The The ASEAN Cross-Border Personal Data Transfer Instrument: Has Indonesian’s Personal Data Protection Law Followed it?

Abstract

Nowadays, the use and transfer of personal data in various countries have increased. ASEAN has formed a regional instrument called ASEAN Framework on Personal Data Protection that is expected to become a standard legal system in cross-border data transfer. Indonesia has just ratified Law Number 27 of 2022 on personal data protection, which in this law also regulates the transfer mechanism of personal data outside the Indonesian territory. The more personal data flows outside the territory of Indonesia, the more important it should get adequate protection. This research aims to identify whether ASEAN has provided a sufficient legal system to protect the flow of international data transfers and to explore an adequate legal system in Indonesia that are compatible with the ASEAN framework on PDP towards cross-border data transfer. This is doctrinal legal research with a conceptual and statutory approach The research shows that ASEAN has faced the issues of asymmetric legislation in the region by proposing any acts that could strengthen the cyber system in Southeast Asia, especially in the cross-border data flow. One of the mechanisms that have been proposed is ASEAN Model Contractual Clauses (MCC). By applying MCC, countries including Indonesia can carry out the personal data transfer across borders with the countries that do not yet have laws that are equal to the PDP Law. Indonesia can also harmonize the contents of the contract in line between domestic laws and regional instruments.