In these past years, there has been an ongoing issue on the significance of data protection in Indonesia. It is related to how people from different ages and social status interact and access public information and services through the internet, raising potential harmness to the individual itself. Then, a question arises on how do we define a private life as an object that is rightful to have to an individual. Indonesia's constitution, Undang-Undang Dasar Negara Republik Indonesia 1945 (UUD NRI 1945) gives us a perspective on this matter. By providing a legal standing on the protection of the right to respect for one's privacy which is identified as more sensitive and can be seen as personal rights.
Article 28G UUD NRI 1945;
“Every person shall be entitled to protection of his/ her own person, family, honor, dignity, and property under his/her control, as well as be entitled to feel secure and be entitled to protection against threat of fear to do or omit to do something being his/her fundamental right.”
This article also gives Indonesian citizens the freedom to protect and/or to share its personal data, private information and its privacy. The vast development of technology in this era has driven the people to be aware that every human has the right to an enjoyment of their own life, as stated by Warren dan Brandhei. Moreover, this awareness should have grown and understood not only by the citizens but also by the government and other entities like companies who got involved in collecting, managing, analyzing, keeping, revising, displaying, and announcing Indonesian citizens’ personal data.
The Law No. 27 of 2022 regarding Personal Data Protection (Undang-Undang No. 27 Tahun 2022 / Law PDP) gives definition to Personal data, which specifically includes personal financial data. This not-so-new law gives definition to Personal data, which specifically includes personal financial data. In the Article 12 of this law also specify the rights of payment of damages against corporations violating the PDP Law provision. Although the related Government Regulation (Peraturan Pemerintah / PP) for the payment of damages mechanism is still in draft, in this case, financial institutions should be aware of and ensure that their customer data is well-secured and have risk mitigation in case of data breach occurrence.
The obligation to protect bank secrecy that includes customer financial data as personal financial data by a financial institution, namely bank and other affiliated parties,are legally binding on article 14 number 37 of Law 4 year 2023 on Financial Sector and Development and Strengthening (Undang-Undang No. 4 Tahun 2023 tentang Pengembangan dan Penguatan Sektor Keuangan / UU P2SK ) and its protection is divided in preventive and repressive action. Despite this duty and its exception, bank secrecy which includes one personal financial data could be revealed by request, approval or the power of bank customers. If one’s customer data is breached, as defined on explanation of Article 46 paragraph (1) of the PDP Law, the related bank should be identified as having failure in protecting personal financial data.
Furthermore, in revealing bank secrecy, a trending issue has been growing on the sharing of bank secrecy with the involvement not only within a country, but also with banks around the world. An example of this, the Organization for Economic Cooperation and Development (OECD) initiated a program namely Automatic Exchange of Information (AEoI) with the vision of reducing tax avoidance practices. This AEoI program runs by exchanging infortax-related financial information, which is carried out periodically, automatically and comprehensively so that citizens from one country could open a bank in another.
The financial industries and other related parties should really pay attention to this matter, since there will be foreign elements in the contracts and thus private international law should apply in this case. In one hand, the Indonesian Financial Services Authority (Otoritas Jasa Keuangan / OJK) has enacted a regulation which is POJK NoNumber mor 25/POJK.03/2015 and the Indonesian ministry of finance has also signed to Multilateral Competent Authority Agreement (MCAA). Although so, on the other hand, it should be highlighted that the choice of forum and the choice of law regarding the settlement and mechanism of payment damages in personal financial breach have not been regulated in the Indonesian positive law.
Many people tend to argue on how to define non-material damages rather than discussing how someone should be charged on payment of material damage rightfully. Although its right for bank customers to claim this kind of damage, it has been given through Law PDP but it does not mention explicitly what kind of material damage or how should the law violators payback for its unlawful action. To compare, the European Union General Data Protection Regulation (GDPR) Article 8A2, that can cover various material damage, for example pecuniary losses from fraudulent transactions as a result of data breach. One example is the case of Grinyer v Plymouth Hospitals NHS Trust (2012), the court awarded the claimants pecuniary loss’ and in addition some travel costs as the consequence of the claimant’s serious mental health due to the data breach.
In spite of the legal vacuum on this issue, there is expectation for the government to set up an authority regarding data protection before its enactment in October 2024. The Financial Services Authority (OJK) together with the official Indonesian Bank must also work together and if needed sign a Memorandum of Understanding, regarding the dispute settlement process in personal financial data breach. Not only, a stronger codified regulation on the protection is needed for deposit customers (kreditor) but also for debt customers (debitor). Finally, the advice to the Indonesian government should continue monitor and report any development such as revision on implementing regulations under the Law PDP. By revising and providing a clear norm for this matter which is necessary for law, Indonesian citizens could enjoy their rights to their private life, resulting in an orderly and lawful citizens, bringing a fortune to the country itself.
Sources:
1. Andrew Jones, “How much are personaldata breach claims really worth?”, https://beale-law.com/article/how-much-are-personal-data-breach-claims-really-worth/,Beale-law.com (Online), April 2022, accessed on 21st July 2024.
2. Bruggink, JJ. H, Arief Sidharta (Penerjemah), Refleksi Tentang Hukum, Citra Aditya Bhakti, Bandung, 2015.
3. Colin Monaghan, Anthony Strogen, “ Data Breach Claims and Financial Institutions”, https://www.mhc.ie/latest/insights/data-breach-claims-and-financial-institutions, Mhc.ie (Online), May 1st 2024, accessed on 19th July 2024.
4. Fahrurrozi, R., Murwadji, T., Rukmini, M., “Problematika Pengungkapan Rahasia Bank Antara Kepentingan Negara Dan Perlindungan Kepada Nasabah”, Jurnal Esensi Hukum, 2(1), 77-96. https://doi.org/10.35586/esensihukum.v2i1.22, accessed on 20th July 2024.
5. Fikri Mursyid Salim, “Lankah Hukum Jika Data Keuangan Nasabah Bocor”, https://www.hukumonline.com/klinik/a/langkah-hukum-jika-data-keuangan-nasabah-bocor-lt653e1e9d6d9c4/, Hukumonline.com (Online), 8th January 2024, accessed on 20th July 2024.
6.Gautama, Sudargo, Pengantar Hukum Perdata Internasional: Edisi, Jil. 1, Bandung Alumni, 197
7. Kadek Rima Anggen Suari, I Made Sarjana, “Menjaga Privasi di Era Digital: Perlindungan Data Pribadi di Indonesia”, Jurnal Ilmu Hukum: Fakultas Hukum & Ilmu Sosial UNDIKNAS | ISSN Online:2620-4959, accessed on 19th July 2024.
8. Kresna Panggabean, Jeremiah Purba, Tias Karina, “Highlights of Indonesia's personal data protection law”, Nortonrosefullbright.com (Online), October 2022, accessed on 19th July 2024.
9. Panchapawn Chatsuwan, et.al., “ Personal data protection compliance assessment: A privacy policy scoring approach and empirical evidence from Thailand's SMEs”, Heliyon Journal, https://doi.org/10.1016/j.heliyon.2023.e20648, accessed on 19th July 2024.
10. Rizky Fahrurrozi, Tarsisius Murwadji, Mien Rukmini, “Problematika Pengungkapan Rahasia Bank Antara Kepentingan Negara dan Perlindungan Nasabah”, Jurnal Esensi Hukum Magister Hukum Universitas Pembangunan Nasional Veteran Jakarta, Volume 2 No. 1 Bulan Juni Tahun 2020 E-ISSN : 2716 https://journal.upnvj.ac.id/index.php/esensihukum/index, accessed on 20th July 2024.
Baca konten-konten menarik Kompasiana langsung dari smartphone kamu. Follow channel WhatsApp Kompasiana sekarang di sini: https://whatsapp.com/channel/0029VaYjYaL4Spk7WflFYJ2H
