J

urna

I

Qene

fitian

ffu

RA*

DE JURE

JPHDJ

Volume₁₅ Nomor

2

No. Halaman

163 - 328 Juni 2015 Jakarta

ISSN: 1410 - 5632

Terakreditas i LIPI No. 5 i I I ltlcJ e dlP 2MI-LPI/04 I Z0 I 3

IKATAN PENELITI HUKUM INDONESIA

furnol Penelitinn lIuhum

(DgJurg#{:l!ii,'*1li":{",:,y,yi:'"d/p2Mr-Lnr/04/2013

DAFTAR ISI

DAFTAR

IsI

Halaman

ADVERTORIAL

KUMPUTAN ABSTRAK

Privasi

Atas Data Pribadi : Perlindungan Hukum Dan

Bentuk

Pengaturan

Dilndonesia (personal data privacy

:

legalprotectionandforms of regulations

intndonesia)...

163-183

Sinta Dewi Rosadi

Perlindungan Konsumen Dalam Jual Beli Secara Online Melalui Media Elektronik (E-Commerce) Consumer Protection

In

Online Purchase Through Eleitronic

Media

(E-Commerce)...

185-198

Sabungan Sibarani

Penetapan Direksi Perseroan BUMN Sebagai Pelaku Tindak Pidana Konrpsi Yang

Merugikan Keuangan Negara (Detennination

of

Directors

of

The Company

as Actors Soe Corruption Harm The Financial

State)...

....

199-ZlB Henry Donald Lbn. Toruan

Netralitas Birokrasi Dalam Rangka Pemberantasan Korupsi(Bureaucratic Neutrality

in the Context of Anti-Corruption

Efforts)...

... 219-229 Eko Noer Kristiyanto

Optimalisasi

Kinerja

f"iuUut Publik Sebagai Strategi Pencegahan Korupsi .Di Indonesia (Performance Optimization as a Public Official Corntption Prevention

Strategt in

Indonesia)

_...231-249

Nevey Varida

Ariani

Implementasi Pasal 35 Uncac Dalam Undang-Undang Tindak Pidana Korups6

(Implementation of Articel 35 UNCAC in the Criminal Corruption AcL...

zst-zal

Rooseno

Upaya Pemerintah Dalam Pencegahan dan Penanganan Tindak Pidana Perdagangan

Perempuan Dan Anak Yang Menjadi Korban Eksploitasi Seksual (Government

Efforts

in

Crime Prevention and Handling Perdagangan Perempuan and Children

Become Victims of Sexual

Exploitation)....

_269-290 Diana Yusyanti

Konsistensi Penggunaan Dan Pemanfaatan Tanah Dalam Penataan Ruang Kawasan

Perkotaan (consistency ofuse and land use planninginurban areas

room)

291-305

Yul Ernis

Penataan Ruang Dalam Kerangka otonomi Daerah (living arrangement in the

Framework of regional

autonomy\..

... ..:... .. . .. ...307-321

Melok Karyandani

DAFTAR RTWAYAT HIDUP 323-325

TEGISLATION

lndonesia

issues

draft

Ministerial

Regulation

on

Data

Protection

By

Sinta Dewi

Rosadi.

A

lthough mobile traffic data

A;,n;

i$'ji

::

ilT::::,;'ff;

legal protection _{or such digital-based

activities is still weak. Currently there are no specific rules that ensure the

protection of users' dataprivacy. \fith a

wide range

of

applications, users are asked to provide their address, mobile

phone number and credit card number

-and those details will be recorded. No less important is that data conrollers process data

on

transactions, travel

routes,

user

habits, patterns of communications and data about user activity in the context of a variety of applications

or

Internet pages. To

address these developments, Indonesia's

Ministry

of

Communications and Informatics (Infocom) has drafted Ministerial Regulations

on

Personal

Data Protection (PDPES) in Electronic

Systems as an implementing regulation

based on Governmenr Reguiation No.

82/2A12

on

Electronic Transaction

Systems.2 Ministry regulations are a

lower

form of

legislation than

Government regulations

or

Acts of Parliament. The PDPES will cover basic

protection mechanisms such as the rights

of data subjects, user liabiliry liabiliry for operators of electronic systems; dispute resolution, public participation and adrninistrative sancrions.

A

public

consultation was completed _{in July, but} it is not certain when the final Regulation will be released.

The

draft

regulation deserves attention because for the first time the

government of Indonesia will issue a

specific regulation on protection of

personal

data.

However,

it

is regretmble that PDPES

will

overlap

with

the Personal Data

Bill

being

prepared

by

another Directorate in Infocom.

A

ministerial regulation is

not

compatible

vdth

Indonesia's

Constitution, according

to

which personal data protection is part of the Privacy Right which is protecred by

the Constitution and considered as a

fundamental righq therefore requiring an Act' rather than the lesser form of a

Ministerial Regulation.

It

may also be

criticised

on other

grounds. The

PDPES does not clearly stipulate its scope (individuals

or

legal entities;

public

and/or private

secrors),

although

it

does

only

apply ro

'E,lectronic System Operators'. The regulation only applies minimum basic data protection principles such as

consent, right to verified content, and

right

to

access and correction. The regulation requires data subjecrs' written consent, but does not clearly stipulate whether the rnechanism to be used is opt-in or opt-out.

The data rerenrion period is long under PDPES (5 years); this

is

in

accordance

with the

National Retention Schedules Regulation in the National Archives Law, which was

-

developed

to

regulate

the

public archive, not personal data.

There is no specific rule in PDPES

that

gives authority

to a

stare institution to supervise this system. To effectively implement legislation, a

supervision mechanism

would

be required, as well as a legal instrument

which.

g4overns

personal

data

protectlon.

According to the 'data localisation' requirement in the draft governmental

regulation

(under

which

this ministerial regulation is made) the'data

centre and disaster recovery centre'

must

be

located

on

Indonesian territory. This drafr is still rentative because the Ministry is in the process of receiving input from the public.

The Draft Minlstry Regulation will operate as follows':

1.

Protected personal data

Personal data refers to any true and real information that can be direcriy or

indirectly identified as relaring to an individual,

to

be used

in

accordance with existing regulation.

2.

Data collection and processing The PDPES includes protection of the collection, processing, analysing, storing, notification, transmission, dissemination

and

destruction of Personal Daa.

Personal data shall be processed only if:

(a) Data subjects have given their consent

(b) Personal

data

obtained and

collected directly must be verified

by the data subject

(c) Personal

data

obtained

and collected indirectly musr be verified

based on various sources

(d) Personal

data

may

only

be

processed and analysed accordihg

to the

needs/purpose

of

the Electronic Systems Operator rhat have been stated clearly when obtaining and collecting the data.

3.

Retention

Electronic Systems operators may

store personal data for 5 years or more

or iq

accordance

with

applicable

regulations.o

4.

Responsibility

of

electronic

system administrator/management Each Electronic System Operator

must have internal rules to carry out the process and ensure the protection of personal data. n

5.

The rights of Eata subjects:

a.

The

confidentiality

of

their personal data

b.

The right to file a complaint with the personai data dispute resolution institutions for failure of personal data confidentiality protection by

the Operator Electronic Systems, and the right to sue in a civil court

c.

The right to reclaim one's personal data, when

the

services

of

an Electronic System Operator are no longer needed

d. The rigEt

to

access

and

the opportunity to"'change or update

personal dam without disturbing

personal data

management

systems.

5.

The

responsibility

controllers

of

data

a.

To maintain the confidentiaiity of

personal da''a that

it

has obtained, collected, processed and analysed

b.

To process personal data only in accordance with the purposes for

which it was collected

Jurnal Penelitian Hukum DE JURE, ISSN 1410-5632 Vol. 15 No. 2, Juni 2015 : 1 - 21

1

PRIVASI ATAS DATA PRIBADI : PERLINDUNGAN HUKUM DAN BENTUK PENGATURAN DI INDONESIA

(Personal Data Privacy : Legal Protection And Forms Of Regulations In Indonesia)

Sinta Dewi Rosadi

Fakultas Hukum, UNPAD Jl. Dipati Ukur, No. 35, Bandung 08156282932, Email: sintadewirosadi@yahoo.com

Tulisan diterima 4-5-2015, Revisi 26-5-2015, Disetujui diterbitkan

ABSTRACT

As a form of innovation, information and communication technology have now been able to conduct the collection, storage, sharing and analyzing the data where it can not be imagined previously, the activity has also resulted in various sectors of life to use information technology systems, such as the implementation of electronic commerce (e-commerce ) in trade / business, electronic education (e-education) in the field of education, eletornic health (e-health) in the health sector, electronic government (e-government) in the field of government coupled with the development of cloud computing industry or the use IOT (Internet of Things) through the advancement of information and communication technology that it is possible to do retrieval, storage, distribution and sale and purchase of personal data widely without the owner's consent in using data both online and offline. Within 5 (five) years there has been a lot of privacy breaches on personal data , giving rise to many public complaints and raised a number of cases have shown that the leakage of personal data ranging from names, phone numbers,, electronic mail addresses until all the personal data of citizens has been controlled by unauthorized parties. This article as a result of several studies conducted that aims to examine in depth about the urgency of the protection of personal data privacy laws in Indonesia because during now in Indonesia the form of protection is sectoral and unharmonized therefore the level of protection is very minimal and unable to provide maximum protection . Research conducted using the method yuridis- normative, empirical method and futurology legal method. The goal is finding the most appropriate form of regulation to be applied in Indonesia that will provide even more protection especially privacy laws on personal data . The purposes of the research is to provide the theoretical contribution of the study on personal data privacy law and in practice to provide recommendations to the Government in drafting the Protection of Personal Data Act. The conclusion is a forms protection the privacy of personal data that is appropriate for Indonesia is through the Co-Regulatory approach which will gives a similar role both to the government and businesses to protect personal dat aprivacy that are expected to provide maximum protection against all parties.The recommendations is to encourage the government of Indonesia to draft personal data bill in order to provide maximum legal protection.

Keywords : Privacy, Personal Data, Form of Protection

ABSTRAK

Sebagai suatu bentuk inovasi, teknologi informasi dan komunikasi sekarang telah mampu melakukan pengumpulan, penyimpanan, pembagian dan penganalisaan data dimana hal tersebut tidak dapat dibayangkan sebelumnya, aktivitas tersebut juga telah mengakibatkan berbagai sektor kehidupan memanfaatkan sistem teknologi informasi, seperti penyelenggaraan electronic commerce (e-commerce) dalam sektor perdagangan/bisnis, electronic education (e-education) dalam bidang pendidikan, eletornic health (e-health)

Jurnal Penelitin Hukum

De Jure

No:511/Akred/P2MI-LIPI/04/2013

Privasi Atas Data Pribadi: Perlindungan Hukum dan Bentuk Pengaturan... (Sinta Dewi Rosadi)

2

ditambah dengan perkembangan industri komputasi awan atau cloud computing atau penggunaan IOT (internet of things) melalui kemajuan teknologi informasi dan komunikasi tersebut maka dimungkinkan dilakukan pengambilan, penyimpanan, penyebaran dan jual beli data pribadi secara luas tanpa adanya persetujuan pemilik data baik yang dilakukan secara

online maupun offline. Dalam 5 (lima) tahun terakhir telah terjadi banyak pelanggaran privasi atas data pribadi masyarakat sehingga menimbulkan banyak keluhan masyarakat dan sejumlah kasus timbul telah memperlihatkan bahwa kebocoran data pribadi mulai dari nama, nomor telepon selurel, alamat surat elektronik hingga seluruh data pribadi warga sudah dikuasai oleh pihak yang tidak berhak. Artikel ini , ini adalah hasil dari beberapa penelitian yang dilakukan yang bertujuan untuk menelaah secara mendalam tentang urgensi perlindungan hukum privasi atas data pribadi di Indonesia karena selama ini pengaturannya bersifat sektoral dan tidak ada harmonisasi yaitu dengan pengaturan yang berbeda-beda dan sangat minimal sehingga belum dapat memberikan pengaturan yang maksimal. Penelitian yang dilakukan menggunakan metoda yuridis- normatif- empiris dan metode penelitian

futurologi . Tujuan yang ingin dicapai yaitu menemukan bentuk pengaturan yang paling tepat untuk diterapkan di Indonesia sehingga akan lebih memberikan perlindungan hukum privasi khusunya atas data pribadi masyarakat. Kegunaan adalah untuk memberikan sumbangan secara teori tentang kajian hukum privasi atas data pribadi dan secara praktik memberikan rekomendasi kepada Pemerintah dalam menyusun RUU Perlindungan Data Pribadi. Isi pembahasan memaparkan pentingya perlindungan dengan memperhatikan potensi kerugian. Kesimpulan adalah bentuk perlindungan privasi atas data pribadi yang tepat untuk Indonesia adalah melalui pendekatan Co-Regulatori yaitu memberi peranan yang sama kepada pemerintah dan pelaku bisnis untuk melakukan pengaturan dan perlindungan sehingga diharapkan dapat memberikan perlindungan yang maksimal terhadap semua pihak. Saran adalah segera disusun undang-undang perlindungan data pribadi sehingga dapat memberikan perlindungan maksimal bagi masyarakat Indonesia.