ARTICLE
2 September 2024

Indonesia Data Protection: What Categories And Types Of Personal Information Are Covered By The Law?

S
SSEK Law Firm

Contributor

SSEK Legal Consultants was formed in 1992 and today is one of the largest corporate law firms in Indonesia. SSEK offers the full suite of corporate and commercial services across a range of practice areas. We have the experience and expertise to handle the largest, most complex cross-border transactions and projects in Indonesia.
Pursuant to Law No. 27 of 2022 regarding Personal Data Protection (PDP Law), personal data is understood as all data concerning a person, whether identified or who may be identified independently or when combined with other information, either directly or indirectly, through an electronic or non-electronic system.
Indonesia Privacy

Pursuant to Law No. 27 of 2022 regarding Personal Data Protection (PDP Law), personal data is understood as all data concerning a person, whether identified or who may be identified independently or when combined with other information, either directly or indirectly, through an electronic or non-electronic system.

The PDP Law recognizes two types of personal data, namely general personal data and specific personal data, which is personal data that, if processed, may have a greater impact on the personal data subject, including discrimination and enhanced losses.

Specific personal data consists of data regarding:

  • health;
  • biometric data;
  • genetic data;
  • criminal record;
  • children's data;
  • personal financial data; and
  • any other data as may be applicable.

General personal data includes a person's full name, gender, nationality, religion, marital status and personal data that may be combined to identify a person.

In addition, the Electronic Information Law (Law No. 11 of 2008 regarding Electronic Information and Transactions, as amended by Law No. 19 of 2016) defines personal data as certain personal data that is stored or cultivated, with its accuracy maintained and confidentiality protected.

Government Regulation No. 71 of 2019 regarding the Provision of Electronic Systems and Transactions further defines personal data as any data relating to an identified or identifiable person, whether on its own or when combined with other information, directly or indirectly, through electronic and non-electronic systems.

Extraterritoriality

The PDP Law provides that it is extraterritorial in scope and extends beyond Indonesia's borders if individuals or entities residing outside of Indonesia engage in actions that have legal implications within Indonesia's jurisdiction or affect Indonesian personal data subjects located outside of Indonesia. Nevertheless, we are unaware of any instances where the Indonesian government has enforced or sought to enforce personal data protection regulations on entities operating beyond the borders of Indonesia.

Excerpted from Lexology Panoramic: Data Protection & Privacy 2024, published by Law Business Research.

Find the Indonesia chapter of Lexology Panoramic: Data Protection & Privacy 2024 here.

Further reading:

What Are the Consequences of Breaches of Data Protection Law in Indonesia?

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

Mondaq uses cookies on this website. By using our website you agree to our use of cookies as set out in our Privacy Policy.

Learn More