Digitalk #39 Session 2 Talk 5: Understanding Data Sovereignty and Its Use by the State

Yogyakarta, April 28th, 2020—Center of Digital Society (CfDS) held the Digital Discourses series entitled “Data Sovereignty: Does it Matter Where Data is Stored?” which was attended by Tony Seno Hartono, a practitioner in the field of ICT (Information, Communication, and Technology) who has been in the field for 30 years.

Tony Said, data sovereignty is a concept of data privacy carried out by the government to protect the data stored. It was aimed to enforce privacy regulations and prevent data from being misused.

However, data sovereignty can be a complex legal problem. By way of illustration, if an organization in Indonesia used cloud computing services from an American company based in the United States, the data will also be stored and processed in several data centers around the world.

If at any time the US Government investigated a suspected terrorism case, the US Government might ask the cloud computing service provider to provide some personal data allegedly storing terrorism information to unify and strengthen the evidence.

Nevertheless,  if related data existed in the local Indonesian cloud computing service company, the US Government could access the data using Mutual Legal Assistance as well as through law enforcement of data in Indonesia.

The illustration can also be seen from the USA PATRIOT Act (Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act), which is a federal law of the United States that authorizes the US government to overcome terrorism.

“Investigation of terrorism can be done secretly without consumer knowledge, in providing national security against real and cyber-crime, the government needs to access all relevant data regardless of the location of personal data stored. The government can request data through Mutual Legal Assistance access,” said Tony. “In the end, it doesn’t matter where the data is stored because the government will always be able to get it,” added Tony.

“Indonesia itself currently does not yet have a law regarding the protection of personal data, we only have a draft law signed by the President of the Republic of Indonesia on January, 24th, 2020. The Draft Law on Personal data (PDP Bill) will later define the definition of personal data, types of personal data, deletion of personal data and its violations,” explained Tony.

Later, there will be nine sectors that have priority data protection. Among them are the administration of the government secretariat, the energy sector, the mineral resources sector, the transportation sector, the financial sector, the health sector, the information and communication technology sector, the food security sector, and the defence sector.