Dash Advocates

Limitations On Which Data Is Defined As Personal Data Based On Law Number 27 Of 2022 Concerning Personal Data Protection

BerandaArticlesLimitations On Which Data Is Defined As Personal Data Based On Law Number 27 Of 2022 Concerning Personal Data Protection
June 18, 2024
By M. Yusuf Adiputro S

Limitations On Which Data Is Defined As Personal Data Based On Law Number 27 Of 2022 Concerning Personal Data Protection

Determining the limits of whether data can be categorized as personal data is an important aspect in the digital world which is increasingly developing rapidly. As we share more information to online, understanding on personal data has become crucial to protecting individual privacy and security. The question arises, when is something said to be personal data and not personal data? Who should protect him?

According to Article 4 Law Number 27/2022 on Data Privacy Protection (“UU PDP”) governs that characteristic and classification, namely:

  1. Specific personal data;
  2. General personal data.

Specific personal data, includes:

  1. Data and Health Information;
  2. Biometric data;
  3. Genetic data;
  4. Criminal Records;
  5. Child data;
  6. Personal data informations; and/or
  7. Others data in accordance with the provisions of laws and regulations.

General personal data, includes:

  1. Full name;
  2. Gender;
  3. Nationality;
  4. Religion;
  5. Marital Status;
  6. Personal data combined to identify an individual.

So based on the provisions in these articles, the limit for something being said to be personal data is as long as the data concerns a person’s identity or if put together can identify a person.

Then the further question arises, who is obliged to protect this data?

In laws and regulations, Personal Data Controllers and Personal Data Processors are obliged to protect Personal Data in accordance with the consent of the Personal Data Subject as outlined in the form of an Agreement. Personal Data Controllers and Personal Data Processors include Individuals, Public Bodies and International Organizations.

Basically, protecting personal data is an implementation of human rights, namely the right to privacy. This means that everyone is obliged to maintain these rights without having to write them down in an agreement. So that automatically every time Personal Data is given to another party, the recipient party is obliged to protect that personal data because it is every human being’s obligation to protect human rights, both their own and those of others.

If personal data has been spread to the public, it does not mean that their status has changed from private data to public data or because their personal data is public, which means the public is allowed to know about it. This is because the nature of personal data is private, which means that not everyone has the right to obtain and/or view it and requires permission from the Data Owner whether he wants his data to be made public. Refers to the rights possessed by the holder of personal data, namely the Right to be Forgotten, that he has the right to request that his personal data be deleted.

 

[1] Pasal 35 UU PDP

[2] Pasal 19 UU PDP

[3] Pasal 8 UU PDP

Tags:

Previous Article

Next Article