By Prof. Melda Kamil Ariadno, Prof. Anis H Bajrektarevic
While our troposphere is dangerously polluted, one other space – that of intangible world, created by the interconnected technology – follows the same pattern: a cyberspace. Additionally, our cyberspace becomes increasingly brutalised by its rapid monetisation and weaponisation. It mainly occurs through privacy erosion. How to protect effectively individuals and their fundamental human rights, and how to exercise a right for dignity and privacy?
The EU now offers a model legislation to its Member States, and by its transformative power (spillover) to the similar supranational projects elsewhere (particularly ASEAN, but also the AU, OAS, SCO, SAARC, LAS, etc.), and the rest of world.
Technology of today serves not only a Weberian predictability imperative – to further rationalise society. It makes society less safe and its individuals less free.
Prevention of the personal information misuse is the main reason the EU introduced the new set of provisions, as of May 2018. Hence, the General Data Protection Regulation (GDPR) is an ambitious attempt to further regulate digital technology, especially in respect to the private data protection. It is of course in conformity with provisions of both the Universal and the European Charter of Human Rights.
The intention of legislator behind the GDPR is twofold: to regulate domestically as well as to inspire and galvanise internationally.
ASEAN, INDO-PACIFIC, ASIA
For the rest of the world, the GDPR should be predictive and eventually obligational.
It is obvious that the stipulations of the GDPR would serve well interests of Republic of Indonesia (RI). Thatis actually in line with a very spirit of the 1945 Constitution, which obliges the state to protect, educate and prosper the Indonesian people. This supreme state act clearly proclaims that the respecting individualpersonal data is resting upon thetwo principles of the Pancasila. Namely these of;Fair and Civilized Humanity. Mutual grant and observance of everyone’s elementary rights is an essence of freedom and overall advancement of society.
The government, with the mandate of its authority to protect the public (public trust doctrine), must manage the personal data fairly and accountably. The GDPR also encourages the formation of an independent personal data protection supervisory institution so that it can correct the policies and rules of the bureaucracy and state administration to act accordingly in managing the personal data of the population. Moreover, every democratic government should be more proactive in protecting society when comes to the management of the personal data of its residents.
When comesto the Right to be Forgotten(Right for Privacy and Right for Dignity), Indonesia must see it as a principle of real protection that is in the bestinterests of data owners. Further on, such a rightshould be strengthened by the principle of 'without undue delay', as to avoidthe administrative obligation to request a court decision to uphold the right. On a long run, it will surely benefit businesses far morethan the personal data originators themselves.
LEADING BY EXAMPLE
Regarding security, Indonesia must immediately have a clear policy on Cryptography to protect personal data. Cryptography is a double-use process; itcan be utilisedfor civilian purposes, but it can also be usedfor the vital national interests, such as defense and security. Therefore, privacy and cybersecurity protection is a complementary concept of protection. Holistic approach strengthens the both rights of individuals as well as protection of national interests,rather than it ever conflicts one over the other.
Finally, the ASEAN Declaration of Human Rights in its article 21 stipulates that the protection of personal data is elementary part of Privacy. As one of the founding members, a country that even hosts the Organisation’s HQ, Indonesia must observe the notions of this Human Rights Charter. That is the additional reason why RI has to lead by example.
The EU’sGDPR clearly encourages a paradigm shift within the public services and government administration services on national, subnational and supranational level for all the ASEAN member states.
Indonesia and ASEAN can take a lot of learning from the dynamics of the EU’s regulation of GDPR and e-IDASas to its own benefit – to foster its own security and to elevate a trust in regional e-commerce within the ASEANeconomic zone. Since the ASEAN (if combined) is the 4th largest world economy, this is a call of future that already starts now. After all the EU and ASEAN – each from its side of Eurasia – are twin grand projects of necessity, passion and vision.
Naturally, for anyone outside, Indonesia and ASEAN are already seen asthe world's e-commerce hub, of pivotal importance far beyond the Asia-Pacific theatre.
About the authors:
Prof. Melda Kamil Ariadno(SH, LLM, PhD) is a Professor of International Law at the Faculty of Law Universitas Indonesia, Jakarta. She is currently the Dean of the Faculty of Law Universitas Indonesia and the Head of Center for Sustainable Ocean Policy. She obtained her bachelor’s degree from Universitas Indonesia in 1992. Then, she received both her LL.M. and Ph.D. from the University of Washington in 1995 and 2011, respectively.She has served as legalexpert for several governmental bodies among others the Ministry of Marine Affairs and Fisheries.
Prof. Anis H Bajrektarevicis chairperson and professor in international law and global political studies, Vienna, Austria. He has authored six books (for American and European publishers) and numerous articles on, mainly, geopolitics energy and technology. For the past decades, he has over 1,200 hours of teaching on the subject International Law. Two of his books are related to cyber space, cyber law and cyber wrongdoings. Professor is editor of the NY-based GHIR (Geopolitics, History and Intl. Relations) journal, and editorial board member of several similar specialized magazines on three continents. His 7th book is to be realised in New York in December.