Last review date: 13 January 2025
Yes
The following are potential legal bases for processing personal data:
☒ appropriate notice has been provided to or made available to the data subject
☒ the data subject has provided consent to the processing for the identified purposes
☒ the personal data is necessary to perform a contract with the data subject
☒ the personal data is necessary to comply with a legal obligation
☒ the personal data is necessary to protect the vital interests of a natural person
☒ the personal data is necessary for a public interest
☒ the personal data is necessary to fulfil a legitimate interest of the controller or third party (provided that the interest is not overridden by the data subject's privacy interests and the data subject has not made use of his/her right to object)
☒ other
Under the PDP Law, there must be a lawful basis to process personal data. The lawful basis can be either one of the following:
- Explicit consent from the data subject
- Fulfillment of obligation based on a contract with a data subject
- Fulfillment of the legal obligation of a data controller
- To protect the vital interest of a data subject
- Fulfillment of duty in the framework of public interest, public services and implementation of authority under laws and regulations
- Other legitimate interests (unclear at the moment)
As an additional note on consent, the consent must be in writing (meaning an express and opt-in consent), whether manually or electronically, and in the Indonesian language (although there is no prohibition of a dual language format, so that format can still be used if preferred). Further, the consent is only effective after a complete explanation from the electronic system operators on the intended use of personal data.
Last review date: 13 January 2025
No
Under the PDP Law, there is no categorization of "sensitive personal data." Instead, the PDP Law uses the term "specific personal data."
Last review date: 13 January 2025
Yes
Under the PDP Law, there is no specific minimum age for data privacy purposes. The minimum age will be regulated in the forthcoming Government Regulation on the Implementation of the PDP Law, which has not yet been issued or enacted. The PDP Law requires that the processing of children's personal data be conducted in a specific manner, with approval from the child's parents or guardian.
Several laws in Indonesia, such as the Indonesian Civil Code, the Marriage Law, and the Manpower Law, regulate the legal age of a person, which generally ranges from 18 to 21 years. According to Article 330 of the Indonesian Civil Code, the general limitation for determining the legal age to perform a legal action, such as entering into a contract, is 21 years old or that the person be legally married.