Presented by Prof. Kalamullah Ramli, Executive Team National ICT Council (DeTIKNas) in IISF 2012, Bandung, 10 Oktober 2012

1. Privacy and Data Protection
Prof. Dr.-Ing. Kalamullah Ramli
Executive Team National ICT Council
Indonesia ICT Council

2. Privacy and Data Protection
Principles

3. Madrid Resolution 2009
• The need for international standards on
privacy and data protection
• To define a set of principles and rights
guaranteeing the effective and internationally
uniform protection of privacy
• Basic principles are
- Lawfulness and fairness - Proportionality
- Purpose spefication - Data quality
- Openness - Accountability
3

4. Basic Principles on Privacy and Data Protection
• Lawfulness and Fairness Principle
Personal data must be fairly processed, respecting
the applicable legislation as well as the rights
freedom of individuals in conformity with the
purpose and principles of the Universal
Declaration of Human Rights and International
Convenant on Civil and Political Rights
• Proportionality Principles
Personal data should be limited to such processing
as is adequate, relevant and not excessive in
relation to the purpose for which it was intended
4

5. Basic Principles on Privacy and Data Protection
• Purpose Specification Principle
processing of personal data should be limited to
the fulfilment of the specific, explicit and
legitimate purpose for which it was collected
• Data Quality Principle
personal data shall be kept accurate and up to
date and not be retained beyond the period for
which it was intended
5

6. Basic Principles on Privacy and Data Protection
• Opennes Principle
the data controller shall have transparent policies
with regard to processing of personal data
• Accountability Principle
the data controller shall take all the necessary
measures to observe the principles and
obligations set out the in the Madrid Resolution
and in the applicable national legislation, and have
the necessary internal mechanisms in place for
demonstrating such observance both to data
subjects and to the regulatory authorities
6

7. Privacy by Design

8. Universal Declaration of Human Rights (article 12)
No one shall be subjected to arbitrary
interference with his privacy, family, home, or
correpondence, nor to attacts upon his honour
and reputation. Everyone has the right to the
protection of the law against such interference
or attacts
8

9. Privacy by Design
9

10. Privacy Enhancing Technology

11. Privacy Enhancing Technology (PET)
1. Reduce the risk of contravening privacy
principles and legislation
2. Minimize the amount of data held about
individuals
3. Allow individuals to retain control about
themselves at all time
11

12. Technologies for Privacy Protection Measures
in the Data Life Cycle
12

13. Penutup

14. CLOSURE
• The awareness on Privacy and Data Protection 
Education
• Synergy (inter-ministries) on the Development of
Eletronic Privacy and Data Protection  Government
Regulation (Peraturan Pemerintah, PP)
• The involvement of experts, standard bodies,
business representatives, and communities
– International Telecommunication Union (ITU)
– International Organization for Standard (ISO)
– Cloud Security Alliance (CSA), COBIT, etc
– MIKTI, MITI, Aspiluki, IMOCA, etc
14

15. INDONESIA NATIONAL ICT COUNCIL
www.detiknas.org
pmo.detiknas@kominfo.go.id
©2012