro­vide flex­i­bil­ity for the gov­ern­ment to re­spond to tech­no­log­i­cal ad­vance­ments.

Nonethe­less, it should also use a lan­guage un­der­stand­able to laypeo­ple — not just techies or those in the tech­nol­ogy in­dus­try — or else the gen­eral pub­lic would re­main un­aware of their rights to per­sonal data pro­tec­tion.

Fur­ther­more, the gov­ern­ment should con­sider the re­cent trend of mul­ti­lat­eral co­op­er­a­tion in per­sonal data pro­tec­tion at the re­gional level, such as the in­ter­na­tional in­stru­ments ini­ti­ated by the Asia-Pa­cific Eco­nomic Co­op­er­a­tion (APEC). The fact that cross-bor­der data trans­ac­tions are im­pos­si­ble to halt will ne­ces­si­tate good co­op­er­a­tion be­tween In­done­sia and the in­ter­na­tional com­mu­nity to pro­tect its cit­i­zens’ per­sonal data from cy­ber crim­i­nals any­where in the world.

To sum up, col­lab­o­ra­tive ef­forts be­tween the peo­ple and gov­ern­ment are a must to build and re­gain our sovereignty in the dig­i­tal realm. Fu­ture threats surely await us. It is only a mat­ter of time un­til an­other in­ci­dent oc­curs to test our vul­ner­a­bil­ity. As such, we need to pre­pare ahead to pre­vent an­other time bomb from tick­ing.

Newspapers in English

Newspapers from Indonesia

© PressReader. All rights reserved.