Indonesia: Adopted Personal Data Protection Bill outlining data subject rights

On 20 September 2022, the Personal Data Protection (PDP) Bill was adopted by the House of Representatives of the Republic of Indonesia. The Bill defines personal data and differentiates between “specific personal data” and “personal data of a general nature”. In particular, the Bill outlines additional protections for “specific personal data”, which includes biometric, genetic, criminal, economic and children’s data. Furthermore, the Bill outlines the user’s rights, including the right to access and delete data, to withdraw the approval to data processing and to be informed about data processing. Finally, the Bill states that entities must obtain consent from users to collect their data. In case of non-compliance, responsible individuals and the entity face 5 years of imprisonment and a fine of IRP 5 billion.