Kukuh Tejomurti, Hernawan Hadi, Moch Najib Imanullah, Rachma Indriyani
The phenomenon of information technology advancement has grown in the past five years. One of the examples is the development of public transportation by utilizing online technology, such as Go-Jek, Blue Jek, Grab, Uber, etc. According to data, as of November 2017, it was found that two companies (Go-Jek and Grab) had significantly increased users.
Go-Jek and Grab had 8.8 million and 8.6 million users respectively. In details, Go- Jek has 3,403,000 male users and 5,468,000 female users; and Grab has 4,259,000 male users and 1,355,000 female users. Urban people, as users, prefer to use online transportation rather than conventional transportation because they do not have to bargain, are not afraid to be cheated, do not have to wait too long, and look for online transportation vehicles. They just have to order and wait for the drivers to contact and come. In addition, online transportation is also useful for absorbing workers as drivers. The online transportation drivers are interested in online transportation platforms due to flexibility, compensation rates, and the fact that it is not much different from full or part-time occupation that can generate income.
The concept of sharing economy in online-based transportation services can be sought by the public both as a driver and as a consumer because of three factors.
First, economical drivers, namely since the financial and economic crisis in 2008, it plays a significant role in the development of the concept of sharing economy. From the people’s point of view, the financial and economic crisis has created a skeptical paradigm to survive in the midst of capitalist economics. Therefore, the concept of sharing economy is a business alternative because it is considered easier and enables investment without large capital. The concept of sharing economy can share capital and/or assets with low costs. For instance, the Gojek applicator only provides internet-based applications to be used by vehicle owners (motorcycles or cars) to find consumers easily based on partnership agreements and profit sharing. Second, societal drivers, the United Nations predicts that in 2050, the world urban population will increase by more than 70% of the total indigenous population living in urban areas. The availability of jobs provided by companies (investors) and government do not offset the increase for urbanization. Therefore, the concept of sharing economy becomes an alternative solution for the lower economic community to survive in an increasing population density. The lower economic community does not need large capital to invest but they can do it by becoming an online transportation application partner to find consumers. Third, the technological drivers includes the development of information technology in the economic realm it strongly supports the concept of sharing economy because online transportation drivers and applicators rely on internet technology to get consumers.
In addition to many benefits both for urban communities as users and as drivers, the online-based transportation also raises various problems ranging from the issue of transportation route permits, competition with conventional transportation, to alleged violations of data privacy carried out by drivers and applicator companies. When users order online vehicles through the application, then the name, email, user’s travel route will be listed on the smartphone of the driver. The driver will be able to call the user’s telephone number to ensure a pick-up point. In addition, if the user requests to be transported to home or office, the driver will indirectly know the user’s home address or office address. Therefore, in a single trip, a driver will be able to know the private data of user.
In the development of digital technology, personal data information that consists of name, e-mail, cellphone numbers, are valuable assets because they can have economic benefit values that are widely used by businesses. This situation is known as digital dossier, which is the collection of information about a large number of people by using digital technology. The digital personal data can be collected from the online transportation application.
The ease of providing personal data in applications that use internet services in the era of digital technology is indeed unavoidable, especially for urban communities. Some people are busy in the office and have no time to buy lunch. Therefore, the use of online transportation services that offer purchasing and delivery services is a primary need. The interest in shopping for urban people who switch from conventional stores to e-commerce stores also increased significantly. For example, there are 35 million (monthly active) users of Bukalapak online shop. The number of transactions reaches 320 thousand transactions per day, which are spread throughout almost all Indonesia. Bukalapak is an online store site that has developed significantly due to various offers through social media, ease of features, and ease of transaction mechanism.
The ease provided by online transportation services and stores is attractive for users. It is undeniable that the era of digital technology has offered various benefits for consumers, such as the provision of a variety of products and convenience of online shopping so that consumers can use their time effectively and efficiently and can feel convenience in performing transactions.
On the one hand, the use of online transportation applications requires prospective users to register and provide their personal data that are then stored in database. On the other hand, the collection of privacy data and the use of internet applications will leave a digital footprint and raise concerns about a world without privacy and applicator companies becomes more aware of ourselves.
If consumer personal data is used in responsible, full of mutual respect, and in accordance with the context of the purpose, the collection of consumer personal data can help individuals and institutions to make better decisions. However, if it is not used in accordance with the context of the initial goals, then violation of the privacy right may happen. Opening confidential information is the purpose of database. Consumers’ social, political, and sexual orientation activities are interesting for online application service companies.
Essential questions arise regarding the protection of personal data and the privacy of online transportation users in urban communities who tend to be open and easy to give their privacy data to online transportation applications. Personal data, including name, address, e-mail, and mobile number will be saved automatically on the applicator and third parties such as drivers. If the mobile phone of each user and driver has WhatsApp or Line application, then the WhatsApp account and user name will be stored automatically on third party mobile phones such as drivers or other parties if they have an interest in the user’s personal data.
The issue of the privacy right is important because it relates to the protection of human rights listed in the United Nations Universal Declaration of Human Rights as follows.
“No matter how to deal with it, privacy, family, home or correspondence, nor to attack upon his honor and reputation. Everyone has the right to the protection of such interference or attacks.
“No one shall be subjected to arbitrary interference with his privacy, family, home or correspondence, nor to attacks upon his honour and reputation. Everyone has the right to the protection of the law against such interference or attacks”.
Furthermore, Article 28G of the 1945 Constitution of the Republic of Indonesia state the following.
“Setiap orang berhak atas perlindungan diri pribadi, keluarga, kehormatan, martabat dan harta benda yang di bawah kekuasaannya, serta berhak atas rasa aman dan perlindungan dari ancaman ketakutan untuk berbuat atau tidak berbuat sesuatu yang merupakan hak asasi”. [Everyone has the right to personal, family, honor, dignity, and property under his/her control, and has the right to security and protection from the threat of fear of doing or not doing something, which is a human right.]
Joe Cannataci states that if someone feels his privacy data is well protected, then the individual will have the choice to live life based on motivation and reason authentically, not based on the result of manipulation or pressure from other parties. Concerns about violations of the privacy right become important because, in the context of the life of the state, it is mandatory to protect the privacy rights of citizens, also because there are some related crimes that have happened to citizens, for example the internet hacking of two internet-based companies. First, in March 2017, a junior high school student, Haikal (19), managed to hack an online buying and selling site (Tiket.com) worth Rp4.1 billion. He also broke into more than 4,600 sites, including sites belonging to the National Police, central and regional governments, several foreign sites, and online transportation sites. Second, in April 2017 there was a hacking incident against two well-known telecommunication company sites in Indonesia. Two years earlier, there had also been a hacking of a credit card by a junior high school student in Pemalang, Central Java. The middle school student broke into someone’s credit card just to buy a hat at an online store.
Based on the provisions of the privacy policy of two favorite online transportation companies in Indonesia, the impression is that more third parties that are not affiliated with users and service providers obtain privacy data of online transportation users. Even the two online transportation companies voluntarily share sensitive data with other parties, such as marketing and advertising companies.
The potential of various parties such as business people, governments, intelligence agents, and other unaffiliated individuals to be able to collect users’ personal data creates a risk of privacy violations in the collection and management of privacy data of online transportation users. Based on the provisions of Gojek’s privacy policy, user’s personal information by Gojek will not be shared with any party other than the related driver and third-party company and individual without the consent of the consumer. However, the confidentiality of data provided by Gojek transportation users does not guarantee security protection because at any time Gojek drivers can easily send short messages to users because Gojek users give poor ratings.17 Essential problems arise regarding the protection of personal data and the privacy rights of online transportation users in urban communities who tend to be open and easy to give personal data that is their privacy in the online transportation application. Based on the background presented in the introduction, this study examines legal protection for the disclosure of online transportation users’ personal data in the era of digital technology.
Internet and the rights to privacy
In 2017 it was noted that at least more than 3,885,567,819 people in the world use internet technology. The penetration reaches 51.7% of the total world population that has exceeded 7.5 billion. The World Internet Usage and Population Statistics data as of June 30, 2017, recorded that the Asia has the highest internet users, namely 1,938,075,631 users, with penetration rate reaching almost 50%. It includes Indonesia with 1,132,700,000 users.
Data from the Asosiasi Pengguna Jasa Internet Indonesia (APJII –Indonesian Internet Service Users Association) also notes that Indonesia is the country ranked the 8th largest internet technology user in the world and the 4th in Asia. Indonesian Internet users reached 132.7 million users consisting of 52.5% male users and 47.5% female users. Java Island has highest users at 86.3 million users.
Information and communication technology simultaneously have formed a pattern of behavior and lifestyle of the community. The pattern of borderless relationships in social, cultural, economic, and law enforcement fields that take place so quickly is due to the development of information technology. In addition to providing a positive impact on human information, information technology can also be used as an effective tool in carrying out acts against the law. Information technology as an innovative step has been able to collect, store, and process data that cannot be predicted beforehand, so that the right to privacy has developed to form the rights of personal data protection.
Tabel 1. World Internet Usage
World Regions | Population | Populati on % of World | Internet Users 30 June 2017 | Penetra tion Rate (% Pop.) | Growth 2000- 2017 | Internet Users % |
Africa | 1.246.504.865 | 16,6% | 388.376.491 | 31,2% | 8.503,1% | 10,0% |
Asia | 4,148,177,672 | 55.2 % | 1,938,075,631 | 46.7 % | 1,595.5% | 49.7 % |
Europe | 822,710,362 | 10.9 % | 659,634,487 | 80.2 % | 527.6% | 17.0 % |
Latin America/C arribean | 647,604,645 | 8.6 % | 404,269,163 | 62.4 % | 2,137.4% | 10.4 % |
Middle East | 250,327,574 | 3.3 % | 146,972,123 | 58.7 % | 4,374.3% | 3.8 % |
North America | 363,224,006 | 4.8 % | 320,059,368 | 88.1 % | 196.1% | 8.2 % |
Oceania/A ustralia | 40,479,846 | 0.5 % | 28,180,356 | 69.6 % | 269.8% | 0.7 % |
World Total | 7,519,028,970 | 100.0 % | 3,885,567,619 | 51.7 % | 976.4% | 100.0 % |
The protection of personal data as one of human rights has affected a number of states to declare that data protection is a constitutional right or in other terms ‘habeas data’, namely the right of a person to obtain protection for his personal data from a violation and to correct any errors it has. Portugal is one of the states that places data protection as a constitutional right. The ASEAN Declaration of Human Rights also places the privacy rights. At present, more than 75 countries place data protection on their laws and regulations. These include Personal Data Protection in Argentina, Law on Protection of Personal and Electronic Document Information in Canada, Personal Data Protection Law in Japan, Information Technology Regulations in India, Personal Information Protection Law in South Korea, Data Protection Law in Singapore, and Personal Data Law in the Philippine. Many of the legal rules of these states refer to the Organization for Economic Co- Operation Development (OECD) and are influenced largely by European Union rules.
At the European Union level, data protection and privacy for all individuals in Europe and the European Economic Area are regulated in the General Data Protection Regulation (GDPR). The aim of GDPR is to provide oversight to citizens and residents of the European Union on personal data and to simplify the regulatory environment for international business. Companies must have higher standard rules in terms of maintaining protection of data and privacy. Companies that violate GDPR can be subject to sanctions of up to 20 million Euros. India is one of the countries affected by the GDPR rules. In 2010, India still did not have sufficient standard rules in terms of data protection and privacy so there were restrictions on the export of personal data from European Union member countries. In the end, India and the European Union have appointed an Expert Group from both parties to discuss how to form sufficient data protection. According to Ann Covoukian, privacy can be in the form of the right to control information about one’s personality and ability to determine what and how to obtain and use that personal information.
There are three elements of privacy. The first is privacy about one’s person, which is based on the general principle that everyone has the right to be alone.
From the privacy of a person, there are four kinds of violations as follows.
- Appearance that puts someone in a place that is not supposed to For example, by using a photo of a man on an illustrated picture of domestic violence.
- Public appearance of a person’s name or hobby to obtain economic benefits.
- Publication of embarrassing personal information to the public.
- Interfering one’s
The second is privacy of data about person, which is the right that binds to information about someone collected and used by others, such as: information about medical records, habits of a person, political party membership, tax information, insurance information, and action information criminal. Misuse of information collected from consumers or customers can be a violation of a person’s privacy rights.
The third is privacy for one’s communication, an online communication. Under certain conditions, the supervision and disclosure of the contents of electronic communication by other people (not by people who own it) can be categorized as a violation of a person’s privacy rights.
The concept of the privacy rights has a broad historical view in anthropological and sociological perspectives. Westin explains that the privacy right is a demand from individuals and groups to determine for themselves how, what, and when information on individuals and groups is disseminated to the public.29 Staples explains that the privacy right aims to protect individuals or groups from the potential or risk getting hurt because other people find things that are true of the individual but shameful. The United States Supreme Court in its jurisprudence states that there are two elements of privacy:30
- a person’s interest in avoiding the publication of personal information; and
- a person’s freedom to determine certain types of
Protection of human rights in international law and protection of privacy rights are regulated in Article 12 of the General Declaration of Human Rights as follows.
“No one shall be subjected to arbitrary interference with his privacy, family, home or correspondence, nor to attacks upon his honor and reputation. Everyone has the right to the protection of the law against such interference or attacks”.
The protection of the privacy rights is also affirmed in the International Convention on Civil and Political Rights. Article 17 states
- No one shall be subjected to arbitrary or unlawful interference with his privacy, family, home or correspondence, nor to unlawful attacks on his honour and
- Everyone has the right to the protection of the law against such interference or attacks.
Article 28G, paragraph (1), of the 1945 Constitution of the Republic of Indonesia also states that
“Setiap orang berhak atas perlindungan diri pribadi, keluarga, kehormatan, martabat, dan harta benda yang di bawah kekuasaannya serta berhak atas rasa aman dan perlindungan dari ancaman ketakutan untuk berbuat atau tidak berbuat sesuatu yang merupakan hak asasi manusia”
[Each person is entitled to protection of self, his family, honor, dignity, the property he owns, and has the right to feel secure and to be protected against threats from fear to do or not to do something that is part of basic rights.]
According to Article 28G paragraph (1), every Indonesian citizen has the right of privacy of data about data person, namely the rights attached to information about an individual person that is collected and used by other people. Negligence of the privacy of data about people can potentially violate the constitutional rights of citizens.
The progress and speed of information technology in the digital era today has a high risk in terms of violations of the privacy rights. This challenge is due to the progress of information technology that is very fast, global, and cross-national boundaries. The rights of privacy and information disclosure in the digital era are two important variables in a society that depends on digital technology. Both variables have a role to control the government to be accountable to its citizens. Therefore, the challenge that arises is how the state maps legal protection of personal data in order to balance the need of citizens’ privacy protection. In the context of online-based transportation applications, challenges, such as terror experienced by users of the application, appear when the users providing poor rates, determination of space and time by applicators, drivers, or other parties that are still not of particular concern to the government.
Collection of Personal Data Information on Online Transportation
The development of internet technology is not linear with the strengthening of the protection of the privacy rights of an individual or group. The privacy of an individual is increasingly vulnerable to intervention; and personal data information is more easily transferable. One of the vulnerabilities of personal data information is the emergence of integrated online-based transportation because its users/consumers will submit personal information such as name, address, date of birth, email, work, and locations of home and office.
In online-based transportation, consumers are practically placed in positions that have no choice to approve or disagree (the consent concept) a privacy policy regarding the collection, processing, and storage of their personal data. The concept of consent or agreement is the basis for building trust in the middle of the information technology era. In the concept of online relations, this concept is very fundamental, but in practice, it is difficult to establish a balanced relationship between owners and data collectors, resulting in violations of the privacy rights of consumers.
In the practice of consumer’s registration, there is a warning in the form of raw material that is very difficult to understand, length, and the form of writing that is too small. It puts user in a position of no choice, even though the consequences are long-term. Therefore, in the 39th International Conference of Data Protection and Privacy Commissioners (ICDPPC) meeting at the Faculty of Law, Hong Kong University, the consent method or approval of the complicated privacy policy notification is questioned.31 It is no longer effective in establishing a balanced relationship between private data disclosure on online transportation and the privacy rights.
The following is a summary of Gojek’s and Grab’s policy provisions
No | Terms of Privacy Policy | Gojek |
1 | Personal Information | information regarding Yourself which can be privately identified and collected through the Application, such as name, address, date of birth and occupation (if You are a person), corporate data and identity document (if You are not a person), phone number, e-mail address, permit and/or the equivalent, and other information which may identify You as an Application user. (See Gojek Personal Information Policy) |
2 | Provisions for Personal Data Information | – If You are a Customer, after receiving Your order, we will share information such as Your name, phone number, location, destination, geo-location, goods/service being ordered and/or transaction fee to the Service Provider receiving Your request over the Service. This information is necessary for the Service Provider to contact You, and/or find You and/or complete Your order. We will also give the phone number of the party that can be contacted which You have provided to us to the Service Provider when You use the Application to use the instant courier Service or other relevant Services. (See Gojek Personal Information Policy) – You hereby agree and give Us the power to share Your Personal Information to the Service Provider (if You are a Customer) or the Customer (if You are a Service Provider) as a part of the Terms of Use. Your Personal Information will be automatically deleted from the Application being used by the Service Provider (if You are a Customer) or the Customer (if You are a Service Provider) after the Service transaction is completed. However, there is a possibility that the Service Provider/Customer (as relevant) may save Your data in their device in any manner. Communication between the Customers and Service Providers made outside of the Application (such as communication by telephone or short message or other communication features outside the Application owned by AKAB and/or its Affiliate) may also be saved in the related devices. We are not liable for any data being recorded in such manners and on such basis. You agree to indemnify, pay damages to and release Us from any responsibilities over any abuse of Your Personal Information by the Service Provider/Customer (as relevant) after the Service is completed. (See Gojek Personal Information Policy) – Your Personal Information may be transferred, stored, used, and processed in a jurisdiction other than Indonesia where Our servers are located. (See Gojek Personal Information Policy) |
Table 3. Grab’s Privacy Policy
No | Terms of Privacy Policy | Grab Group |
1. | Provisions for Personal Data Collection | “Personal Data” means information about you, from which you are identifiable, including but not limited to your name, nationality, address, telephone number, fax number, bank details, credit card details, gender, resident status, financial background, personal interests, email address, your occupation, your photo, any information about you which you have provided to Grab Group in registration forms, application forms or any other similar forms and/or any information about you that has been or may be collected, stored, used and/or processed by Grab Group from time to time and includes sensitive personal data such as your identification card number, driving license number, birth certificate number, passport number, race, ethnic origin, date of birth, marital status, education background, and data relating to health, religious or other similar beliefs. If you are a service provider, we may also collect telematics data (such as your speed, acceleration, and braking data), device data (such as your IMEI number and the names of the apps you have installed on your device) and your vehicle registration data. (Grab Privacy Policy) |
The provision of your Personal Data is voluntary. However, if you do not provide Grab Group your Personal Data, Grab Group will not be able to process your Personal Data for the Purposes and Additional Purposes outlined below and may cause Grab Group to be unable to provide services or products to or accept payments from you. (Grab Privacy Policy) | ||
2 | Marketing and promotion purposes | Grab Group may also use and process your data for other purposes such as (“Additional Purposes”): · To send you alerts, newsletters, updates, mailers, promotional materials, special privileges, festive greetings from Grab Group, its partners, sponsors or advertisers; · To notify and invite you to events or activities organized by Grab Group, its partners, sponsors or advertisers; · To process your registration to participate in or attend an event or activity and to communicate with you regarding your attendance at the event or activity; · To share your Personal Data amongst its subsidiaries, associate companies and jointly controlled entities as well as with its agent, vendor, supplier, partner, contractor or service provider who may communicate with you to market their products, services, events or promotions; by way of post, telephone call, short message service (SMS), online messaging service, by hand and/or by email. |
3 | Transfer of personal data | Your Personal Data may be transferred to, stored, used and processed in a jurisdiction other than your home nation or otherwise in the country, state and city in which you are present while using any services provided by Grab Group (“Alternate Country”), to companies under Grab Group which are located outside of your home nation or Alternate Country and/or where Grab |
Group’s servers and/or service providers and partners are located outside of your home nation or Alternate Country. You understand and consent to the transfer of your Personal Data out of your home nation or Alternate Country as described herein. (Grab Privacy Policy) | ||
4 | Disclosure to third party | Your personal data may be transferred, accessed or disclosed to third parties for the Purposes and Additional Purposes. Further, Grab Group may engage other companies, service providers or individuals to perform functions on its behalf, and consequently may provide access or disclose to your Personal Data to such service providers or third parties. (Grab Privacy Policy) The third parties include, without limitation: · Grab Group partners, which include parties with whom Grab Group collaborates with for certain events, programs and activities; · Advertisers; · Event management companies and event sponsors; · Marketing research companies; · Service providers, including, information technology (IT) service providers for infrastructure, software and development work; · Professional advisors and external auditors, including legal advisors, financial advisors and consultants; · Other entities within Grab Group; and · Governmental authorities to comply with statutory, regulatory and governmental requirements. |
Based on the two providers’ privacy policies, the following information can be drawn.
A. Legal Protection for Online-Based Transportation Users’ Personal Data within Urban Communities in the Age of Digital Technology
At least four risks are important on users’ personal data disclosure, in terms of the protection of personal data and the privacy rights. They are the determination of personal data, the legal protection, the responsible authority, and the legal efforts
First, customers’ personal data includes name, face, home address, location, workplace, and user ID. The customer’s personal data disclosure is vulnerable to the potential for the determination of the time the customer goes to work, home from work, daily route, home atmosphere, and workplace conditions. Criminals can use them to carry out acts of crime, robbery, rape, or data transfer to other parties. To this issue, there are currently no specific governance arrangements to protect digital personal data of customers of online-based transportation.
In addition to the vulnerability to the determination of the customer’s personal data, the applicator can find out trends and interests in the use of application features. This information can potentially be used for certain product business objectives that are not desired by customer. Vulnerability violations of the privacy rights of online transportation users can also occur because service provider/driver can easily obtain consumer’s personal data consisting of work place location, as well as the user’s mobile number where the user’s mobile number is also connected to WhatsApp or user line applications service/driver can indirectly have WhatsApp customer access. Therefore, service provider/driver can utilize customer’s personal data outside of transportation services without permission from the owner of personal data that should be protected.
Article 26 of Law Number 11 of 2008 on Electronic Information and Transactions states
- Kecuali ditentukan lain oleh peraturan perundang-undangan, penggunaan setiap informasi melalui media elektronik yang menyangkut data pribadi seseorang harus dilakukan atas persetujuan orang yang bersangkutan;
- Setiap orang … dan seterusnya;
[1) Unless otherwise stipulated by statutory regulations, the use of any information through electronic media relating to one’s personal data must be carried out with the consent of the person concerned;
2) Everyone … and so on]
According to Article 21 of the Regulation of the Minister of Communication and Information Technology Number 20 of 2016 on the Protection of Electronic Personal Data, showing, announcing, sending, disseminating, and/or opening access to personal data in an electronic system can only be done upon approval unless specified otherwise by the provisions of the legislation; and after verifying accuracy… and so on.
Third parties such as service providers/drivers who utilize and process customers’ personal data outside of service delivery transactions according to online transportation applications and without the approval of personal data owners, namely customers/users, have the potential to violate the privacy rights of customers/users of online transportation. Although in the registration of online transportation applications the user has agreed to a privacy policy, it does not mean that third parties can utilize and process customer personal data. Users only approve online transportation applicator as an organizer of electronic systems not with third parties such as drivers or companies and other third parties such as marketing, sponsoring, and advertising companies.
The second is about who is responsible for the failure of data protection and leakage. Article 15 of Government Regulation Number 82 of 2012 on the Implementation of Systems and Electronic Transactions (hereinafter referred to as PP PSTE) mentions,
“Jika terjadi kegagalan dalam perlindungan data pribadi yang dikelola, Penyelenggara Sistem Elektronik wajib memberitahukaan secara tertulis kepada pemilik data pribadi”
[If there is a failure in the protection of managed personal data, the Electronic System Operator must notify the owner of the personal data in writing]
The definition of failure in Article 15 does not explain the coverage of the definition that only mentions the explanation of Article 15 paragraph (1) containing procedural failure of confidentiality and security in data processing and system failure from the aspects of reliability and security of the system used. If a third party (service provider/driver) can obtain and process the personal data of the application user without approval, procedural failure of confidentiality and protection in data processing can be expected and the applicator as the organizer of the electronic system is responsible for risk vulnerability violating the privacy rights of application users.
Third, the users’ personal data can be stored, processed, and transferred to servers outside the jurisdiction of Indonesia. The use of online transportation applications has a risk vulnerability in the form of misuse of users’ personal data information. In the privacy policy of the two online transportation companies, user’s personal data can be used, processed, and transferred to servers outside of the Indonesian jurisdiction. Therefore, it becomes a difficult problem to resolve when there is abuse of information processing of the user’s personal data because, in addition to the issue of different jurisdictions, it is also related to the issue of differences in regulations regarding the protection of privacy data among states, especially that have rules to organize activities related to data processing.
Fourth, application users who feel aggrieved due to illegal actions from third parties (service providers/drivers) can use electronic evidence to make claims for compensation for losses incurred because of failure to protect personal data information security. However, users face the problem because the provisions of the privacy policy set the standard that the applicator is not responsible or assigns responsibility to other parties because of the actions of third parties (drivers or other third parties) who utilize the user’s personal data information without the owner’s consent data. In this case, there is a concern that the existence of a standard contract is the inclusion of an exoneration clause, namely a clause that contains conditions that limit or even completely erase the responsibility that should be charged to the provider (organizer of electronic system).
Fifth, to resolve problems between the interests of privacy right protection and the interests to maintain information and data disclosure in the era of digital technology, better regulation is needed so that the two variables run in a balanced manner. In practice, regulations regarding information disclosure and protection of privacy are regulated separately. At present, the Law Number 14 of 2008 on Public Information Openness regulates disclosure of information and data. On the other hand, regulations on protection of privacy are regulated in the Regulation of the Minister of Communication and Information Technology Number 20 of 2016 on Personal Data Protection. If we pay attention to the consequences of violations and the privacy rights in the community, which can be materially detrimental and immaterial, it should be legitimized through a Law on the Protection of Personal Data, which has sanctions to ensnare those who violate the right to privacy.
The issue of the protection of personal data arises because of gaps with other regulations, for example, this problem occurs in the right to request information about the Presidential Decree regarding pardon to death row inmates. The response from the State Secretariat informs that the data about the death row inmates cannot provide the information because the Law number 14 of 2008 on Public Information Disclosure excludes the information. It contains authentic data that is private and confidential. In ICJR’s view, the answer of the State Secretariat is unacceptable because all the personal information of the death row inmates has basically been opened because of the Court’s Decision which has permanent legal force.
E. Conclusion
The privacy rights of the online transportation user in Indonesia is not fully protected because third parties, such as service providers/drivers and other companies can access the personal data information of online transportation users without approval from the owner and users give consent personal data information only to the applicator as the organizer of the electronic system.
The use, processing, procedure, and storing of personal data outside of Indonesian jurisdiction becomes a difficult problem to resolve when there is an abuse of information processing of users’ personal data. In addition to the issue of different jurisdictions, it is also related to the issue of differences in regulation of privacy data protection among states, especially they who have rules to give freedom to private companies in regulating their own data processing activities.
Consumers who are harmed by the actions of third parties (drivers or other third parties) face problems because the provisions of the privacy policy set standard that applicator is not responsible or assigns responsibility to other parties due to third party actions (drivers or other third parties) that utilize the user’s personal data information without the data owner’s consent. In this case, there is a concern with the existence of a standard contract or standard document on the inclusion of an exoneration clause, namely a clause that contains conditions that limit or even completely erase the responsibility that should be charged to the provider of electronic system.
The issue of the protection of personal data arises because of gaps with other regulations, for example, for example, this problem occurs in the right to request information about the Presidential Decree regarding pardon to death row inmates. The response from the State Secretariat informs that the data about the death row inmates cannot provide the information because the Law number 14 of 2008 on Public Information Disclosure excludes the information. It contains authentic data that is private and confidential. In ICJR’s view, the answer of the State Secretariat is unacceptable because all the personal information of the death row inmates has basically been opened because of the Court’s Decision which has permanent legal force.
this article has been published Journal PJIH