There are plenty of lessons for ASEAN to learn from the dynamics of the EU’s cyber regulations such as GDPR and e-IDAS and, use them to foster its own security and elevate a trust in regional e-commerce
While our troposphere is dangerously polluted, one other space follows the same pattern: cyberspace. Additionally, our cyberspace has become increasingly brutalised by its rapid monetisation and weaponisation. It mainly occurs through privacy erosion. The challenge then is about how to effectively protect individuals and their fundamental human rights, and how to exercise a right for dignity and privacy?
The European Union (EU) now offers a model legislation to its member states, and by its spillover to similar supra-national projects elsewhere (particularly the Association for Southeast Asian Nations or ASEAN, but also the African Union, Organization of American States, Shanghai Cooperation Organisation, South Asian Association for Regional Cooperation and League of Arab States), and the rest of world.
The technology of today serves not only a Weberian predictability imperative – to further rationalise society. It makes society less safe and its individuals less free.
Prevention of the misuse of personal information is the main reason the EU introduced the new set of provisions, as of May 2018. Hence, the General Data Protection Regulation (GDPR) is an ambitious attempt to further regulate digital technology, especially in respect to private data protection. It is, of course, in conformity with provisions of both, the Universal and the European Charter of Human Rights.
The intention of legislators behind the GDPR is two-fold: to regulate domestically as well as to inspire and galvanise internationally.
ASEAN, the Indo-Pacific and Asia
For the rest of the world, the GDPR should be predictive and eventually obligational.
It is obvious that the stipulations of the GDPR would serve well, the interests of the Republic of Indonesia. That is actually in line with the very spirit of the 1945 Indonesian Constitution, which obliges the State to protect, educate and prosper the Indonesian people. The Constitution clearly proclaims that respecting individual personal data rests upon two principles of the ‘Pancasila’, the official, foundational philosophical theory of the Indonesian State. One of them is ‘fair and civilized humanity’. Mutual grant and observance of everyone’s elementary rights is an essence of freedom and the overall advancement of society.
The government, with the mandate of its authority to protect the public (public trust doctrine), must manage personal data fairly and accountably. The GDPR also encourages the formation of an independent personal data protection supervisory institution so that it can correct the policies and rules of the bureaucracy and state administration to act accordingly in managing the personal data of the population. Moreover, every democratic government should be more proactive in protecting society when it comes to the management of the personal data of its residents.
When it comes to the Right to be forgotten (Right for Privacy and Right for Dignity), Indonesia must see it as a principle of real protection that is in the best interests of data owners. Further on, such a right should be strengthened by the principle of 'without undue delay', as to avoid the administrative obligation to request a court decision to uphold the right. In the long run, it will surely benefit businesses far more than the personal data originators themselves.
Leading by example
Regarding security, Indonesia must immediately have a clear policy on cryptography to protect personal data. Cryptography is a double-use process; it can be utilised for civilian purposes, but it can also be used for vital national interests, such as defense and security. Therefore, privacy and cyber security protection is a complementary concept of protection. A holistic approach strengthens both, the rights of individuals as well as the protection of national interests, rather than conflicting one over the other.
Finally, the ASEAN Declaration of Human Rights in its Article 21 stipulates that the protection of personal data is an elementary part of privacy. As one of the founding members, a country that even hosts ASEAN’s headquarters, Indonesia must observe the notions of this Human Rights Charter. That is the additional reason why the nation has to lead by example.
The EU’s GDPR clearly encourages a paradigm shift within the public services and government administration services on the national, sub-national and supra-national levels for all the ASEAN member states.
There are plenty of lessons for Indonesia to learn from the dynamics of the EU’s regulation of GDPR and e-IDAS (an EU regulation on a set of standards for electronic identification and trust services for electronic transactions in the European Single Market) and use them for its own benefit, including fostering its own security and elevating a trust in regional e-commerce within the ASEAN economic zone. Since the ASEAN (if combined) is the 4th largest world economy, this is a call of the future. After all, the EU and ASEAN – each from its side of Eurasia – are twin grand projects of necessity, passion and vision.
Naturally, for anyone outside, Indonesia and ASEAN are already seen as the world's e-commerce hub, of pivotal importance far beyond the Asia-Pacific theatre.
Anis H Bajrektarevic is chairperson and professor in international law and global political studies, Vienna, Austria
Melda Kamil Ariadno is a Professor of International Law at the Faculty of Law Universitas Indonesia, Jakarta
We are a voice to you; you have been a support to us. Together we build journalism that is independent, credible and fearless. You can further help us by making a donation. This will mean a lot for our ability to bring you news, perspectives and analysis from the ground so that we can make change together.
Comments are moderated and will be published only after the site moderator’s approval. Please use a genuine email ID and provide your name. Selected comments may also be used in the ‘Letters’ section of the Down To Earth print edition.