J
urna
I
Qene
fitian
ffu
RA*
DE JURE
JPHDJ
Volume15 Nomor2
No. Halaman
163 - 328 Juni 2015 Jakarta
ISSN: 1410 - 5632
Terakreditas i LIPI No. 5 i I I ltlcJ e dlP 2MI-LPI/04 I Z0 I 3
IKATAN PENELITI HUKUM INDONESIA
furnol Penelitinn lIuhum
(DgJurg#{:l!ii,'*1li":{",:,y,yi:'"d/p2Mr-Lnr/04/2013
DAFTAR ISI
DAFTAR
IsI
Halaman
ADVERTORIAL
KUMPUTAN ABSTRAK
Privasi
Atas Data Pribadi : Perlindungan Hukum DanBentuk
PengaturanDilndonesia (personal data privacy
:
legalprotectionandforms of regulationsintndonesia)...
163-183Sinta Dewi Rosadi
Perlindungan Konsumen Dalam Jual Beli Secara Online Melalui Media Elektronik (E-Commerce) Consumer Protection
In
Online Purchase Through EleitronicMedia
(E-Commerce)...
185-198Sabungan Sibarani
Penetapan Direksi Perseroan BUMN Sebagai Pelaku Tindak Pidana Konrpsi Yang
Merugikan Keuangan Negara (Detennination
of
Directorsof
The Companyas Actors Soe Corruption Harm The Financial
State)...
....
199-ZlB Henry Donald Lbn. ToruanNetralitas Birokrasi Dalam Rangka Pemberantasan Korupsi(Bureaucratic Neutrality
in the Context of Anti-Corruption
Efforts)...
... 219-229 Eko Noer KristiyantoOptimalisasi
Kinerja
f"iuUut Publik Sebagai Strategi Pencegahan Korupsi .Di Indonesia (Performance Optimization as a Public Official Corntption PreventionStrategt in
Indonesia)
...231-249Nevey Varida
Ariani
Implementasi Pasal 35 Uncac Dalam Undang-Undang Tindak Pidana Korups6
(Implementation of Articel 35 UNCAC in the Criminal Corruption AcL...
zst-zal
Rooseno
Upaya Pemerintah Dalam Pencegahan dan Penanganan Tindak Pidana Perdagangan
Perempuan Dan Anak Yang Menjadi Korban Eksploitasi Seksual (Government
Efforts
in
Crime Prevention and Handling Perdagangan Perempuan and ChildrenBecome Victims of Sexual
Exploitation)....
269-290 Diana YusyantiKonsistensi Penggunaan Dan Pemanfaatan Tanah Dalam Penataan Ruang Kawasan
Perkotaan (consistency ofuse and land use planninginurban areas
room)
291-305Yul Ernis
Penataan Ruang Dalam Kerangka otonomi Daerah (living arrangement in the
Framework of regional
autonomy\..
... ..:... .. . .. ...307-321Melok Karyandani
DAFTAR RTWAYAT HIDUP 323-325
TEGISLATION
lndonesia
issues
draft
Ministerial
Regulation
on
Data
Protection
By
Sinta Dewi
Rosadi.
A
lthough mobile traffic dataA;,n;
i$'ji
::
ilT::::,;'ff;
legal protection {or such digital-based
activities is still weak. Currently there are no specific rules that ensure the
protection of users' dataprivacy. \fith a
wide range
of
applications, users are asked to provide their address, mobilephone number and credit card number
-and those details will be recorded. No less important is that data conrollers process data
on
transactions, travelroutes,
user
habits, patterns of communications and data about user activity in the context of a variety of applicationsor
Internet pages. Toaddress these developments, Indonesia's
Ministry
of
Communications and Informatics (Infocom) has drafted Ministerial Regulationson
PersonalData Protection (PDPES) in Electronic
Systems as an implementing regulation
based on Governmenr Reguiation No.
82/2A12
on
Electronic TransactionSystems.2 Ministry regulations are a
lower
form of
legislation thanGovernment regulations
or
Acts of Parliament. The PDPES will cover basicprotection mechanisms such as the rights
of data subjects, user liabiliry liabiliry for operators of electronic systems; dispute resolution, public participation and adrninistrative sancrions.
A
publicconsultation was completed in July, but it is not certain when the final Regulation will be released.
The
draft
regulation deserves attention because for the first time thegovernment of Indonesia will issue a
specific regulation on protection of
personal
data.
However,it
is regretmble that PDPESwill
overlapwith
the Personal DataBill
beingprepared
by
another Directorate in Infocom.A
ministerial regulation isnot
compatiblevdth
Indonesia'sConstitution, according
to
which personal data protection is part of the Privacy Right which is protecred bythe Constitution and considered as a
fundamental righq therefore requiring an Act' rather than the lesser form of a
Ministerial Regulation.
It
may also becriticised
on other
grounds. ThePDPES does not clearly stipulate its scope (individuals
or
legal entities;public
and/or private
secrors),although
it
doesonly
apply ro'E,lectronic System Operators'. The regulation only applies minimum basic data protection principles such as
consent, right to verified content, and
right
to
access and correction. The regulation requires data subjecrs' written consent, but does not clearly stipulate whether the rnechanism to be used is opt-in or opt-out.The data rerenrion period is long under PDPES (5 years); this
is
inaccordance
with the
National Retention Schedules Regulation in the National Archives Law, which was-
developedto
regulatethe
public archive, not personal data.There is no specific rule in PDPES
that
gives authorityto a
stare institution to supervise this system. To effectively implement legislation, asupervision mechanism
would
be required, as well as a legal instrumentwhich.
g4overnspersonal
dataprotectlon.
According to the 'data localisation' requirement in the draft governmental
regulation
(under
which
this ministerial regulation is made) the'datacentre and disaster recovery centre'
must
be
locatedon
Indonesian territory. This drafr is still rentative because the Ministry is in the process of receiving input from the public.The Draft Minlstry Regulation will operate as follows':
1.
Protected personal dataPersonal data refers to any true and real information that can be direcriy or
indirectly identified as relaring to an individual,
to
be usedin
accordance with existing regulation.2.
Data collection and processing The PDPES includes protection of the collection, processing, analysing, storing, notification, transmission, disseminationand
destruction of Personal Daa.Personal data shall be processed only if:
(a) Data subjects have given their consent
(b) Personal
data
obtained andcollected directly must be verified
by the data subject
(c) Personal
data
obtained
and collected indirectly musr be verifiedbased on various sources
(d) Personal
data
may
only
beprocessed and analysed accordihg
to the
needs/purposeof
the Electronic Systems Operator rhat have been stated clearly when obtaining and collecting the data.3.
RetentionElectronic Systems operators may
store personal data for 5 years or more
or iq
accordancewith
applicableregulations.o
4.
Responsibilityof
electronicsystem administrator/management Each Electronic System Operator
must have internal rules to carry out the process and ensure the protection of personal data. n
5.
The rights of Eata subjects:a.
The
confidentialityof
their personal datab.
The right to file a complaint with the personai data dispute resolution institutions for failure of personal data confidentiality protection bythe Operator Electronic Systems, and the right to sue in a civil court
c.
The right to reclaim one's personal data, whenthe
servicesof
an Electronic System Operator are no longer neededd. The rigEt
to
accessand
the opportunity to"'change or updatepersonal dam without disturbing
personal data
managementsystems.
5.
The
responsibilitycontrollers
of
dataa.
To maintain the confidentiaiity ofpersonal da''a that
it
has obtained, collected, processed and analysedb.
To process personal data only in accordance with the purposes forwhich it was collected
Jurnal Penelitian Hukum DE JURE, ISSN 1410-5632 Vol. 15 No. 2, Juni 2015 : 1 - 21
1
PRIVASI ATAS DATA PRIBADI : PERLINDUNGAN HUKUM DAN BENTUK PENGATURAN DI INDONESIA
(Personal Data Privacy : Legal Protection And Forms Of Regulations In Indonesia)
Sinta Dewi Rosadi
Fakultas Hukum, UNPAD Jl. Dipati Ukur, No. 35, Bandung 08156282932, Email: sintadewirosadi@yahoo.com
Tulisan diterima 4-5-2015, Revisi 26-5-2015, Disetujui diterbitkan
ABSTRACT
As a form of innovation, information and communication technology have now been able to conduct the collection, storage, sharing and analyzing the data where it can not be imagined previously, the activity has also resulted in various sectors of life to use information technology systems, such as the implementation of electronic commerce (e-commerce ) in trade / business, electronic education (e-education) in the field of education, eletornic health (e-health) in the health sector, electronic government (e-government) in the field of government coupled with the development of cloud computing industry or the use IOT (Internet of Things) through the advancement of information and communication technology that it is possible to do retrieval, storage, distribution and sale and purchase of personal data widely without the owner's consent in using data both online and offline. Within 5 (five) years there has been a lot of privacy breaches on personal data , giving rise to many public complaints and raised a number of cases have shown that the leakage of personal data ranging from names, phone numbers,, electronic mail addresses until all the personal data of citizens has been controlled by unauthorized parties. This article as a result of several studies conducted that aims to examine in depth about the urgency of the protection of personal data privacy laws in Indonesia because during now in Indonesia the form of protection is sectoral and unharmonized therefore the level of protection is very minimal and unable to provide maximum protection . Research conducted using the method yuridis- normative, empirical method and futurology legal method. The goal is finding the most appropriate form of regulation to be applied in Indonesia that will provide even more protection especially privacy laws on personal data . The purposes of the research is to provide the theoretical contribution of the study on personal data privacy law and in practice to provide recommendations to the Government in drafting the Protection of Personal Data Act. The conclusion is a forms protection the privacy of personal data that is appropriate for Indonesia is through the Co-Regulatory approach which will gives a similar role both to the government and businesses to protect personal dat aprivacy that are expected to provide maximum protection against all parties.The recommendations is to encourage the government of Indonesia to draft personal data bill in order to provide maximum legal protection.
Keywords : Privacy, Personal Data, Form of Protection
ABSTRAK
Sebagai suatu bentuk inovasi, teknologi informasi dan komunikasi sekarang telah mampu melakukan pengumpulan, penyimpanan, pembagian dan penganalisaan data dimana hal tersebut tidak dapat dibayangkan sebelumnya, aktivitas tersebut juga telah mengakibatkan berbagai sektor kehidupan memanfaatkan sistem teknologi informasi, seperti penyelenggaraan electronic commerce (e-commerce) dalam sektor perdagangan/bisnis, electronic education (e-education) dalam bidang pendidikan, eletornic health (e-health)
Jurnal Penelitin Hukum
De Jure
No:511/Akred/P2MI-LIPI/04/2013
Privasi Atas Data Pribadi: Perlindungan Hukum dan Bentuk Pengaturan... (Sinta Dewi Rosadi)
2
ditambah dengan perkembangan industri komputasi awan atau cloud computing atau penggunaan IOT (internet of things) melalui kemajuan teknologi informasi dan komunikasi tersebut maka dimungkinkan dilakukan pengambilan, penyimpanan, penyebaran dan jual beli data pribadi secara luas tanpa adanya persetujuan pemilik data baik yang dilakukan secara
online maupun offline. Dalam 5 (lima) tahun terakhir telah terjadi banyak pelanggaran privasi atas data pribadi masyarakat sehingga menimbulkan banyak keluhan masyarakat dan sejumlah kasus timbul telah memperlihatkan bahwa kebocoran data pribadi mulai dari nama, nomor telepon selurel, alamat surat elektronik hingga seluruh data pribadi warga sudah dikuasai oleh pihak yang tidak berhak. Artikel ini , ini adalah hasil dari beberapa penelitian yang dilakukan yang bertujuan untuk menelaah secara mendalam tentang urgensi perlindungan hukum privasi atas data pribadi di Indonesia karena selama ini pengaturannya bersifat sektoral dan tidak ada harmonisasi yaitu dengan pengaturan yang berbeda-beda dan sangat minimal sehingga belum dapat memberikan pengaturan yang maksimal. Penelitian yang dilakukan menggunakan metoda yuridis- normatif- empiris dan metode penelitian
futurologi . Tujuan yang ingin dicapai yaitu menemukan bentuk pengaturan yang paling tepat untuk diterapkan di Indonesia sehingga akan lebih memberikan perlindungan hukum privasi khusunya atas data pribadi masyarakat. Kegunaan adalah untuk memberikan sumbangan secara teori tentang kajian hukum privasi atas data pribadi dan secara praktik memberikan rekomendasi kepada Pemerintah dalam menyusun RUU Perlindungan Data Pribadi. Isi pembahasan memaparkan pentingya perlindungan dengan memperhatikan potensi kerugian. Kesimpulan adalah bentuk perlindungan privasi atas data pribadi yang tepat untuk Indonesia adalah melalui pendekatan Co-Regulatori yaitu memberi peranan yang sama kepada pemerintah dan pelaku bisnis untuk melakukan pengaturan dan perlindungan sehingga diharapkan dapat memberikan perlindungan yang maksimal terhadap semua pihak. Saran adalah segera disusun undang-undang perlindungan data pribadi sehingga dapat memberikan perlindungan maksimal bagi masyarakat Indonesia.