A Case Study on Facebook Data Theft in Indonesia

The rights to privacy as an individual fundamental right should be protected. Ironically, this right is deliberately delivered publicly in social media. And Facebook, the largest social media, keep more than 2.2 billion privacies data in the whole world. In early April 2018, one million personal data of Indonesian Facebook users was stolen by other parties. Mark Zuckerberg, as a founder and CEO, acknowledged that the Facebook data consisting of customer personal data had been stolen and used by other parties. It is one of the weaknesses and negligence of Facebook that needs to be addressed in the future. Indonesia government issued a warning letter to Facebook and required formal explanation concerning those recent cases. However, the Government's seriousness on the protection of personal data of its citizens is still questioned. How Indonesian regulations cover private data protection on their citizen and what steps should be taken to protect personal data in Indonesia? By using the International instrument and Indonesia legal instruments on the protection of privacy right, this article would give the answer what government Indonesian should do to undertake this situation. The research found that the regulation of privacy protection is sufficient yet the government has no determination to take account seriously on protecting the privacy right, and no sanction to the parties was involved. Socialization on the importance of personal data toward Indonesian society in Indonesia should be done, from the basic to the top level. Keyword: Right Privacy, International Law, Fundamental Rights

Download Full-text

The GDPR as Global Data Protection Regulation?

AJIL Unbound ◽

10.1017/aju.2019.80 ◽

2020 ◽

Vol 114 ◽

pp. 5-9 ◽

Cited By ~ 2

Author(s):

Cedric Ryngaert ◽

Mistale Taylor

Keyword(s):

International Law ◽

Data Protection ◽

Personal Data ◽

Fundamental Rights ◽

General Data Protection Regulation ◽

Data Protection Directive ◽

Protection Legislation ◽

General Data ◽

Global Data ◽

The Eu

The deterritorialization of the Internet and international communications technology has given rise to acute jurisdictional questions regarding who may regulate online activities. In the absence of a global regulator, states act unilaterally, applying their own laws to transborder activities. The EU's “extraterritorial” application of its data protection legislation—initially the Data Protection Directive (DPD) and, since 2018, the General Data Protection Regulation (GDPR)—is a case in point. The GDPR applies to “the processing of personal data of data subjects who are in the Union by a controller or processor not established in the Union, where the processing activities are related to: (a) the offering of goods or services . . . to such data subjects in the Union; or (b) the monitoring of their behaviour . . . within the Union.” It also conditions data transfers outside the EU on third states having adequate (meaning essentially equivalent) data protection standards. This essay outlines forms of extraterritoriality evident in EU data protection law, which could be legitimized by certain fundamental rights obligations. It then looks at how the EU balances data protection with third states’ countervailing interests. This approach can involve burdens not only for third states or corporations, but also for the EU political branches themselves. EU law viewed through the lens of public international law shows how local regulation is going global, despite its goal of protecting only EU data subjects.

Download Full-text

Governing Through Data

Personalized Law ◽

10.1093/oso/9780197522813.003.0011 ◽

2021 ◽

pp. 201-222

Author(s):

Omri Ben-Shahar ◽

Ariel Porat

Keyword(s):

Data Protection ◽

Privacy Protection ◽

Personal Data ◽

Opt Out ◽

The Government ◽

Private Actors ◽

Massive Information

Personalized law requires massive information, and this chapter examines some of the problems relating to the accumulation of personal data in the hands of the government. It first surveys what kinds of information would be needed and how lawmakers might hope to acquire that necessary data. While much information is already available in government databases, is it realistic to expect commercial databases to share the data with the government? The chapter then shifts to asking how the personalized commands would be communicated to actors. It argues, counterintuitively, that in important areas, private actors may often find it easier to know their personalized command than figure out the uniform command. Finally, the chapter examines problems of privacy and data protection, arising from the accumulation of data in the hands of governments. It argues that privacy interests vary across people, and thus privacy protection—like other aspects of personalized law—could itself be personalized, allowing people to opt out of some privacy-sensitive personalized treatments.

Download Full-text

Analysis Principles of Personal Data Protection on COVID-19 Digital Contact Tracing Application: PeduliLindungi Case Study

Lex Scientia Law Review ◽

10.15294/lesrev.v5i2.50601 ◽

2021 ◽

Vol 5 (2) ◽

pp. 65-88

Author(s):

Anugrah Muhtarom Pratama ◽

Umi Khaerah Pati

Keyword(s):

Data Protection ◽

Personal Data ◽

Contact Tracing ◽

Privacy Rights ◽

The Public ◽

Personal Data Protection ◽

The Future ◽

The Government ◽

The One

This article aims to review the application of the principle of personal data protection as part of privacy rights in the PeduliLindungi application considering that on the one hand, the PeduliLindungi application helps the government to reduce the spread of the COVID-19 virus. But on the other hand, there is a threat of misuse of personal data in the future. This background article is based on the use of the PeduliLindungi application, which was initially used to track the spread of the virus during the COVID-19 pandemic. But it seems that the public will increasingly use its use in the future, especially now that it has begun to be planned as an e-wallet and started integrating with several other applications. This article reveals that there has been a dual role by the Ministry of Communication and Informatics as a supervisor and controller of personal data in Indonesia so that it has implications for the PeduliLindungi application that has not fully applied the principles of personal data protection when collecting, processing, and storing personal data. For the future, a comprehensive legal development drive is needed related to the protection of personal data. There is a personal data protection agency and Data Protection Officer (DPO) to more strongly enforce the principles of personal data protection.

Download Full-text

THE RIGHT TO DATA PROTECTION VERSUS “SECURITY”

Revista Direitos Culturais ◽

10.20912/rdc.v15i36.18 ◽

2020 ◽

Vol 15 (36) ◽

pp. 209-232

Author(s):

Marcos Vinicius Viana da Silva ◽

Erick Da Luz Scherf ◽

Jose Everton Da Silva

Keyword(s):

Data Protection ◽

Privacy Protection ◽

Data Privacy ◽

Personal Data ◽

Fundamental Rights ◽

State Of Exception ◽

Personal Data Protection ◽

Data Privacy Protection ◽

Rights Discourse ◽

The Right

The protection of personal data in the cyberspace has been an issue of concern for quite some time. However, with the revolutions in information technology, big data and the internet of things, data privacy protection has become paramount in an era of free information flows. Considering this context, this research intends to shine a light on the experience of Brazil regarding data privacy protection, through the analysis of a brand new bill passed by Congress: the Brazilian General Personal Data Protection Act. Our assessment of the legislation was made from the perspective of a human rights-based approach to data, aiming to analyze both advancements, limitations and contradictions of the rights-discourse in the LGPD. Our main conclusions were that the (public and national) security rhetoric, also present in the bill, can create a state of exception regarding the processing of personal data of those considered “enemies of the state”, which may result in violations of fundamental rights and procedural guarantees.

Download Full-text

EU Data Protection Rules and the Lack of Compliance in Sweden

Nordic Journal of European Law ◽

10.36969/njel.v3i2.22395 ◽

2020 ◽

Vol 3 (2) ◽

pp. 95-103

Author(s):

Ester Herlin-Karnell

Keyword(s):

Data Protection ◽

Market Access ◽

Personal Data ◽

Fundamental Rights ◽

The Internet ◽

Eu Law ◽

Private Data ◽

External Dimension ◽

The Right ◽

The Eu

In this short reflection paper, I will set out to explain how and why Sweden breaches EU data protection rules. I will start by providing a brief overview of the EU data protection framework to paint the background picture. Thereafter I will discuss the scope for derogating from the obligations set out in the GDPR and thereby test the Swedish exception and show that it is not proportionate and undermines the purpose of the GDPR. Subsequently, I will discuss why some core fundamental rights of EU law should not be possible to derogate from, when as in the Swedish case it seems to boil down to economic question of who gets to own the data. I will conclude by linking the question of the right to data protection and why licenses should not give companies a carte blanche to publish personal data about people in Sweden to the question of market access. There is an imbalanced relationship here, to use the internal market vocabulary, with Swedish people having all their private data published online while other EU states do not do that. Likewise, there is an external dimension here: the data is available on the internet globally and therefore third countries also access it.

Download Full-text

Implementation of Regulation of The Minister of Kominfo Number 20 2016 in Disdukcapil Sleman, Temanggung, and Gianyar District

JURNAL PENELITIAN KOMUNIKASI DAN OPINI PUBLIK ◽

10.33299/jpkop.24.1.2704 ◽

2020 ◽

Vol 24 (1) ◽

Author(s):

Nfn Darmanto ◽

Nur Zaini

Keyword(s):

Personal Data ◽

Electronic Systems ◽

Case Study Method ◽

Literature Study ◽

Civil Registration ◽

Edwards Model ◽

District Government ◽

The Government ◽

Study Techniques

AbstrakPenelitian ini dilatarbelakangi oleh menguatnya wacana mengenai pentingnya perlindungan data pribadi dan terbitnya Peraturan Menteri Komunikasi dan Informatika Nomor 20 Tahun 2016 tentang Perlindungan Data Pribadi dalam Sistem Elektronik. Adapun tujuan penelitian adalah untuk mengetahui kinerja implementasi Peraturan Menteri tersebut di lingkungan Pemerintah Kabupaten. Penelitian dilakukan di Dinas Kependudukan dan Pencatatan Sipil pada Pemerintah Kabupaten Gianyar, Temanggung, dan Sleman dengan menggunakan metode studi kasus, sedangkan pengumpulan data menggunakan teknik studi pustaka, wawancara, dan observasi. Pembahasan dilakukan dengan menggunakan konsep implementasi model Edwards yang melihat implementasi berdasarkan variabel komunikasi, sumber-sumber, kecenderungan-kecenderungan, dan struktur birokrasi. Hasil penelitian menunjukkan bahwa penyelenggaraan administrasi kependudukan yang di dalamnya termasuk perlindungan data pribadi oleh Dinas Kependudukan dan Pencatatan Sipil merujuk pada Peraturan Menteri Dalam Negeri Nomor 61 Tahun 2015, sedangkan Peraturan Menteri Komunikasi dan Informatika Nomor 20 tahun 2016 sama sekali belum mereka ketahui. AbstractThis research is motivated by the strengthening of discourse regarding the importance of protecting personal data and the issuance of Minister of Communication and Information Regulation No. 20 of 2016 concerning Protection of Personal Data in Electronic Systems. The research objective is to determine the performance of the implementation of the Ministerial Regulation within the District Government. The study was conducted at the Department of Population and Civil Registration at the Government of the Regency of Gianyar, Temanggung, and Sleman by using a case study method, while data collection using literature study techniques, interviews, and observations. The discussion was carried out using the concept of implementation of Edwards model that looked at implementation based on communication variables, sources, trends, and bureaucratic structure. The results showed that the administration of population administration which included the protection of personal data by the Population and Civil Registry Office referred to the Minister of Home Affairs Regulation No. 61 of 2015, while the Minister of Communication and Information Regulation No. 20 of 2016 was completely unknown to them.

Download Full-text

Legal Implications of “Sharenting”

Law and World ◽

10.36475/6.2.3 ◽

2020 ◽

Vol 6 (2) ◽

pp. 19-26

Keyword(s):

Social Media ◽

Privacy Protection ◽

Family Members ◽

Fundamental Rights ◽

Internet Services ◽

Legal Implications ◽

Close Relatives ◽

Visual Materials

Sharing child’s visual materials online for purely personal purposes by parents, family members or close relatives is a widespread practice, especially, where the availability of internet services is provided, which therefore, poses challenges to privacy protection of the child. Children, as one of the most vulnerable members of society, need special attention with regard of protection of fundamental rights, where privacy a crucial one. This article reviews the implications of child’s privacy on social media with the emphasis on sharing minor’s visual materials.

Download Full-text

Reconciliation of anti-money laundering instruments and European data protection requirements in permissionless blockchain spaces

Journal of Cybersecurity ◽

10.1093/cybsec/tyab004 ◽

2021 ◽

Vol 7 (1) ◽

Author(s):

Iwona Karasek-Wojciechowicz

Keyword(s):

Data Processing ◽

Money Laundering ◽

Data Protection ◽

Task Force ◽

Policy Instruments ◽

Personal Data ◽

General Data Protection Regulation ◽

Terrorist Financing ◽

The Government ◽

High Level

AbstractThis article is an attempt to reconcile the requirements of the EU General Data Protection Regulation (GDPR) and anti-money laundering and combat terrorist financing (AML/CFT) instruments used in permissionless ecosystems based on distributed ledger technology (DLT). Usually, analysis is focused only on one of these regulations. Covering by this research the interplay between both regulations reveals their incoherencies in relation to permissionless DLT. The GDPR requirements force permissionless blockchain communities to use anonymization or, at the very least, strong pseudonymization technologies to ensure compliance of data processing with the GDPR. At the same time, instruments of global AML/CFT policy that are presently being implemented in many countries following the recommendations of the Financial Action Task Force, counteract the anonymity-enhanced technologies built into blockchain protocols. Solutions suggested in this article aim to induce the shaping of permissionless DLT-based networks in ways that at the same time would secure the protection of personal data according to the GDPR rules, while also addressing the money laundering and terrorist financing risks created by transactions in anonymous blockchain spaces or those with strong pseudonyms. Searching for new policy instruments is necessary to ensure that governments do not combat the development of all privacy-blockchains so as to enable a high level of privacy protection and GDPR-compliant data processing. This article indicates two AML/CFT tools which may be helpful for shaping privacy-blockchains that can enable the feasibility of such tools. The first tool is exceptional government access to transactional data written on non-transparent ledgers, obfuscated by advanced anonymization cryptography. The tool should be optional for networks as long as another effective AML/CFT measures are accessible for the intermediaries or for the government in relation to a given network. If these other measures are not available and the network does not grant exceptional access, the regulations should allow governments to combat the development of those networks. Effective tools in that scope should target the value of privacy-cryptocurrency, not its users. Such tools could include, as a tool of last resort, state attacks which would undermine the trust of the community in a specific network.

Download Full-text

Regulatory Challenges of Data Mining Practices: The Case of the Never-ending Lifecycles of ‘Health Data’

European Journal of Health Law ◽

10.1163/15718093-12520368 ◽

2018 ◽

Vol 25 (3) ◽

pp. 284-307

Author(s):

Giovanni Comandè ◽

Giulia Schneider

Keyword(s):

Data Mining ◽

Data Protection ◽

Personal Data ◽

Health Data ◽

General Level ◽

General Data Protection Regulation ◽

The Face ◽

General Data ◽

Level Of Analysis

Abstract Health data are the most special of the ‘special categories’ of data under Art. 9 of the General Data Protection Regulation (GDPR). The same Art. 9 GDPR prohibits, with broad exceptions, the processing of ‘data concerning health’. Our thesis is that, through data mining technologies, health data have progressively undergone a process of distancing from the healthcare sphere as far as the generation, the processing and the uses are concerned. The case study aims thus to test the endurance of the ‘special category’ of health data in the face of data mining technologies and the never-ending lifecycles of health data they feed. At a more general level of analysis, the case of health data shows that data mining techniques challenge core data protection notions, such as the distinction between sensitive and non-sensitive personal data, requiring a shift in terms of systemic perspectives that the GDPR only partly addresses.

Download Full-text

Citizen Participation in Responding to Natural Disasters Through Twitter Messages

Journal of Information Technology and Computer Science ◽

10.25126/jitecs.202052179 ◽

2020 ◽

Vol 5 (2) ◽

pp. 123

Author(s):

Rizky Pamuji ◽

Ismiarta Aknuranda ◽

Fatwa Ramdani

Keyword(s):

Social Media ◽

Natural Disasters ◽

Citizen Science ◽

Citizen Participation ◽

Disaster Relief ◽

Local Communities ◽

Citizen Involvement ◽

The Government

Citizen participation in collect and distribute information increase the role of the citizen involvement in local issues and increasing the benefits of society for the government and the environment. The contribution of citizens can be useful in helping to deal with environment problems and assist certain parties in meeting data needs, this is commonly referred to as citizen science. In its development, citizen science involvement in providing information began to involve social media as a platform for sharing information. In this study we try to explore citizen science of Indonesia, we conduct case study exploring how citizen in Indonesia used social media such as Twitter in response to one of the country’s worst disaster in 2018 namely Lombok Earthquake. By analyzing these user generate message we may know what the response of Indonesian citizen during event and understand more about citizen science in Indonesia through social media including its role and contribution. The information also may assist local communities in obtaining up-to-date information, providing assistance according to needs of the populace and use to manage and plan disaster relief both during and after the event.

Download Full-text