On 18 July 2024, Bank Indonesia is set to hold an essential Focus Group Discussion (FGD) at the JW Marriott Hotel in Medan, North Sumatra. The event, themed “Personal Data Security: Challenges to Supervision and Law Enforcement in the Financial Sector,” aims to tackle the complexities of personal data protection in the rapidly evolving digital age.
This timely discussion follows the enactment of Indonesia’s Personal Data Protection (PDP) Law, Law Number 27 of 2022, which came into effect on 17 October 2022. Despite this significant legislative step, recent data breaches highlight the urgent need for robust implementation and enforcement mechanisms to safeguard personal data.
The FGD will feature prominent experts, including Prof. Abu Bakar Bin Munir, a co-founder of the Asosiasi Profesional Privasi Data Indonesia (APPDI) and a distinguished professor at the University of Malaya, Malaysia. He will be joined by speakers from the Indonesian Ministry of Communication and Information, the Department of Law of Bank Indonesia, and Prof. Sinta Dewi Rosadi. These experts will share their extensive knowledge and insights on the current landscape and future directions of personal data protection.
Key topics to be discussed include the background and implementation of the PDP Law within Bank Indonesia, the banking sector, and financial technology (fintech). Additionally, the FGD will address coordination, oversight, law enforcement, and sanctions in cases of data protection disputes, along with general principles for maintaining data security and mitigating associated risks.
From 2019 to 2023, the Ministry of Communication and Information Technology recorded 98 suspected cases of personal data protection violations, involving both private and public Electronic System Operators (ESOs). Notable incidents in the banking sector, such as the BFI Finance hack and unauthorized transactions at major banks, underscore the urgent need for effective data protection measures.
The digitalization of banking and fintech sectors has significantly transformed service access and management. As of August 2023, electronic money transactions in Indonesia, particularly through QRIS, reached Rp 38.51 trillion, reflecting an 8.62% increase from the previous year. Indonesia’s fintech industry, which accounted for 33% of total fintech funding in Southeast Asia by Q3 2022, continues to grow, driven by regulatory support from laws like the PDP Law and the Financial Sector Development and Strengthening Law.
Despite the progress, the implementation of the PDP Law faces hurdles, particularly in establishing a dedicated PDP agency with defined authority and inter-agency relationships. Effective oversight and law enforcement are crucial to realizing the law’s potential and ensuring personal data security.
The FGD, opened and led by Mr. Wishnu Badrawani, aims to generate actionable insights and practical recommendations to address these issues. By bringing together researchers, academics, and practitioners, Bank Indonesia seeks to enhance research quality and develop comprehensive strategies for strengthening personal data protection.
The discussions will be divided into two sessions. In the first session, speakers from the Indonesian Ministry of Communication and Information, Prof. Abu Bakar Bin Munir, the Department of Law of Bank Indonesia, and Prof. Sinta Dewi Rosadi will present their perspectives on the current state and future of data protection. This will be followed by an interactive discussion exploring coordination, oversight, and law enforcement challenges.
The second session will continue with in-depth discussions led by the same distinguished speakers, delving into specific cases and practical solutions for mitigating data security risks. Participants will have the opportunity to engage with the speakers, ask questions, and contribute their insights.
This FGD represents a significant step toward addressing personal data security challenges and fostering a collaborative approach to enhancing data protection in Indonesia’s financial sector. The insights and strategies developed during this discussion will be crucial in ensuring the effective implementation of data protection laws and safeguarding personal information in the digital era.