In the midst of the Covid-19 pandemic, on November 24, 2020, the Government through the Minister of Communication and Informatics of the Republic of Indonesia (hereinafter abbreviated as Kominfo), promulgated Regulation of the Minister of Communication and Informatics No. 5 of 2020 concerning the Private Electronic System Operators (hereinafter abbreviated as PM Kominfo/MR 5/2020).
The provisions of PM Kominfo/MR 5/2020 have only one consideration, namely: “that in order to meet regulatory needs in the operation of the electronic system in the private sphere, as well as to implement the provisions of Article 5 paragraph (3), Article 6 paragraph (4), Article 97 paragraph (5), Article 98 paragraph (4), and Article 101 of Government Regulation Number 71 of 2019 concerning the Implementation of Electronic Systems and Transactions, it is necessary to stipulate a Regulation of the Minister of Communication and Informatics concerning the Private Electronic System Operators.”
This is certainly shocking that in the midst of public pressure of immediate completion of the discussion and ratification of the Personal Data Protection Bill, it turns out that the government instead regulates more technically related electronic systems in the private sphere. For this is the private sphere, of course, there will be legal consequences as well as problems that are very likely to occur, especially the impact that arises from not only the aspects of rules that do not comply with standards, legal theory or principles, but also from basic problems of freedom and human rights, in particular, in the realm of digital or online.
We know that the private sphere is a fundamental part of human rights, which under international human rights law has its own regulations, especially the right to privacy (privacy rights). Protection of personal rights itself has such a broad dimension or scope and cannot be simplified as a right that is easily limited, even though its position is as derogable rights (qualification of rights that can be limited). The right to internet access is a human right (internet rights). Often it is also called the right to access digital technology (digital rights). The two have become very close in human life in this century, that is why the UN Human Rights Council has stated in its resolution.2
After conducting a legal analysis of PM Kominfo/MR 5/2020, SAFEnet assessed the following:
1. The substance of PM Kominfo/MR 5/2020 contains content that includes the regulation of digital rights, including the restrictions. Considering the privacy rights, it is clear: (a) in fact, the substance or content thereof exceeds the limits given in Law 12/2011, because the content of the PM Kominfo is limited to the framework of “administering certain functions in the government”. (b) This is concrete form of arbitrariness in the formation of laws and impacts on the potential for violations of basic rights or legalized human rights.
2. The provisions in PM Kominfo/MR 5/2020 contain content that is potentially contrary to article 12 of the Universal Declaration of Human Rights and article 17 of the International Covenant on Civil and Political Rights, especially based on how it places personal data in a private ESO which is so easy to be accessed by the authorities with interests which up to now under two basic things, namely: (a) the absence of independent supervision in obtaining access to personal data; (b) In practice, personal data are often misused, especially by bureaucratic law enforcement and law enforcement officials.
3. The three-part test has not been strictly regulated in the legal mechanism in PM Kominfo/MR 5/2020, so practically, this arrangement opens up space for violations of human rights, particularly the right to privacy.
4. In PM Kominfo/MR 5/2020, 65 keywords of “Access Termination” are found, both interpreted as access blocking and takedown. This signifies at least two things, a) the potential for limiting rights or freedoms, and very likely to interfere with the interests of electronic system operators in the private sphere, especially if not for legitimate and disproportionate reasons; b) the standard of limitation, especially in the issue of termination of access, needs to be seen in-depth to what extent guarantees protection of rights, including whether or not there is an adequate mechanism for complaints (this is called the grievance mechanism in access to justice for public services).
5. The phrase ‘prohibited’ in Article 9 paragraphs (3) and (4) actually has a very wide range and its interpretation opens up space for debate, especially if there is a conflict of interest of State Institutions or law enforcement officials. For example, what is meant by “public disturbance”, what is the standard or measure, who has the authority to determine it, and what if the public feels that it is not part of what is called “disturbing the society”.
6. With regard to Chapter IV, Article 14, regarding requests for termination of access, it is necessary to consider the restriction standards stipulated in article 19 paragraph (3) of the ICCPR, including considerations of the General Comment of the Human Rights Committee, No. 34.
7. PM Kominfo/MR 5/2020 may force all ESO from various social media platforms, online-based service provider to submit and accept domestic or local jurisdiction, both for content and the use of content in daily practices. In this context, it is clear that the direction of policies and regulations through PM Kominfo/MR 5/2020 is actually to make Indonesia a region that requires private PSE to register and submit itself to the domestic/national legal system. The legal framework for such obligations actually weakens the position of protection of all social media platforms, applications, and other online service providers, especially to accept domestic/national jurisdiction over user data content and policies and practices. Such a legal framework becomes a repressive instrument that would contradict or even violate human rights.
Considering the results of the legal analysis, SAFEnet’s recommendations to the Minister of Communication and Informatics are:
- (1) To arrange legislation and regulations as the core and basic provisions are not yet sufficiently single and intact in regulating, as associated with the plan on the Personal Data Protection Bill. The current regulations are still rife, and it is not clear that the scope of the responsibilities is understood. This means that it requires a more comprehensive and protective arrangement.
- (2) In this regard, it is hoped that the progressive efforts of the personal data protection law can become a common ground in determining the direction of the changes, including affirming the principles, mechanisms, procedures, channels of complaints about the restrictions imposed, given the urgency of the scope and level it is also necessary to affirm the legislation.
- (3) The government also needs to ensure the protection of privacy or personal rights, including within the scope of private ESO, so that the integrated rules related to the laws governing the protection of personal data can become the master regulation.
- (4) It is also necessary to ensure public involvement in policy development or the formation of relevant laws and regulations, even though legal products are part of the authority of the executive pillar.