Indonesian data center providers protest law revision seen as too soft on foreign companies

The debate about data localization is heating up again ahead of a proposed revision of a law from 2012.

By

Indonesian data center providers protest law revision seen as too soft on foreign companies

Indonesian data center enterprises are lobbying the government to postpone a revision of a law that requires foreign companies to place their data centers and data recovery centers on Indonesian soil. The proposed revision only requires ‘strategic data’ to be placed in Indonesia.

Local providers are now concerned that this modification weakens the country’s sovereignty and benefits foreign players while the data center business of local players will be threatened.

In a joint press release earlier this week, several trade organizations including the Indonesian Cloud Computing Association (ACCI) and the Association of Indonesian Internet Service Providers (APJII) voiced their opposition to the revision, urging the government to wait at least until another law relating to consumer data protection is enacted next year.

Responding to this complaint, Indonesia’s IT minister Rudiantara told local media Kumparan that there is a long process in deciding what is included in the revision and that it is still in draft stage. He reasoned that loosening the requirement for physical data centers in Indonesia is meant to increase the flow of investment into the country and to improve the business climate.

“The Ministry of Communication and Information together with stakeholders considers the obligation to physically place data centers and data recovery centers is not in accordance with their objectives, because the government’s main interest is the data rather than its physical form,” explained the Ministry in a press release.

The rule about localization of data has been hotly debated among stakeholders. Internet giants like Alibaba Cloud and Google had started investing in data centers in Indonesia,  but for many smaller companies rely on storing data on cloud services that provide flexibility and scalability but whose servers aren’t necessarily located in Indonesia.

The revision to the PP 82/2012 that contains the localization clause, proposed by the IT Ministry earlier this year, aims to make a distinction between critical data and non-critical data to strike a compromise between competing interests.

The original clause reads:

“Electronic System Providers are obligated to put data center and disaster recovery centers in Indonesian territory for the purpose of law enforcement, protection, and enforcement of national sovereignty to the data of its citizens.”

And this is the article 17 paragraph 2 in the draft amendment:

“Electronic System Providers shall place and process Strategic Electronic Data in data centers and disaster recovery centers in the territory of Indonesia.”

Editor: Nadine Freischlad