Personal Data Protection Regulations Research Articles

Stimulating Innovation through Personal Data Protection Regulations: Assessing the Replication of GDPR into LGPD

Stimulating Innovation through Personal Data Protection Regulations: Assessing the Replication of GDPR into LGPD

The Urgency of Open Application Programming Interface Standardization in the Implementation of Open Banking to Customer Data Protection for the Advancement of Indonesian Banking

Open banking with Application Programming Interface technology (open API) is an initiative that aims to streamline the payment system in Indonesia. Open API allows banks to integrate their systems with fintech and e-commerce by disclosing customer transaction data. This study aims to reveal the urgency of open API standardization in the Indonesian implementation of open banking. The study employed a normative juridical approach to secondary data. The data includes primary, secondary, and tertiary legal materials. It also used a qualitative normative data analysis method. It concludes that before the establishment of the National Standard for Open API Payment (SNAP), the process of sharing data among banks and fintech and/or e-commerce was unstandardized. It was only based on agreement among parties. Indonesian banks have different-various standards of the open API that could affect customer data protection. According to the Regulation of the Financial Service Authority Number 12/POJK.03/2018, the relationship between banks and fintech and/or e-commerce in the administration of digital banking services that is based solely on agreements among parties is not strong enough. OJK indeed presents as a supervisory agency. However, the parties will eventually return to an agreement among themselves. In contrast to the Regulation of the Financial Service Authority, the Regulation of Members of the Board of Governors, which is the legal basis for SNAP, provides standards that both service providers and service users must comply with. However, the implementation of SNAP-based open APIs still needs the readiness of personal data protection regulations.

Effective communication between hospital staff and patients in compliance with personal data protection regulations.

Secure communication between patients and health care facilities is especially important In 2016, the European Union (EU) introduced a new regulation — the General Data Protection Regulation (GDPR), applicable in all EU member states — aimed at improving protection of personal data. The GDPR provides broad guidelines on data protection, but generally lacks specific details. Consequently, although member states must comply with the GDPR, there is some flexibility to develop new regulations to suit national characteristics and practices, especially in key economic sectors, such as health care. The aim of the present article is to discuss the benefits and limitations of legal provisions governing the patient identification (both in-person and remotely). This analysis is based on Polish laws that were recently passed to comply with the GDPR. In some cases, these data protection regulations may be unnecessarily strict, making routine care more difficult than intended by the GDPR. National legislation in Poland imposes strict data protection measures, such as prohibiting the public display of patient names or calling out the patient’s name in public. However, after health care personnel around the country criticised many of these measures, the law will be modified to address those concerns. For example, the patient’s name can be displayed on a wrist band and on containers with the patient’s medicines. Nonetheless, numerous questions still need to be resolved to adapt the general data protection rules to ensure the effective operation of the hospital to avoid problems related to accurate patient identification.

Comparative study of personal data protection regulations in Indonesia, Hong Kong and Malaysia

PurposeThe purpose of this paper is two-fold: to explore the legal issue of the importance of personal data protection in the digital economy sector and to propose a legal framework for personal data protection as a consumer protection strategy and accelerate the digital economy.Design/methodology/approachThis study is legal research. The research approach used was the comparative approach and statute approach. The legal materials used are all regulations regarding personal data protection that apply in Indonesia, Hong Kong and Malaysia. The technique of collecting legal materials is done by using library research techniques.FindingsThe value of Indonesia’s digital economy is the biggest in the Southeast Asia region, but data breach is still a big challenge to face. The Indonesian Consumers Foundation (Yayasan Lembaga Konsumen Indonesia) recorded 54 cases of a data breach in e-commerce, 27 cases in peer-to-peer lending and 5 cases in electronic money. Based on the results of a comparative study with Hong Kong and Malaysia, Indonesia has yet no specific Act that comprehensively regulates personal data protection. Indonesia also does not have a personal data protection commission. Criminal sanctions and civil claims related to data breaches have not yet been regulated.Research limitations/implicationsThis study examines the data breach problem in the Indonesian digital economy sector. However, the legal construction of personal data protection regulations is built on the results of a comparative study with Hong Kong and Malaysia.Practical implicationsThe results of this study can be useful for constructing the ideal regulation regarding the protection of personal data in the digital economy sector.Social implicationsThe results of the recommendations in this study are expected to develop and strengthen the protection of personal data in the Indonesian digital economy sector. Besides aiming to prevent the misuse of personal data, the regulation aims to protect consumers and accelerate the growth of the digital economy.Originality/valueIndonesia needs to create a personal data protection act. The act should at least cover such issues: personal data protection principles; types of personal data; management of personal data; mechanism of personal data protection and security; commission of personal data protection; transfers of personal data; resolution mechanism of personal data dispute and criminal sanctions and civil claims.

Examining Compliance with Personal Data Protection Regulations in Interorganizational Data Analysis

The development of big data analysis technologies has changed how organizations work. Tech giants, such as Google and Facebook, are well positioned because they possess not only big data sets but also the in-house capability to analyze them. For small and medium-sized enterprises (SMEs), which have limited resources, capacity, and a relatively small collection of data, the ability to conduct data analysis collaboratively is key. Personal data protection regulations have become stricter due to incidents of private data being leaked, making it more difficult for SMEs to perform interorganizational data analysis. This problem can be resolved by anonymizing the data such that reidentifying an individual is no longer a concern or by deploying technical procedures that enable interorganizational data analysis without the exchange of actual data, such as data deidentification, data synthesis, and federated learning. Herein, we compared the technical options and their compliance with personal data protection regulations from several countries and regions. Using the EU’s GDPR (General Data Protection Regulation) as the main point of reference, technical studies, legislative studies, related regulations, and government-sponsored reports from various countries and regions were also reviewed. Alignment of the technical description with the government regulations and guidelines revealed that the solutions are compliant with the personal data protection regulations. Current regulations require “reasonable” privacy preservation efforts from data controllers; potential attackers are not assumed to be experts with knowledge of the target data set. This means that relevant requirements can be fulfilled without considerably sacrificing data utility. However, the potential existence of an extremely knowledgeable adversary when the stakes of data leakage are high still needs to be considered carefully.

LEGAL PROTECTION OF DATA SECURITY OF E-COMMERCE APPLICATIONS DURING THE COVID-19 PANDEMIC

The rapid progress in the field of information technology has contributed greatly to the development of the world of information and electronic transactions. The security of consumer personal data that enters e-commerce data should be a guarantee given by the company to its consumers. This study aims to find out the legal protection for data/information security of e-commerce application users during a pandemic. This study uses normative legal research with analytical descriptive methods to explain, describe, and correlate legal regulations and theories with the problems that occur. Data analysis was carried out qualitatively. The results of the study indicate that the electronic system operator must ensure the availability of service level agreements, the availability of information security agreements for the information technology services used; and security of information and means of internal communication held. Then, the operator of the electronic system must ensure that each component and the integration of the entire electronic system operates properly. Especially in the era of the covid-19 pandemic, it is appropriate that the regulation of personal data protection can be immediately upgraded to the level of the law.Keywords: Protection; Security; Personal Data;E-Commerce.

Digital Protectionism: Myth or Reality?

Many governments continue or even return to protectionism, with a special influence on digital protectionism that has emerged in the era of digital development. Compared to the traditional protectionism the digital one usually differs due to the expansive growth of digital companies and the enormous amounts of data they gather. The authors focus on the two main elements of digital protectionism – a regulatory regime that creates barriers to cross-border data transfer and benefits in antitrust legislation in respect of internal companies. The purpose of the article is to identify the risks of applying special regulation of personal data protection and using antitrust policy to regulate digital companies functioning as means of protectionism. The analysis includes two stages: comparing of personal data protection and digital protectionism aims, assessing the protectionism motives within the framework of antitrust regulation. Based on the results of the study the authors come to the conclusion that industrial and antitrust regulators should take into account the risks of implementing digital protectionism to the competition.

Personal Data Security in South Africa’s Financial Services Market: The Protection of Personal Information Act 4 of 2013 and the European Union General Data Protection Regulation Compared

The contemporary global financial services market has witnessed a substantial increase in cybercrime which places consumers’ personal data at risk. Rapid increases in cybercrime linked to the financial services market have driven financial market regulators to pass novel laws and regulations aimed at curbing the rate of occurrence of cybercrimes connected to personal data sharing. To that end, banks and/or financial services companies in Europe have swiftly moved to comply with the European Union’s General Data Protection Regulation. Whilst personal data protection regulation is not a new concept in Europe, most African countries (with exception of South Africa) do not have laws and regulations on personal data protection. With the financial services market being extremely vulnerable to cyber risks owing to the digitisation of the financial services sector, it is important to assess the suitability of South Africa’s current regulatory framework concerning the protection of personal data. This article thus examines South Africa’s Protection of Personal Information Act 4 of 2013 with a view to ascertaining its suitability and/or adequacy in protecting personal data in the country’s financial services market. With the global Covid-19 pandemic bringing about concerns related to rapid increases in cyber-attacks in the financial services market owing to the increased sharing of the sensitive personal data of consumers, there is also need to test the POPIA’s conformity with the strict European Union GDPR personal data protection guidelines.

URGENCY OF THE PERSONAL DATA PROTECTION BILL ON PRIVACY RIGHTS IN INDONESIA

The development of information technology in the era of globalization makes it easier for people to carry out their daily activities, apart from socializing, it can also be a channel for work. Behind the simplicity coveted by technological developments opens up loopholes related to personal data that is easily misused. Indonesia does not yet have specific laws governing the protection of personal data as a whole. So that the author will examine the urgency of the draft personal data law in Indonesia, personal data protection schemes, to the impact of the implementation of the personal data protection bill. This study uses a normative juridical research method. The results of the study point to a privacy rights protection scheme in which everyone has the right to publish personal data or the right not to publish personal data to the public. The weakness of personal data protection regulations in Indonesia that have not been specifically regulated increases the potential for crimes against the right to privacy, but the drafting of the Personal Data Protection Bill brings fresh air not only to the public but to the government sector to the international business environment.

Personal Data Protection Regulations to Support Investment in Indonesia

Indonesia is a country that can be categorized as a big country when viewed fromthe aspect of population. The total population of Indonesia in 2019 is around 269million, making Indonesia the fourth most populous country in the world.Indonesia is also the third largest owner of online transactions in Asia and one ofthe countries with the largest internet access in the world. However, Indonesia isone of the countries that does not have regulations that protect the personal dataof its people even though with a very large number of people and potential,Indonesia should be able to reflect from Singapore, Malaysia, Thailand and evenLaos. The importance of this regulation is because people are now in the era of BigData. The research method used in this study is a descriptive qualitative researchmethod with data and observations, with literacy studies as an addition. Thisresearch expects the government's ability to manage policies to protect thepersonal data of the Indonesian people so that there is no misuse of public databy irresponsible individuals.

Perbandingan Aturan Perlindungan Privasi Atas Data Pribadi Antara Indonesia Dengan Beberapa Negara

The development of information and communication technology shows a significant increase. In the development of information technology and technology, personal information consisting of names, e-mails and cell phone numbers is very valuable data because there is economic value obtained in the business world, but technology can also be very dangerous if its use is not restricted, such as in the case of not protecting personal data, while privacy of personal data is important because it involves a person's dignity and freedom of expression, but data is not protected because in Indonesia there is no obligation in positive law which specifically regulates and provides sanctions for violations. This study aims to discuss the regulation in the perspective of comparative law in Europe, America, Hongkong, Malaysia, Singapore, South Korea, and Japan. This study uses normative legal research using asttutory approach and comparative approach that examines and analyses legal sources. This study discovers that the regulation of personal data protection in Indonesia has not been fully and thoroughly regulated compared to the regulations in several other countries, that there is a need for legal harmonization of personal data protection that is mature and deep

Consumer’s Data Protection and Standard Clause in Privacy Policy In E-Commerce: A Comparative Analysis on Indonesian and Singaporean Law

The world’s economy is now beginning to shift towards the e-commerce industry. However there are still many issues in the e-commerce industry regarding consumer protection in the aspect of personal data protection and standard clauses in privacy policy. Although ASEAN has tried to harmonize regulations related to e-commerce between ASEAN countries, there are still differences in these regulations between Indonesia and Singapore. Therefore this paper aims to conduct a comparative analysis between Indonesian and Singaporean law regarding consumer’s personal data protection and standard clauses regulations by using legal research methods. Singapore is one of the most active countries in updating its regulations related to the e-commerce industry.

The principle of reliability in the regulation of personal data protection

The principle of reliability in the regulation of personal data protection

Comparative Study of Children’s Personal Data Protection Regulation on COPPA (Children’s Online Privacy Protection Act) and Children and GDPR

Background: Personal data is the most fundamental right for everyone including children. Children are the most vulnerable subjects when it comes to the processing of personal data, it is because they do not have awareness and understanding of the risks of misuse of personal data. Regulations regarding the protection of children's personal data in Indonesia are already contained in the draft of personal data protection law but with very limited guidance. Through this comparative study, researchers wanted to compare the United State's COPPA(Children's Online Privacy Protection Act) with the Children and GDPR by the United Kingdom. Both of these regulations are very detailed in regulating the protection of children's personal data. This study will provide a clearer picture of children’s privacy protection regulations so that it can be used as a reference for Indonesia's draft of personal data protection law in regard to the rights of children's privacy. Method: This comparative research uses qualitative descriptive methods with library research and approach. Result: There are fundamental differences regarding the form of guidance, the definition of child, the perpetrator processing of the child's personal data, and things that are included in the child's personal data. Conclusion: The application of children's personal data protection is adjusted to the values and cultures of the country.

A comparative analysis of personal data protection regulations between the EU and China

The growth of e-commerce and other platforms has significantly increased the amount of personal data that is shared and submitted online; however, the adequate and secure collection and processing of these data is of great concern. With the EU’s implementation of a new data protection regulation in 2018, the development of personal data protection globally has reached an important turning point and has sparked the interest of scholars and businesses. Text coding was employed to compare the current personal data protection regulation landscape in the EU and in China to discover the differences between the General Data Protection Regulation and the personal data protection regulations of the fastest-growing economy in e-commerce. The results show that while there are several similarities in regard to general requirements, such as principles of data processing and basic rights for data subjects, China’s personal data protection regulations tend to lack specific operational requirements and strong legal enforcement. Based on the research results, implications and recommendations for the government and companies are provided.

Data Protection: A Friend or Foe of the Competition Law

Personal data is one of the key inputs for competition in many industries and its importance is even higher in data-driven markets, such as online platforms. Data protection regulations by regulating the use of personal data also enable its commercialisation; therefore they can be regarded as market regulations. Since there is a commercialised asset and markets run on personal data, there are possible competition law issues that may arise from the impacts of data protection regulations on market competition. Unlike some scholars argue, competition law is not the best instrument to provide a better data protection for consumers but competition rules do apply to the undertakings that compete in order to accumulate more personal data and provide data protection services to their customers. There are some unique features of personal data and data protection regulations that may affect the application of competition law in this area.

Порівняльна характеристика правового регулювання захисту персональних даних у США та Європі: CCPA vs GDPR

Порівняльна характеристика правового регулювання захисту персональних даних у США та Європі: CCPA vs GDPR

Perlindungan Data Konsumen Transaksi Online Melalui Penerapan Advance Data Protection System

The concept of a welfare state is the basis for the position and function of government (bestuurfunctie) in modern countries. The application of the law that is obeyed and followed will lead to law and order which maximize the potential of the community. Furthermore, in accordance with the objectives of the state set out in the fourth paragraph of the opening of the 1945 Constitution of the Republic of Indonesia that one of the objectives of the state is to protect the entire Indonesian nation and to advance the general welfare. By the establishment of the country’s goals in the fourth paragraph of the 1945 Constitution of the Republic of Indonesia, the answer is that in fact Indonesia has tried to create a welfare state. The main key in the welfare state is regarding the guarantee of people’s welfare given by the State. Basically, the regulation concerning the right to privacy of personal data is a manifestation of the recognition and protection of basic human rights. Therefore, the drafting of the Personal Data Protection Bill has a strong philosophical foundation and can be accounted for. Decision of the Constitutional Court Number 006 / PUU-I / 2003 further emphasized that the regulation of Personal Data Protection must be in the form of a law. In the Constitutional Court Decision, among others, it was stated that the provisions concerning human rights must be in the form of laws. As a form of the state present to protect as well as the welfare of its people, the government as the highest authority as well as those who run the government is obliged to carry out efforts that are felt needed. One way that the government can do to answer and minimize the problems faced is by implementing the Advance Data Protection System as a form of protection.

Legal regulation of personal data protection and its control by the state in China

This article examines the Chinese normative acts that regulate personal data protection. The author reviews the questions of restrictions pertaining to personal life due to introduction of social score system. Analysis is conducted on the “system of social rating” (“social credit”) formed on the basis of government services. The article presents the examples of civil right restrictions due to low rating in the sphere of employment, public housing, reception of subsidies, basic social benefits, and loans at low interest rates. The practice of “social condemnation”, when the short clips are shown before the main film in a movie theatre naming local people who have failed to pay off debt. The conclusion is made that the social score system controls activity of a person in all spheres of social life – from business to family relations, from credit default to violation of traffic rules. The author notes that biggest unfairness of this system pertains to the citizens who buy videogames, spent long time in social network, spread fake news, which leads to restriction of high-speed Internet. It is also underlines that there is virtually no legal framework for implementation of such system or legal acts that regulate the score system, and the corresponding “guiding recommendations” of the State Council of the People’s Republic of China contain pretty vague formulations.

THE URGENCY OF ENACTING PERSONAL DATA PROTECTION LAW AS A PATRONAGE FROM THE DEVELOPMENT OF COMMUNICATION AND INFORMATION TECHNOLOGY IN INDONESIA

The development of information technology might control the pattern of people’s behavior in digital era. The presence of internet as the main platform for online activities, including electronic transactions, was now increasingly attracting the interest of Indonesian people although it was vulnerable to be hacked by irresponsible parties as a cyber-attack. One cyber-attack targets individual’s personal data. This study, therefore, took some issues related to that matter. First, it discussed the regulation of personal data protection in Indonesia applied in recent days, and second, it proposed an appropriate law to regulate such issue in the future.This study was a normative research with statute and case approaches. The result showed that, first, the existing regulation for personal data protection was less effective as it was still scattered in some sectorial setting, and thus, the system of appropriate regulation under a comprehensive law was considerably important. Second, the disharmony of regulatory legislation in regulating people personal data protection needed to be solved through a specific regulation which particularly regulated on personal data protection.