Indonesia’s parliament introduced a data privacy law as its first motion months after encountering several violations in the Southeast Asian country.
On Tuesday, Indonesian lawmakers passed the personal data protection bill that had been under deliberation for more than a year. With this law, data handlers could face up to five years in prison for leaking or misusing private information. People who falsify personal data for their earnings could also be jailed for up to six years under the legislation.
In addition, the law provides for fines of up to 2% of the company’s annual turnover in the event of data breaches. Company assets that leak personal data could also be confiscated or auctioned off.
The new law follows a number of data breaches and alleged breaches that have affected not only individuals, but also various businesses and the country’s government. Last year, a contact tracing app leaked Indonesian President Joko Widodo’s COVID vaccine records.
With this new decision, Indonesia has become the fifth country in the Southeast Asian region to have specific personal data protection legislation after Singapore, Malaysia, Thailand and the Philippines.
Like Indonesia, India regularly faces personal data security incidents. The country, however, has not yet introduced personal data protection legislation. Last month, it withdrew its anticipated personal data protection bill that caught the attention of tech giants.