Author: Rainer Heufers, CIPS
Indonesian lawmakers have been alarmed by the freedom of data flows and opinions in the rapidly emerging digital sphere. They published an Electronic Information and Transactions Act in 2008. Its 2016 revision, criminalizing online immorality, defamation and hate speech, was widely seen as undermining freedom of expression.
The digital boom also goes against Jakarta’s preference for major economic resources to be under the control of state-owned companies. As private companies dominated the digital revolution, the Indonesian government embraced national champions but restricted the freedom of online platforms.
Jakarta’s power over the private sector is evident in policy discussions regarding the expansion of digital infrastructure, the cybersecurity bill and digital taxation. But policy decisions affecting the freedom to engage in a borderless internet will have the greatest impact on Indonesian democracy.
Indonesian authorities can either regulate the internet by setting rules and norms that encourage or punish online practices, or they can autocratically control online behavior. These two approaches have clashed in the campaigns of American and Russian candidates for the post of secretary general of the International Telecommunication Union, a United Nations agency responsible for governing information and communication technologies.
Russia and China advocate for so-called “internet sovereignty,” requiring individuals to register to access the internet and allowing governments to shut down parts of the internet. Western countries want privacy standards and aim to consult non-governmental organizations on internet regulations.
The Indonesian government has taken an ambiguous approach by adhering to European Union General Data Protection Regulation (EU GDPR) standards while tightening controls over data content and access. Jakarta has a habit of shutting down the internet to prevent misinformation and unrest. The 2019 internet shutdown in West Papua ended with the court ruling that the government’s action was illegal.
Certain types of content have been declared illegal in Indonesia. Regulation No. 5/2020 of the Ministry of Communication and Informatics (MOCI) obliges the organizers of private electronic systems to remove illegal content within 24 hours or within four hours for child pornography, terrorist activities or content considered to be “shaking society and disturbing public order”. .
The short deadline creates a dilemma for organizers of private electronic systems. If they comply quickly and without proper assessment, they are accused of violating individual rights. If they don’t comply immediately, they face government sanctions.
The Personal Data Protection Act passed by the Indonesian parliament in September 2022 prohibits the illegal collection and use of data. This is in line with EU GDPR standards, but private data controllers found to have broken the law only have three days to erase the data. The EU GDPR gives controllers one to three months. Rulings will be made by the yet to be created Personal Data Protection Agency – but there will be no time for investigations, due process or appeals.
MOCI’s plans to consolidate its central role in the Indonesian digital governance system by becoming the supervisor of the Personal Data Protection Agency have been thwarted by the Indonesian parliament and civil society. Centralizing authority to control the Internet carries significant risks to democratic rights and freedom of expression.
The Russian government agency Roskamnadzor oversaw radio signals, telecommunications and postal delivery when it was established in 2008. Since then it has been part of an authoritarian regime, which has banned more than 1.2 million websites and blocked and imposed fines on major Internet platforms.
The MOCI already has considerable authority. All organizers of private electronic systems register with MOCI before commencing operations and must provide a statement guaranteeing government and law enforcement access to their electronic systems and data. When PayPal, Yahoo and several online gambling sites failed to comply, MOCI ordered internet service providers to block their internet access, ignoring lighter penalties such as a warning letter or fine. Platforms complied immediately despite the lack of proper and transparent review mechanisms and independent appeals.
Indonesian policymakers generally consider the government’s ability to access private data to be part of the country’s sovereignty over the internet and data. Jakarta does not require private companies to maintain data centers on land, but Indonesia’s Minister of Communication and Information Technology said in June 2022 that “data is related to the sovereignty of a country, [and] it is geostrategic in nature”.
Offshore data transfers are expected to become even more complicated to facilitate government access to data from Indonesia. Without sufficient time and due process, it will expand government power at the expense of individual data privacy and freedom.
After 25 years of democratic reforms, experts generally believe that Indonesia’s democracy is in decline. With legislative and executive elections in 2024, negative campaigning and hoaxes could trigger more restrictive internet policies. The new administration will then decide whether to continue to control online content and data or to follow a more indirect and regulatory approach.
Rainer Heufers is Executive Director of the Center for Indonesian Policy Studies.
#freedom #Indonesian #internet #East #Asia #Forum