Data Protection and Cybersecurity in Indonesia: Online Marketing
By Denny Rahmansyah and Farah Nabila
Indonesia\'s Electronic Information Law, Government Regulation 82 regarding the Implementation of Electronic Systems and Transactions, and Ministry of Communication and Informatics (MOCI) Regulation 20 regarding the Protection of Personal Data in Electronic Systems (jointly referred to as the PDP Regulations) are silent on the sending of unsolicited commercial or marketing communications.
While it is not explicit, the Indonesian Financial Services Authority (OJK), through its Regulation No. 1/2013, has imposed a prohibition on telemarketing telephone calls or texts by prohibiting businesses in the financial services sector from making any product or service offering or marketing to consumers and/or the public through private communication facilities without the prior consent of the consumer.
Businesses in the financial services sector are defined as commercial banks, rural banks, securities companies, investment advisors, custodian banks, pension funds, insurance companies, reinsurance companies, multi-finance institutions, pawn companies and guarantee companies that operate under conventional or sharia arrangements.
The OJK regulation also specifies that the business must include and/or mention the logo and/or the name of its company and a statement that it is duly registered and supervised by the OJK. Consumers can file a complaint with the OJK if they receive telemarketing telephone calls or texts, and the OJK will proceed to investigate and stipulate any applicable sanctions for such business. The sanctions range from a written warning and fines to the limitation of business scope, suspension of business activities, and revocation of its business license.
There are no specific regulations pertaining to behavioral advertising. As such, the activity of behavioral advertising is subject to the general requirement for the obtainment of consent of the data subject.
There are no specific regulations pertaining to location-based advertising or other communications. As such, the activity of location-based advertising is subject to the general requirement for the obtainment of consent of the data subject.
This first appeared in the 2019 Chambers Data Protection and Cyber Security Guide, published by Chambers and Partners. You can find the full chapter here.
This publication is intended for informational purposes only and does not constitute legal advice. Any reliance on the material contained herein is at the user\'s own risk. You should contact a lawyer in your jurisdiction if you require legal advice. All SSEK publications are copyrighted and may not be reproduced without the express written consent of SSEK.