TheJakartaPost
Please Update your browser
Your browser is out of date, and may not be compatible with our website. A list of the most popular web browsers can be found below.
Just click on the icons to get to the download page.
Popular Reads
Top Results
No results found. Please check your search term and try again
Can't find what you're looking for?
View all search results
Popular Reads
Top Results
No results found. Please check your search term and try again
Can't find what you're looking for?
View all search resultsIndonesia’s digital sovereignty at a crossroads
Indonesia’s recent trade agreement with the United States has reignited debate over the country’s fragile grip on digital sovereignty.
Change text size
Gift Premium Articles
to Anyone
Share the best of The Jakarta Post with friends, family, or colleagues. As a subscriber, you can gift 3 to 5 articles each month that anyone can read—no subscription needed!
A man uses a smartphone on August 17, 2024, while a television screen shows a live broadcast of Indonesia's 79th Independence Day celebration from the future capital city Nusantara, at his electrical recycling workshop in Jakarta. (AFP/Yasuyoshi Chiba)
I
ndonesia’s recent trade agreement with the United States, which includes provisions on cross-border data flows, has reignited debate over the country’s fragile grip on digital sovereignty.
The deal arrives in the absence of clear regulatory frameworks. Indonesia’s landmark Personal Data Protection Law (PDP Law), passed in 2022, was hailed as a milestone in digital governance. Article 56 explicitly allows the transfer of personal data abroad only if the recipient country provides safeguards equal to or stronger than Indonesia’s standards. However, the Government Regulation needed to implement this article has yet to be issued, rendering enforcement unclear and open to interpretation.
Rather than addressing this gap, the trade agreement risks institutionalizing it. In practice, US corporations such as Visa, Google and Meta have long collected, stored and monetized Indonesian user’s data, ranging from financial transactions to search histories, locations and behavioral patterns.
The deal merely formalizes what has been quietly happening for years: The consolidation of control over Indonesian data by US tech giants, operating through foreign cloud infrastructures and opaque algorithms.
Coordinating Economy Minister Airlangga Hartarto has emphasized that personal data remains protected by national laws, while asserting that “commercial data” will be handled responsibly. However, such assurances offer little comfort. In today’s era of big data and machine learning, seemingly innocuous digital traces, such as purchase history, app usage and browser clicks can be aggregated and analyzed to infer highly sensitive personal traits.
As Shoshana Zuboff warns in The Age of Surveillance Capitalism, personal experiences are being extracted and commodified into “behavioral surplus”: Data repurposed to train algorithms, and predict future behavior, often without meaningful consent or accountability. What appears to be merely commercial is, in effect, profoundly personal.
These risks are compounded by the extraterritorial reach of US law. The CLOUD Act (2018) compels American companies to provide data to US authorities upon request, even if that data is stored in servers located overseas. Section 702 of the Foreign Intelligence Surveillance Act (FISA) authorizes US agencies to conduct warrantless surveillance of non-US persons located abroad. This means that even if stored locally, Indonesian data remains vulnerable if managed by US-based firms subject to American jurisdiction.
