The digital era is commonly known by the many uses of the Internet, which supports many people to do things efficiently, with just one hand. Many people use the Internet for various purposes, such as making friends on social media, doing work, shopping online, and other essential things. Based on data for 2020, it shows that internet users reach 4.5 billion people in the world. It indicates that more than 50 per cent of the world's population are internet users, including Indonesia, with 196.7 million internet users.
This era has significant impacts on many people. They can sell anything, loan online, or even learn online using platforms that are available and easy to download. They also take advantage of this era to look for income, such as being a content creator on Youtube, Instagram or Tiktok. Based on data, Indonesia has a significant record on Youtube because 600 Youtube channels have 1 million subscribers. Moreover, there are 600 new videos uploaded on Youtube in 1 minute.
Behind the positive impacts of this era, it has adverse effects, such as Identity theft and Identity leak of platform users. Identity theft, a new thing in the digital technology era, is a crime committed by people by taking other people's private data such as name, identification number (KTP), location data, physical, genetic, mental, economic, cultural data and other social identities.
Identity theft and Identity leak initially occur when someone registers on one of the platforms on the Internet. They provide their data so that the data can be stolen and can be leaked to the public. When the data is leaked to the public, a person's right to privacy, security and comfort will be disturbed and can even be misused for criminal purposes.
Some leaking cases of personal data that have occurred in Indonesia, such as one of the largest online shopping platforms in Indonesia, which has experienced consumer data leaks so that tens of millions of customer data has been leaked to the public. Platform users also frequently receive text messages offering credit and online loans from unknown numbers. These examples prove that the leakage of personal data in the digital era is very vulnerable to occur.
Indonesia has been regulating the protection of personal data in Electronic Information and Transactions Act No. 19 of 2016 (UU ITE), Government Regulation of Administration of Electronic Transactions and Systems No. 71 of 2019, and Regulation of the Minister of Communication and Information Technology of the Republic of Indonesia concerning Personal Data Protection in Electronic Systems No. 20 of 2016.
The Electronic Information and Transactions Act No. 19 of 2016 (UU ITE) does not contain specific regulations on personal data protection. However, in its provisions, there is Article 26 section (1) and the explanation of Law 19/2016, which reads:
Article 26 section (1) of Act No. 19 of 2016
Unless otherwise stipulated by laws and regulations, the use of any information via electronic media relating to a person's personal data must be made with the consent of that person.
Explanation of Article 26 section (1) of Act No. 19 of 2016:
In the use of Information Technology, personal data protection is one part of personal rights (privacy rights). Personal rights contain the following meaning:
a. Personal rights are the right to enjoy a private life and be free from all kinds of disturbances.
b. Personal right is the right to be able to communicate with other people without spying.
c. Personal right is the right to monitor access to information about a person's personal life and data.
Then Article 32 of of Act No. 19 of 2016, regulates:
1. Each person who knowingly and without rights or against the law in any way changes, adds, reduces, transmits, destroys, removes, moves, hides Electronic Information and/or Electronic Documents belonging to other people or public property.
2. Each person who knowingly and without rights or against the law in any way transfers or transfers Electronic Information and/or Electronic Documents to the Electronic System of another person who is not entitled.
3. The actions as intended in section (1) result in the disclosure of confidential Electronic Information and/or Electronic Documents, which become accessible to the public with the data that is not appropriate.
Violations of these articles are subject to legal traps as referred to in Article 48 of the ITE Law as follows:
1. Everyone who fulfils the elements referred to in Article 32 paragraph (1) shall be sentenced to imprisonment of up to 8 years and/or a maximum fine of 2 billion Rupiah.
2. Every person who fulfils the elements referred to in Article 32 paragraph (2) shall be sentenced to imprisonment of up to 9 years and/or a maximum fine of  3 billion Rupiah.
3. Every person who fulfils the elements referred to in Article 32 paragraph (3) shall be sentenced to imprisonment of not more than ten years and/or a maximum fine of 5 billion Rupiah.
Personal data protection regulations are also regulated in the Regulation of the Minister of Communication and Information Technology of the Republic of Indonesia concerning Personal Data Protection in Electronic Systems No. 20 of 2016. regulates:
Dispute Resolution
Article 29:
(1) Every Personal Data Owner and Electronic System Operator can file a complaint to the Minister regarding the failure to protect the Personal Data's confidentiality.
(2) The complaint, as referred to in paragraph (1), is intended as an effort to resolve disputes by deliberation or through other alternative resolution efforts.
Article 32
(1) To resolve disputes by deliberation or through other alternative resolution efforts, they have not been able to resolve the dispute over the failure to protect the confidentiality of Personal Data, each Personal Data Owner and Electronic System Operator can file a lawsuit for the failure to protect the confidentiality of Personal Data.
(2) The lawsuit, as referred to in paragraph (1), is only in the form of a civil suit and is filed by the statutory regulations' provisions.
However, The Electronic Information and Transactions Act No. 19 of 2016 (UU ITE) and Regulation of the Minister of Communication and Information Technology of the Republic of Indonesia concerning Personal Data Protection in Electronic Systems No. 20 of 2016 (Permenkominfo) are still considered insufficient in scope. In the ITE Law, most criminal threats are only imposed on people who commit a tort against electronic data, namely hackers. Hackers carry out activities in the form of hacking, cracking, phishing, identity theft, and others.
In this problem, users use an electronic platform, then the data entered on the platform is stolen by hackers. But Indonesian regulations only provide criminal threats to hackers. If this happens, law enforcers will find it challenging to find thieves because they are not always in Indonesia and challenging to catch quickly and easily. Consumer data also has the potential to spread to the public. So that consumers are less protected from this problem.
Perkominfo is also less effective because it is not coercive and cannot contain criminal sanctions because only laws are coercive and have criminal sanctions. It also shows that the settlement of disputes over personal data leaks is filing a complaint to the Ministry of Communication and Information Technology with the Alternative Dispute Resolution mechanism. When it does not find a solution, the victim can file a civil claim.
Article 1365 Burgerlijk Wetboek regulates that "every tort that brings harm to other people, obliges the person because of his wrongdoing to issue the loss, to compensate for the loss".
From this article, the elements of tort:
1. there is a tort;
2. there is an error;
3. there is a causal relationship between loss and action;
4. There is a loss.
The four elements must have a causal relationship. The problem here is the difficulty in proving the existence of tort and its errors. Â The easiest way is to find mistakes made by platform providers based on existing regulations, for example, article 28 of No. 20 of 2016 (Permenkominfo), which in principle is a violation of the law of the platform provider to protect its users. But it isn't easy to do.
Based on the explanation of these matters, Indonesia has not had strong regulations to resolve these problems. So cases of Identity theft in Indonesia may continue to be repeated. Therefore, there must be a solution to deal with the situation. Â One possible solution is to approve laws on personal data protection. This law is expected to be a solution because it can regulate personal data protection by applying criminal sanctions.
Many European countries have made regulations on personal data, which are the world's main references through The EU General Data Protection Regulation (GDPR), such as the UK, Portugal, Denmark, France, Ireland, and others. Many Asian countries have also adopted these regulations, including Singapore, Japan, Australia, Taiwan, Thailand, and Malaysia.
The most urgent matter to be regulated in Indonesia is criminal sanctions, not only limited to hackers who steal data but also to platforms that neglect to safeguard their users' data, aiming to fulfill a sense of security. Users submit their data to the platform so that the platform must try to keep the data from being stolen. The expected outcome of personal data protection regulations is a sense of security and comfort in using the platform.
Baca konten-konten menarik Kompasiana langsung dari smartphone kamu. Follow channel WhatsApp Kompasiana sekarang di sini: https://whatsapp.com/channel/0029VaYjYaL4Spk7WflFYJ2H
