Database

It is reported that there is an arbitrary filtering by Ministry of Communication and Information (MCI/Kominfo) is made using government-promoted systems like DNS Nawala and TRUST Positif. Filtering in Indonesia is reported as unsystematic and inconsistent.

Netflix has been blocked by Telekom Indonesia - Indonesia's biggest internet service provider - which is state-owned. The stated reasons included issues about validity of Netflix's permit and raised concerns about objectionable content: violence and adult content.

It is reported that there is an arbitrary blocking by Ministry of Communication and Information (MCI/Kominfo) using government-promoted systems like DNS Nawala and TRUST Positif. Reddit and videosharing webiste such as Vimeo are blocked.

There is no specific provision in the Copyright Law related to a safe harbor for intermediaries. The law remains uncertain regarding the exact role and liability of Internet Service Providers (ISPs) in relation to copyright breaches.

The sanctions for breaching data privacy are found in the Electronic Information and Transaction Law (EIT Law) and Regulation 82. The EIT Law provides a maximum of 12 years' imprisonment and/or a maximum fine of 12 billion IDR (around 870,000 USD). Imprisonment may be imposed for severe breaches and intentional infringement.
Moreover, failure to comply with Regulation 82 would be subject to administrative sanctions in the forms of:
- a written warning;
- administrative fines;
- temporary dismissal;
- expulsion from the list of registrations.

Regulation 20 of 2016, an implimenting law of Regulation 82 of 2012, stipulates that consent from the data subject is necessary for the transfer of data, and that this consent should be expressed in writing.

In March 2016, Indonesia's Ministry of Communication and Informatics (MOCI) released a circular letter “Concerning the Provision of Application Services and/or Content over the Internet (OTT)”, which proposes a range of new regulations on Internet services. The packages include proposed requirements to use local IP numbers and store data within Indonesia.

It is reported that the requirements, as proposed, could present compliance problems for foreign service providers and raise competition concerns and trade barriers.

Additionally, a draft OTT regulation was issued in 2017 for public consultation and comments, signalling that the MOCI is still pressing on with these measures, although its contents may change.

In the Annex of Circular Letter of Bank Indonesia No. 16/11/DKSP Year 2014 regarding E-money Operations, there is a requirement for all operators of e-money to localise data centres and data recovery centres within the territory of Indonesia.

In Indonesia, data protection is covered by Law No. 11 of 2008 regarding Electronic Information and Transaction (EIT Law) and Government Regulation No. 82 of 2012 regarding the Provision of Electronic System and Transaction (Regulation 82), which went into force on 15 October 2012. Regulation 82 requires “electronic systems operators for public service” to set up a data center and disaster recovery center in Indonesian territory for the purpose of law enforcement and data protection.

In January 2014, the Technology and Information Ministry circulated a Draft Regulation with Technical Guidelines for Data Centers. The unclear and possibly all-encompassing definition of public services gave rise to concerns when a spokesperson was quoted saying: “[the draft] covers any institution that provides information technology-based services.” Data carriers covered by these provision, therefore, would include a wide range of actors such as cloud providers, foreign banks and mobile phone providers.

Regulation 82 states that the storing of personal data and performing a transaction with the data of Indonesian nationals outside the Indonesian jurisdiction is restricted. This requirement appears to apply particularly to personal data and transaction data of Indonesian nationals which is used within Indonesia and/or related to Indonesian nationals. The Regulation targets "electronic systems operators for public services", whose definition remains unclear.

In January 2014, the Technology and Information Ministry circulated a Draft Regulation with Technical Guidelines for Data Centers. The unclear and possibly all-encompassing definition of public services gave rise to concerns when a spokesperson was quoted saying: “[the draft] covers any institution that provides information technology-based services.” Data carriers covered by these provision, therefore, would include a wide range of actors such as cloud providers, foreign banks and mobile phone providers.

Electronic Service Providers are required to employ Indonesian citizens to operate strategic electronic systems, e.g. those for defense and national security, unless there is no suitable candidate available.

The Employment Act required that one local employee must be employed for every foreign employee. Moreover, in 2012, the government of Indonesia issued a decree prohibiting wholly Indonesian-owned companies from hiring foreign staff for senior positions. This is the case for 19 positions, which include personnel director, industrial relation manager, human resource manager, personnel development supervisor, personnel recruitment supervisor, personnel placement supervisor, employee career development supervisor and personnel administrator.

All companies willing to employ foreigners are required to apply for a written permission at the Ministry of Manpower and Transmigration. The Ministry of Manpower and Transmigration will then conduct labour market tests. Moreover, it is required that foreign service suppliers should train and educate, as well as transfer technologies and expertise to the local Indonesian employees.

PT Telekomunikasi Indonesia, the incumbent, is a semi-privatized, majority State-owned company. It has dominant market share in terms of mobile phone subscribers (approximately 45 to 50%).

It is reported that criminal raids for copyright enforcement are scarce. In 2014, the Indonesian National Police investigated 97 criminal copyright cases and the Attorney General’s Office brought 12 cases to trial. It is also reported that enforcement officials often ask rights holders to pay for the raids.