Thank You

You are now registered for our Rouse Insights Newsletter

Digital Services Regulations in Indonesia

Published on 17 Mar 2023 | 5 minute read
The myriad of laws and regulations on digital services makes navigating the Indonesian regulatory framework difficult.

This note is an update of a previous note on applicable regulations.

Regulatory regime of the electronic system operator (ESO)

The principal legislation/regulations relevant to Electronic System Operators (“ESO”) are:

  • Law No. 11 of 2008 on Electronic Information and Transaction Law as amended by Law No. 19 of 2016  (“EIT Law”)
  • Government Regulation No. 71 of 2019 on Organization of Electronic Systems and Transactions (“GR 71”)
  • Law No. 27 of 2022 concerning Personal Data Protection Law (the “PDPA”)
  • Government Regulation No. 80 of 2019 on Trade Through Electronic Systems (“GR 80”)
  • Ministry of Communication and Informatics Regulation No. 5 of 2020 on Electronic System Operator Private Scope (“MOCI 5/2020”)
  • Ministry of Communication and Informatics Regulation No. 20 of 2016 on the Protection of Personal Data Protection in Electronic Systems (“MOCI 20/2016”)
  • Ministry of Trade Regulation No. 50 of 2020 on Provisions of Business Licensing, Advertising, Counting, and Supervision of Business Acceptors in Trade Through Electronic Systems (“MOT 50/2020”)
  • Law No. 8 of 1999 on Consumer Protection (“Consumer Protection Law”)

This note is applicable to ESOs in the private sector, which is defined in Article 1(6) of GR 71/2019 (read with Article 1(1) GR 71/2019) and Article 1(6) of MOCI 5/2020.

Article 1(6) GR 71/2019

Electronic System Provider in the Private Sector is the organization of an Electronic System by a Person, Business Entity, and public.

Article 1(6) of MOCI 5/2020

Electronic System Provider (Penyelenggara Sistem Elektronik) in the Private Sector, from this point onward, is referred to as PSE in the Private Sector, is the organization of Electronic Systems by a person, business entity, and community. 

Article 1(1) GR 71/2019

Electronic System is a series of devices and electronic procedures which function to prepare, collect, process, analyze, store, display, announce, transmit, and/or disseminate Electronic Information.

Reference to ESOs includes digital services such as social media platforms, electronic commerce providers and OTT (i.e., over-the-top media) services.

The key requirements are:

  • Registration of ESO with the Ministry of Communication and Information under Article 2 of MOCI 5/2020;
  • Setting up of representative office in Indonesia where the transactions exceed 1000 a year or has delivered 1000 packages to consumers a year under Article 15 of Trade Regulation 50/2020 (MOT 50/2020);
  • Terms of use and privacy policy to be in the Indonesian language under Article 47(1) of GR 71;
  • Provide contact information for directing consumer complaints in the case where trade is being provided by the ESO under Article 26 (3)(f) of MOT 50/2020; and
  • Collection and use of personal information should be based on one of the following legal bases: consent; contract; legal obligation; vital interests; public task; or legitimate interests. See this page for a detailed discussion of the 2022 Personal Data Protection Act.

Registration of ESO with the Ministry of Communication and Informatics (“MOCI”)

ESOs, including foreign-based ones, that provide web services in Indonesia are required to register with the MOCI.  (Article 4(1) of MOCI 5/2020)

This Ministerial Regulation is meant to implement GR71. 

Sanctions for failing to register is provided in Article 7(2) of MOCI 5/2020, which includes access blocking:

“In the event that PSE in the Private Sector do not register as referred to in paragraph (1)(a), the Minister shall impose an administrative sanction in the form of Electronic System Access Blocking.”

Setting up a local representative office

Where the number of trade transactions exceeds 1000 per year, or more than 1000 deliveries have been made per year, the Foreign Trade Operators through Electronic Systems (“PPMSE”) must set up a local representative office.

This is based on Article 15 (1) and (2) of MOT 50/2020, which states:

  • The foreign PPMSEs (as referred to in Article 2(1)(b) that meets certain criteria are required to appoint a representative domiciled within the jurisdiction of the Unified State of the Republic of Indonesia, which may act as and on behalf of the PPMSE concerned.
  • The ‘certain criteria’ for foreign PPMSEs, as referred to in (1), consist of:
    1. already made transactions with more than 1.000 (one thousand) Consumers within a one-year period; and/or
    2. already delivered more than 1.000 (one thousand) packages to Consumers within a one-year period.

Other pertinent regulatory requirements to meet consumer protection laws under MOT 50/2020:

Article 26 (3)(f) on provisions to forward contact details to representatives of foreign electronic trade operators:

  • The representative of Foreign Trade Operators through electronic systems/PPMSE should make available contact numbers and/or email addresses of the consumer complaint services provided by the represented foreign PPMSE; and
  • The representative office is to fulfil consumer protection obligations on behalf of the foreign PPMSE.

Article 26 (5) explains the purpose of the above requirements - for the foreign trader to::

  • Fulfilling its consumer protection obligation;
  • Performing guidance to increase competitiveness; and
  • Settling disputes.

In the event of the termination of an existing representative office, a replacement should be appointed within 14 days. Article 30 of MOT 50/2020 stipulates:

“In the event of a unilateral termination of representation, foreign PPMSEs are required to appoint a new representative within a maximum period of 14 (fourteen) calendar days after one of the parties declared the termination concerned in writing”

The sanction for failing to appoint a representative office

Article 46 of MOT 50/2020 stipulates sanctions that shall be imposed on foreign PPMSEs which fulfil the criteria stipulated in Article 15 but do not appoint its representative in Indonesia. The sanction will be in the form of written warnings that will be given up to 3 (three) times with a maximum of 14 (fourteen) calendar days grace period between each warning. Failure to comply within the period will result in the foreign PPMSE being put on a blacklist and temporary suspension of the foreign PPMSE’s services by the authorized relevant agency.

Please download the complete guide covering the following topics here. 

  • Data protection in electronic systems,
  • Location of data, content obligation
  • Content-related obligations of ESOs,
  • User Generated Content (“UGC”),
  • Marketing activities/advertisements,
  • Validity of Click Wrap Agreement, and
  • Language of Terms of Use and Privacy Policy.

For more information, please contact us at SCOLegal@rouse.com

Other related articles:

2022 Indonesian Data Protection Law

Electronic Contract Best Practices: Indonesia

Data Controller responsibility in the event of data breach – Indonesia

Cross border data transfer – Indonesia

Digital Services Regulations In Indonesia 2023
30% Complete
Principal
+62 21 5080 8157
Partner at Suryomurcito & Co (a member of the Rouse Network)
+62 21 5080 8157
Principal
+62 21 5080 8157
Partner at Suryomurcito & Co (a member of the Rouse Network)
+62 21 5080 8157