This document discusses personal data protection and privacy in the context of Indonesia preparing for the ASEAN Community in 2015. It begins with an introduction to key concepts like digital identity, personal data, and privacy. It then discusses different paradigms and approaches to privacy regulation between the OECD and APEC models. The document also outlines the Safe Harbor principles from the EU, eight principles of data protection, and rights of data subjects. It discusses future identity systems like STORK and the EU's new General Data Protection Regulation. The summary provides high-level context and overview of the key topics and issues covered in the document relating to personal data protection frameworks and regulations.
20240507 QFM013 Machine Intelligence Reading List April 2024.pdf
Urgensi Perlindungan Data Pribadi Menuju ASEAN Community 2015
1. DR. Edmon Makarim, S.Kom., S.H., LL.M.
Lecturer and Research, Faculty of Law, University of Indonesia
Urgensi Perlindungan Data Pribadi:
Siapkah Indonesia Menuju ASEAN Community 2015
2. Th Judul Kegiatan Keluaran
1999 Legal framework for e-commerce
1999
RUU-IETE => UU 11/2008 + PP
82/2012
2003 Kerangka Hukum Indonesian
Cyberlaw
Modul Perkuliahan + Buku Ajar:
Kompilasi Kajian Hukum
Telematika
2009 Electronic System Provider Liability
for Implementing the IT
Governance
Buku Ajar: Tanggung Jawab PSE
2010
2011
Hak Konstitusional dan Telematika Artikel Jurnal Nasional dan
Internasional serta Buku Ajar
2010
2011
Notaris dan Transaksi Elektronik
(cybernotary)
Artikel Jurnal Nasional dan Jurnal
Internasional serta Buku Ajar
2011
2012
Privacy & Data Protection, Revisi Buku Ajar + RUU
Intersepsi
Masukan Rancangan Peraturan
Menteri Kominfo ttg Privacy dan
Informasi Komersial (spamming)
2014 Information Security & Resilience RUU Sandi + Rancangan Perpres
Cybersecurity
2014 National e-Authentication
Framework for ID: National e-
Identity Management
Artikel Jurnal Nasional dan Jurnal
Internasional serta revisi Buku
Ajar
2014 Trust Services by Community:
Community Certification Authority
Artikel Jurnal Nasional dan Jurnal
Internasional serta revisi Buku
Ajar
2015 • National e-Authentication for
Public Document in Government
Administration & Public Services
• CEG’s for Crypto Awareness
Artikel Jurnal Nasional dan Jurnal
Internasional serta revisi Buku
Ajar
Perkenalan:
Sekilas LKHT &
Roadmap Risetnya
5. Privacy vs Big Data => Identity vs Profiling & Targetting
Source: World Economic Forum, “Rethinking Personal Data: Strengthening Trust,” May 2012
6. e-ID penentu e-commerce
UNCITRAL Model
Law of e-
Commerce (1996)
UNCITRAL
Model Law of
e-Signatures
(2001)
UN Convention on the use of
e-Communication for
International Contract (2005)
- National e-ID
Management
- Electronic Transferable
Record (proposal)
- Online Dispute
Resolution (proposal)
Cybersecurity
& eCommerce
(2011)
UNC-CISG
(1980)
Contracts
for the Int’l’
sale of
goods
8. Apakah itu Identitas dan Personal Data ?
1. Pemahaman Umum:
• Identitas mencakup segala sesuatu yang merepresentasikan keunikan atau karakteristik
unik tentang sesuatu, baik orang, perangkat maupun digital object
• Digital identity tidak sama dengan Online Identity
• e-Identitity tidak identitik dengan biometrics
• Identity Personal Data + Privacy
Siapa anda dan bagaimana membuktikan bahwa itu benar anda ?
2.A structural perspective:
Identity as a representation
Identity is seen as a set of attributes characterizing the person.
2. A process perspective:
Identity for identification. Identity is considered according to a set of processes
relating to disclosure of information about the person and usage of this
information.
The shift from the total integrated approach to interoperability development is not only a
technical change, but reflects organisational, economical and social trends /
requirements of the society. To successfully tackle this very complex and highly detailed
endeavour, it is necessary to develop research involving knowledge and competencies of
all domains concerned. (Chen, 2003)
10. FAKULTAS HUKUM
UNIVERSITAS INDONESIA
Privacy Personal Life
intra-personal life:
•personal autonomy
•secrecy
•comfort
•security
•personal data
•etc
inter-personal life:
• anonymity
• embarrassing fact
• misappropriation
• libel/defamation
• sharing/exchanging
personal data
• etc
intrusion/
invasion
exposure
• Privacy in your body
• Privacy in your space
• Privacy in your property (home
+ data)
• Privacy in your communication
Inviolability of the body
Inviolability of the Space + home/property (goods)
Secrecy of Communication
Strong:
Highly
expectation
to privacy
Weak:
Lower
expectation
to privacy
Intimate/
private
declaration
/public
11. FAKULTAS HUKUM
UNIVERSITAS INDONESIA
11
Perbedaan Paradigm terhadap Privacy
Subjective or Objective ?
OECD vs APEC
Conservative
Less Conservative
Libertarian
Option-In
Policy
Option-Out
Policy
US EU
Unsubscribe Subscribe
Lawful obtained
Legitimate interest
For marketing
Subjective
approach
Objective
approach
Self
Regulatory
Government
Role
Reasonable expectation
to privacy
assumption of risks
Preventing Harms
12. FAKULTAS HUKUM
UNIVERSITAS INDONESIA
APEC Privacy Framework, Cross-border
Privacy enforcement Trustmark Agent
• Identity Seal
• Security Seal
• Vulnerability Seal
• Consumer Rating Seal
• Privacy Seal
Paradigma Pengaturan eCommerce ?
Harus Dapat Menciptakan
“Trust” & “Fair”
Self-
regulation
Laws
&
Regulation
www.itc.tf.vu.lt
• Consumer Protection
• Fair Competition
• etc
• codes of conduct,
• good/best practices => tradition
Enforcement ?
Konsep keadilannya adalah
Interactive Justice, dimana setiap org
yg menciptakan resiko harus bertgg
jwb secara hukum, kecuali ..?
13. FAKULTAS HUKUM
UNIVERSITAS INDONESIA
13
AS Eropa Safeharbour
1.Pemberitahuan/Kesadaran (Notice/Awareness):
Merupakan prinsip yang paling fundamental,
konsumen harus harus diberitahukan mengenai
praktek-praktek informasi suatu perusahaan
sebelum informasi pribadi tersebut dikumpulkan
dari mereka. Cakupan dan isi dari pemberitahuan
tersebut bervariasi antara satu perusahaan dengan
perusahaan lainnya. Prinsip-prinsip dasar lainnya
hanya akan mempunyai arti apabila konsumen
diberitahukan mengenai praktek-praktek informasi
tersebut serta hak-hak mereka berkenaan
dengannya.
2.Pilihan/Persetujuan (Choice/Consent): Prinsip
ini mengharuskan konsumen untuk diberikan
pilihan mengenai penggunaan informasi pribadi
yang dikumpulkan dari mereka.
3. Akses/Partisipasi (Access/Participation):
Prinsip ini mengharuskan agar konsumen diberikan
akses pada informasi mengenai mereka yang
dikumpulkan dan kemampuan untuk
mempertentangkan keakuratan dan kelempatan
data tersebut.
4.Integritas/Keamanan (Integrity/ Security):
Prinsip ini mengharuskan perusahaan untuk
mengambil langkah-langkah untuk menjamin
bahwa informasi yang dikumpulkan dari konsumen
mereka adalah akurat dan aman dari penggunaan
yang tidak sah.
5.Penerapan/Perbaikan (Enforcement/Redress):
Prinsip ini mengharuskan pemerintah atau
mekanisme self regulatory untuk menerapkan
sanksi atas tidak terpenuhinya praktek-praktek
informasi yang fair.
Delapan prinsip-prinsip perlindungan data yang harus
diperhatikan oleh data controller, yaitu:
1. Data Pribadi harus diperoleh secara jujur dan sah.
2. Data pribadi harus dimiliki hanya untuk satu tujuan atau
lebih yang spesifik dan sah. Dan tidak boleh diproses
lebih lanjut dengan cara yang tidak sesuai dengan
tujuan-tujuan tersebut.
3. Data pribadi harus layak, relevan, dan tidak terlalu luas
dalam hubungannya dengan tujuan atau tujuan-tujuan
pengolahannya.
4. Data pribadi harus akurat dan jika perlu selalu up-to-
date.
5. Data pribadi harus diproses sesuai dengan tujuannya
dan tidak boleh dikuasai lebih lama dari waktu yang
diperlukan untuk kepentingan tujuan atau tujuan-tujuan
tersebut.
6. Data pribadi harus diproses sesuai dengan hak-hak dari
subyek data sebagaimana yang diatur dalam undang-
undang ini.
7. tindakan-tindakan pengamanan yang memadai harus
diambil untuk menghadapi kegiatan pemrosesan data
pribadi yang tidah sah serta atas kerugian yang tidak
terduga atau kerusakan dari data pribadi.
8. Data pribadi tidak boleh dikirim ke negara atau wilayah
lain di luar Wilyah Ekonomi Eropa kecuali jika negara
atau wilayah tersebut menjamin dengan suatu tingkat
perlindungan terhadap hak-hak dan kebebasan-
kebebasan subyek data sehubungan dengan
pemrosesan data pribadi.
Rights of Data Subjects
• To be informed by data user of the data collection
• To have access to the personal data
• To be supplied with a copy of the personal data
• To correct/update the data
• To prevent collection likely to cause damage or distress
• Notice: giving individuals notice of the purposes for the
data are collected their roomates, notice of the third
parties to Whom the Data may be disclosed, information
to enable the individuals to contact the organization for
inquiries or complaints and the means offered for limiting
use and disclosure.
• Choice: offering individuals the choice of opting out of
disclosure to third parties and the choice of Whether or
not to allow the organization to use the Data for purposes
other than those for roomates they were originally
collected. An opt-in approach is required if the data are
sensitive INVOLVED.
• Onward transfers: data may be disclosed only to third
parties who either subscribe to the Safe Harbor
principles, or who are subject to the Data Protection
Directive, or who enter into a written agreement to
provide the equivalent level of privacy protection.
• Access: providing the individual with access to his data
and giving him the right to have the information corrected
upon request, unless the burden or expense of doing so
is disproportionate or would violate the rights of another
individual.
• Security: taking reasonable Precautions to protect
personal data from loss or misuse and from unauthorised
access, disclosure, alteration and destruction.
• Data integrity: Ensuring that the data are accurate, up-
to-date, relevant and reliable for their intended use.
• Enforcement: providing effective enforcement
mechanisms and dispute resolution procedures.
17. REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL
on the protection of individuals with regard to the processing of personal data and on
the free movement of such data (General Data Protection Regulation)
GENERAL PROVISIONS
Article 1 Subject matter and objectives
Article 2 Material scope
Article 3: Territorial scope
Article 4 Definitions
CHAPTER II: PRINCIPLES
Article 5 Principles relating to personal data processing
Article 6 Lawfulness of processing
Article 7 Conditions for consent
Article 8 Conditions applicable to child's consent in relation to information society
services
Article 9 Processing of special categories of personal data
Article 9a Processing of data relating to criminal convictions and offences
Article 10 Processing not requiring identification
CHAPTER III: RIGHTS OF THE DATA SUBJECT
Section 1: Transparency And Modalities
Article 11 Transparent information and communication
Article 12 Transparent information, communication and modalities for exercising
the rights of the data subject
Article 13 Rights in relation to recipients (…)
Section 2: Information And Access To Data
Article 14 Information to be provided where the data are collected from the data
subject
Article 14 a Information to be provided where the data have not been obtained from
the data subject
Article 15 Right of access for the data subject
Section 3: Rectification And Erasure
Article 16 Right to rectification
Article 17 Right to erasure and “to be forgotten”
Article 17a Right to restriction of processing
Article 17b Notification obligation regarding rectification, erasure or restriction
Article 18 Right to data portability
Section 4: Right To Object And Automated Individual Decision
Making (…)
Article 19 Right to object
Article 20 Automated individual decision making
Section 5: Restrictions
Article 21 Restrictions
CHAPTER IV: CONTROLLER AND PROCESSOR
SECTION 1: GENERAL OBLIGATIONS
Article 22 Obligations of the controller
Article 23 Data protection by design and by default
Article 24 Joint controllers
Article 25 Representatives of controllers not established in the Union
Article 26 Processor
Article 27 Processing under the authority of the controller and processor
Article 28 Records of categories of personal data processing activities
Article 29 Co-operation with the supervisory authority
SECTION 2: DATA SECURITY
Article 30 Security of processing
Article 31 Notification of a personal data breach to the supervisory authority
Article 32 Communication of a personal data breach to the data subject
SECTION 3: DATA PROTECTION IMPACT ASSESSMENT AND PRIOR
CONSULTATION
Article 33 Data protection impact assessment
Article 34 Prior (…) consultation
SECTION 4: DATA PROTECTION OFFICER
Article 35 Designation of the data protection officer
Article 36 Position of the data protection officer
Article 37 Tasks of the data protection officer
SECTION 5: CODES OF CONDUCT AND CERTIFICATION
Article 38 Codes of conduct
Article 38a Monitoring of approved codes of conduct
Article 39 Certification
Article 39a Certification body and procedure
18. CHAPTER V: TRANSFER OF PERSONAL DATA TO
THIRD COUNTRIES OR INTERNATIONAL
ORGANISATIONS
Article 40 General principle for transfers
Article 41 Transfers with an adequacy decision
Article 42 Transfers by way of appropriate safeguards
Article 43 Binding corporate rules
Article 44 Derogations for specific situations
Article 45 International co-operation for the protection of
personal data
CHAPTER VI: INDEPENDENT SUPERVISORY
AUTHORITIES
SECTION 1 INDEPENDENT STATUS
Article 46 Supervisory authority
Article 47 Independence
Article 48 General conditions for the members of the
supervisory authority
Article 49 Rules on the establishment of the supervisory
authority
Article 50 Professional secrecy
SECTION 2: COMPETENCE, TASKS AND POWERS
Article 51 Competence
Article 51a Competence of the lead supervisory authority
Article 51b Identification of the supervisory authority
competent for the main establishment (…)
Article 51c One-stop shop register
Article 52 Tasks
Article 53 Powers
Article 54 Activity Report
CHAPTER VII: CO-OPERATION AND CONSISTENCY
SECTION 1 CO-OPERATION
Article 54a Cooperation between the lead supervisory
authority and other concerned supervisory
authorities
Article 54b Cooperation between the lead supervisory
authority and the other supervisory authorities
concerned in individual cases of possible non-
compliance with the Regulation
Article 55 Mutual assistance
Article 56 Joint operations of supervisory authorities
SECTION 2: CONSISTENCY
Article 57 Consistency mechanism
Article 58 Opinion by the European Data Protection
Board
Article 58a Decisions by the European Data
Protection Board
Article 59 Opinion by the Commission
Article 60 Suspension of a draft measure
Article 61 Urgency procedure
Article 62 Implementing acts
Article 63 Enforcement
Section 3 European Data Protection Board
Article 64 European Data Protection Board
Article 65 Independence
Article 66 Tasks of the European Data Protection
Board
Article 67 Reports
Article 68 Procedure
Article 69 Chair
Article 70 Tasks of the chair
Article 71 Secretariat
Article 72 Confidentiality
CHAPTER VIII: REMEDIES, LIABILITY AND
SANCTIONS
Article 73 Right to lodge a complaint with a
supervisory authority
Article 74 Right to an effective judicial remedy
against a supervisory authority
Article 75 Right to an effective judicial remedy
against a controller or processor
Article 76 Representation of data subjects
Article 76a Suspension of proceedings
Article 77 Right to compensation and liability
Article 78 Penalties
Article 79 General conditions for imposing
administrative fines
Article 79a Administrative fines
Article 79b Penalties
CHAPTER IX: PROVISIONS RELATING TO
SPECIFIC DATA PROCESSING SITUATIONS
Article 80 Processing of personal data and freedom
of expression and information
Article 80a Processing of personal data and public
access to official documents
Article 80aa Processing of personal data and reuse of
public sector information
Article 80b Processing of national identification
number
Article 81 Processing of personal data for health -
related purposes
Article 81a Processing of genetic data
Article 82 Processing in the employment context
Article 82a Processing for purposes of social
protection
Article 83 Derogations applying to processing of
personal data for archiving purposes in the
public interest or for scientific, statistical and
historical purposes
Article 84 Obligations of secrecy
Article 85 Existing data protection rules of churches
and religious associations
CHAPTER X: DELEGATED ACTS AND
IMPLEMENTING ACTS
Article 86 Exercise of the delegation
Article 87 Committee procedure
CHAPTER XI: FINAL PROVISIONS
Article 88 Repeal of Directive 95/46/EC
Article 89 Relationship to and amendment of
Directive 2002/58/EC
Article 89a Relationship to previously concluded
Agreements
Article 90 Evaluation
Article 91 Entry into force and application
19. 'personal data' means any information relating to an identified or identifiable
natural person ('data subject'); an identifiable person is one who can be
identified, directly or indirectly (…), in particular by reference to an
identifier such as a name, an identification number, location data, online
identifier or to one or more factors specific to the physical, physiological,
genetic, mental, economic, cultural or social identity of that person.
'processing' means any operation or set of operations which is performed
upon personal data or sets of personal data, whether or not by automated
means, such as collection, recording, organization, structuring, storage,
adaptation or alteration, retrieval, consultation, use, disclosure by
transmission, dissemination or otherwise making available, alignment or
combination (…) restriction, erasure or destruction;
'restriction of processing' means the marking of stored personal data with
the aim of limiting their processing in the future;
'pseudonymisation' means the processing of personal data in such a way
that the data can no longer be attributed to a specific data subject without
the use of additional information, as long as such additional information is
kept separately and subject to technical and organisational measures to
ensure non-attribution to an identified or identifiable person (…).
'filing system' means any structured set of personal data which are
accessible according to specific criteria, whether centralized, decentralized
or dispersed on a functional or geographical basis;
'controller' means the natural or legal person, public authority, agency or any
other body which alone or jointly with others determines the purposes (…)
and means of the processing of personal data; where the purposes (…)
and means of processing are determined by Union law or Member State
law, the controller or the specific criteria for his nomination may be
designated by Union law or by Member State law;
'processor' means a natural or legal person, public authority, agency or any
other body which processes personal data on behalf of the controller;
'recipient' means a natural or legal person, public authority, agency or any
other body (…) to which the personal data are disclosed, whether a third
party or not; however, authorities which may receive data in the framework
of a particular inquiry shall not be regarded as recipients ;
'
'the data subject's consent' means any freely-given, specific
and informed (…) indication of his or her wishes by which
the data subject, either by a statement or by a clear
affirmative action, signifies agreement to personal data
relating to them being processed;
'personal data breach' means a breach of security leading to
the accidental or unlawful destruction, loss, alteration,
unauthorised disclosure of, or access to, personal data
transmitted, stored or otherwise processed;
'genetic data' means all personal data relating to the genetic
characteristics of an individual that have been inherited or
acquired, (…) which give unique information about the
physiology or the health of that individual, resulting in
particular from an analysis of a biological sample from the
individual in question;
'biometric data' means any personal data resulting from
specific technical processing relating to the physical,
physiological or behavioural characteristics of an individual
which allows or confirms the unique identification of that
individual, such as facial images, or dactyloscopic data;
'data concerning health' means data related to the physical or
mental health of an individual, which reveal information
about his or her health status;
'profiling' means any form of automated processing of personal
data consisting of using those data to evaluate personal
aspects relating to a natural person, in particular to
analyse and predict aspects concerning performance at
work, economic situation, health, personal preferences, or
interests, reliability or behaviour, location or movements;
20. 'main establishment' means
as regards a controller with establishments in more than one Member State, the place of its central administration in the Union, unless the decisions
on the purposes (…) and means of the processing of personal data are taken in another establishment of the controller in the Union and the
latter establishment has the power to have such decisions implemented , in this case the establishment having taken such decisions shall be
considered as the main establishment.
as regards a processor with establishments in more than one Member State, the place of its central administration in the Union and, if the processor
has no central administration in the Union, the establishment of the processor in the Union where the main processing activities in the context
of the activities of an establishment of the processor take place to the extent that the processor is subject to specific obligations under this
Regulation;
'representative' means any natural or legal person established in the Union who, (…) designated by the controller in writing pursuant to Article 25,
represents the controller with regard to the obligations of the controller under this Regulation (…);
'enterprise' means any natural or legal person engaged in an economic activity, irrespective of its legal form, (…) including (…) partnerships or associations
regularly engaged in an economic activity;
'group of undertakings' means a controlling undertaking and its controlled undertakings;
'binding corporate rules' means personal data protection policies which are adhered to by a controller or processor established on the territory of a
Member State of the Union for transfers or a set of transfers of personal data to a controller or processor in one or more third countries within a group
of undertakings or group of enterprises engaged in a joint economic activity;
'supervisory authority' means an independent public authority which is established by a Member State pursuant to Article 46;
(19a) 'concerned supervisory authority' means - a supervisory authority which is concerned by the processing because:
the controller or processor is established on the territory of the Member State of that supervisory authority;
data subjects residing in this Member State are substantially affected or likely to be substantially affected by the processing; or
the underlying complaint has been lodged to that supervisory authority.
(19b) 'transnational processing of personal data' means either:
processing which takes place in the context of the activities of establishments in more than one Member State of a controller or a
processor in the Union and the controller or processor is established in more than one Member State; or
processing which takes place in the context of the activities of a single establishment of a controller or processor in the Union but
which substantially affects or is likely to substantially affect data subjects in more than one Member State.
(19c) 'relevant and reasoned objection' means: an objection as to whether there is an infringement of this Regulation or not, or, as the case may be,
whether the envisaged action in relation to the controller or processor is in conformity with the Regulation. The objection shall clearly demonstrate the
significance of the risks posed by the draft decision as regards the fundamental rights and freedoms of data subjects and where applicable, the free
flow of personal data.
'Information Society service' means any service as defined by Article 1 (2) of Directive 98/34/EC of the European Parliament and of the Council of 22
June 1998 laying down a procedure for the provision of information in the field of technical standards and regulations and of rules on Information
Society services .
'international organisation' means an organisation and its subordinate bodies governed by public international law or any other body which is set up by, or
on the basis of, an agreement between two or more countries;
21. Long journey for US National ID
1936
Real ID
2005
NSTIC
2012
A Real ID-compliant
form of identification
requires, at a
minimum, the
following pieces of
data:
• Full legal name,
• Signature,
• Date of birth,
• Gender,
• Unique, identifying
number,
• Principal residence
address,
• Front-facing
photograph of the
applicant.
Privacy vs Cyber-
security ?
Foreign Data
sharing
Interception,
Profiling vs
national security
Interoperability
internal and
external state
and federal
Public services
Social Security Number &
Driving License:
Before a card can be issued,
the applicant must provide
the following
documentation:
• A photo ID, or a non-photo
ID that includes full legal
name and birth-date.
• Documentation of birth
date.
• Documentation of legal
status and Social Security
number
• Documentation showing
name and principal
residence address.
The REAL ID Act Driver's
License Summary, details the
following provisions of the
Act's driver's license title:
• Authority
• Data Retention and Storage
• DL/ID Document Standards
• Grants to States
• Immigration Requirements
• Linking of Databases
• Minimum DL/ID Issuance
Standards
• Minimum Standards for
Federal Use
• Repeal of 9/11 Commission
Implementation Act DL/ID
Provisions
• Security and Fraud Prevention
Standards
• Verification of Documents
22. guiding principles
The Strategy specifies four
Guiding Principles to which
the Identity Ecosystem must
adhere:
• Identity solutions will be privacy-
enhancing and voluntary
• Identity solutions will be secure
and resilient
• Identity solutions will be
interoperable
• Identity solutions will be cost-
23. US-NSTIC
The realization of this vision is the user-centric “Identity Ecosystem” described in this
Strategy It is an online environment where individuals and organizations will be able to trust
each other because they follow agreed upon standards to obtain and authenticate their
digital identities—and the digital identities of devices
The Identity Ecosystem is designed to securely support transactions that range from
anonymous to fully-authenticated and from low- to high-value
The Identity Ecosystem, as envisioned here, will increase
the following:
• Privacy protections for individuals, who will be able trust
that their personal data is handled fairly and transparently;
• Convenience for individuals, who may choose to manage
fewer passwords or accounts than they do today;
• Efficiency for organizations, which will benefit from a
reduction in paper-based and account management
processes;
• Ease-of-use, by automating identity solutions whenever
possible and basing them on technol-ogy that is simple to
operate;
• Security, by making it more difficult for criminals to
compromise online transactions;
• Confidence that digital identities are adequately
protected, thereby promoting the use of online services;
• Innovation, by lowering the risk associated with sensitive
services and by enabling service providers to develop or
expand their online presence;
• Choice, as service providers offer individuals different—
yet interoperable—identity credentials and media
26. NOTARIS
Physically
appearance:
verifkasi e-ID dengan
persetujuan ybs
Notaris:
• verifikasi ID
• Pembacaan
• Penandatanganan (Signing)
• Stempel (time stamping & seal)
• Pencatatan (registering on notary log record)
• Pelaporan (reporting & sending authentic e-
copy)
Public Repository
Document
SIAK
Instansi Terkait Hukum:
• Database Badan Hukum
• Database Daftar Perusahaan
• Database NPWP
• Database Kepailitan
27. Kesimpulan
• Amanat konstitusi, pemerintah harus melindungi
segenap Bangsa Indonesia dan seluruh tumpah darah
Indonesia => apakah sdh bisa mencegah profiling dan
eksploitasi data pribadi bangsa Indonesia ?
• Demi eksistensi Bangsa Indonesia mendatang, maka
Reformasi Hukum untuk Perlindungan Privacy dan/atau
Data Pribadi merupakan hal yang sangat penting.
• Dalam jangka panjang diperlukan RUU, dalam jangka
pendek Permen Privacy dan Pribadi sebagai turunan
UU-ITE dan PP 82/2012.
28. Terima Kasih
• Mata => wawasan
• Lampu => ide intelektual
• Senyum => Optimisme
• IC/processor => TIK
• Web => geostrategis
Nusantara