Recognize and Maintain the Importance of Personal Data

Misuse of personal data is a necessity in the rapid flow of information as it is now. The loopholes are everywhere. Once not anticipated, the impact can spread anywhere.

Personal data is a type of data that includes resident identity such as full name, NIK, date of birth, and place of residence. Article 6 paragraph 3 Personal Data Protection Bill mention what is meant by personal data includes beliefs, health data, biometrics, genetics, sexual life, political views, crime records, child data, personal financial data, information about physical and mental disabilities. Although it is still not endorsed, the definition provides a clear picture of the spectrum of personal data.

In today's digital era, data is everything. When someone enjoys a digital service for free, whether they realize it or not, they can be sure that they pay for it with data.

The easiest way to tell if a digital company is taking data as a "cost" for its services is to peek at their app permissions. Take Facebook for example. On Google Play you can see Facebook asking for almost 40 kinds of access to the phone that wants to download it, starting from access to taking pictures and videos, recording audio, accurate location, to calling the phone number in the contact.

Value of Data

First of all, it must be understood that there are three types of data that can be harvested by other parties from namely: voluntary data provided, observed data, and inferred data. As the name suggests, voluntary data is data that is voluntarily provided to an online platform, as we do when registering for a service. Meanwhile, observational data is data taken from a person's online activities such as browser history and GPS location. Finally, the concluded data is a combination of the two previous types of data.

These three types of data are certainly valuable, especially for digital companies that require a large supply of data to polish their products. Report The Atlantic mentions data from one person's profile account equivalent to US$0,005. While Google and Facebook are reported to be able to squeeze profits of US $ 5 and US $ 20 respectively from the data of each user.

In Indonesia, personal data is not considered important by the wider community. This becomes a problem when digital services have surrounded almost all aspects of people's lives.

This digital literacy is then used by several parties who steal and misuse personal data that does not belong to them. The case found by Hendra Hendrawan (23) in a Facebook group called Dream Market Official is an example of how vulnerable personal data is being misused.

Hendra found that the group was free to trade millions of personal data of people in their NIK and KK on 26 July. Investigation Kompas found that personal data traded among credit card marketers ranged from IDR 300 to IDR 50.000 per data. The data contains a number of information from full name, address, telephone number, biological mother's name, to one's financial ability. He then reported this incident to the public and received a response from the Ministry of Home Affairs.

In different cases, there were many residents whose data was taken and misused. LBH Jakarta recently announced that there were more than 5.000 complaints related to misuse of personal data. One of the cases they handle comes from online money loans. Examples of the worst effects of misuse of this data are sexual harassment to bullying.

SAFEnet (Southeast Asia Freedom of Expression Network) Regional Coordinator Damar Juniarto to DailySocial explained, the number of cases of misuse of personal data can not be separated from the level of digital literacy of society which is still low.

Damar said, regardless of the motivation of the perpetrators, the public still had difficulty distinguishing which data could be disseminated to the public and which could not. Even today, it is enough by searching a search engine, one can find personal data such as NIK and KK.

Similar difficulties also arise when downloading an application without looking at the access permissions they give to the application. The problem is, however much and annoying an app may ask for access to its user's data, the request is legal if the user agrees to the request when installing the app.

"For example, when installing an application, we must consider when the application asks for permission permission For camera access, for example, you have to think about whether it's necessary or not," said Damar.

Damar advised social media users not to show sensitive data either in their bio or profile.

However, the potential for misuse of data does not only come from a person's online activities. Not a few offline activities can result in the spread of our personal data.

The easiest example is a photocopy of a scattered ID card. The same vulnerability also exists when requests leave their ID cards and telephone numbers when they want to enter a building.

"If you want to enter the building, you must provide an ID card no problem. The problem is if he asks for more data than that, such as a phone number. though no related. That can be circumvented by changing the last three numbers," suggested Damar.

Refuse Data Used

When personal data has spread to many hands, there is not much that can be done. But in the context of the phone telemarketing which is often annoying, users can ask. This is possible because there are legal rules that support it.

The first rule is Financial Services Authority Regulation (POJK) Number 1/POJK.7/2013. The regulation prohibits calling or texting product offers from banks, other financial institutions, and freelance telemarketing using cell phones. The public can complain to OJK at telephone number (021) 5006555 if they receive a call or SMS product offer.

Article 17 of Law Number 14 of 2008 on Public Information Disclosure also prohibits marketing indirectly. The regulation states personal information, including telephone numbers, as confidential. Finally, the state itself has recognized privacy in Article 5 paragraph (1), Article 20, Article 28 G paragraph (1), Article 28 H paragraph (4), and Article 28 J of the 1945 Constitution.

The Importance of the Personal Data Protection Law

Although there are already several rules that regulate data, Damar believes that the public still needs special rules that focus on handling data, namely the Personal Data Protection Law (PDP).

The existence of the PDP Law, according to Damar, will cover the rules regarding data spread across various sectors. In the end, this policy will make it easier for the state and society to handle cases of data misuse, which are often carried out separately and take time because it requires coordination between sectors.

"If the PDP Law emerges, it will become an omnibus law that will make everything stronger," said Damar.

Unfortunately, the need for the PDP Law is still hampered in the legislative process. After several years in the form of a draft, the Draft PDP Law has successfully entered the priority list of national legislation programs in the DPR. However, until now when the DPR's term of office ended, the draft had not been ratified.