A new Data Privacy and Cybersecurity Comparative Guide defines the scope of personal data in Indonesia. It notes that the concept of data privacy is interpreted as a part of the privacy right, which, pursuant to Law No. 11 of 2008 as amended by Law No. 19 of 2016, is defined as the right to enjoy a private life and be free from all kinds of disturbances; the right to communicate with other persons (without being spied on); and the right to supervise the access to information on his/her personal life and data. It also details how cybersecurity in Indonesia is governed by EIT Law and GR 71/2019, but there are no specific definitions or terms on cybersecurity itself. A bill on cybersecurity was once proposed, but it was eventually rejected and failed to be enacted in 2019. Based on EIT Law and GR 71/2019, the general concept of cybersecurity provisions focuses on cyber incidents including prohibitions of hacking, denial of service, phishing, and identity theft, as well as cybercrimes.
