Author: Rainer Heufers, CIPS
Indonesian lawmakers are worried about the flow of information and freedom of expression in the fast-growing digital realm. In 2008, they issued a law on electronic information and transactions. Its 2016 revision criminalized online obscenity, defamation and hate speech, widely seen as undermining free speech.
The digital boom also challenges Jakarta’s preference for key economic resources to be under the control of state-owned enterprises. While private companies dominate the digital revolution, the Indonesian government has embraced local champions but limited the freedom of online platforms.
Jakarta’s power over the private sector is evident in policy discussions on digital infrastructure expansion, a planned cybersecurity law and digital taxes. But political decisions affecting the freedom to engage in borderless internet will have the greatest impact on Indonesia’s democracy.
Indonesian authorities can either regulate the Internet by setting rules and standards that encourage or sanction online practices, or they can autocratically control online behavior. These two approaches competed in the campaigns of the US and Russian candidates for the Secretary-General of the International Telecommunication Union, the United Nations agency responsible for managing information and communications technologies.
Russia and China support so-called “internet sovereignty” laws that require individuals to register to connect to the internet and allow governments to shut down parts of the internet. Western countries want privacy standards and aim to turn to non-governmental organizations on internet rules.
The Indonesian government has taken an ambiguous approach in complying with the standards of the European Union’s General Data Protection Regulation (EU GDPR) while tightening controls on content and access to data. Jakarta has a history of shutting down the internet to prevent disinformation and unrest. A 2019 internet shutdown in West Papua ended when a court ruled the government’s action illegal.
Certain types of content have been declared illegal in Indonesia. Regulation No. 5/2020 of the Ministry of Communications and Informatics (MIIT) requires private electronic system organizers to remove illegal content within 24 hours or four hours for child pornography, terrorist activity, or content that “disturbing society and disrupting public order.” .
A short period of time creates a dilemma for private electronic system organizers. If they act quickly and without due assessment, they are accused of violating individual rights. They face government sanctions if they don’t comply immediately.
The Personal Data Protection Law passed by the Indonesian parliament in September 2022 prohibits the illegal collection and use of data. This is in line with EU GDPR standards, but personal data controllers who are alleged to be in breach of the law only have three days to delete data. The EU GDPR gives controllers between one and three months. Decisions will be made by the yet-to-be-created Data Protection Agency – but there will be no time for investigations, due process or appeals.
MOCI’s plans to strengthen its central role in Indonesia’s digital governance system by becoming the watchdog of the Personal Data Protection Agency have been thwarted by the Indonesian parliament and civil society. Centralizing the power to control the Internet comes with significant risks to democratic rights and freedom of expression.
When Russia’s state agency Roskamnadzor was created in 2008, it monitored radio signals, telecommunications and mail. Since then, it has become part of an authoritarian regime that has banned more than 1.2 million websites, blocked and fined major internet platforms.
MOCI already has significant powers. All private electronic system organizers must register with MOCI before commencing operations and provide a statement guaranteeing access to government and law enforcement agencies’ electronic systems and data. When PayPal, Yahoo and several online gaming sites fail to comply, the MOCI has ordered internet service providers to block internet access, ignoring more lenient penalties such as warning letters or fines. Platforms responded immediately despite the lack of proper, transparent vetting and independent appeals mechanisms.
Indonesian politicians generally see government access to personal data as part of the country’s internet and data sovereignty. Jakarta does not compel private companies to maintain data centers on land, but Indonesia’s Minister of Communications and Informatics said in June 2022 that “data is a matter of a country’s sovereignty, [and] it has a geostrategic character.”
The transfer of maritime data is expected to become more difficult to facilitate government access to data from Indonesia. Without sufficient time and due process, this would expand government power at the expense of privacy and freedom of personal information.
After 25 years of democratic reforms, experts generally believe that Indonesian democracy is in decline. With executive and parliamentary elections in 2024, negative campaigns and fraud could trigger more restrictive internet policies. The incoming administration will then decide whether to continue controlling online content and data or to follow a more indirect and regulatory approach.
Rainer Heufers is the Executive Director of the Indonesian Center for Policy Studies.