Dewi Savitri Reni
Partner - SSEK Legal Consultants
Defamation, Privacy and Data Protection
Defamation falls under the purview of the Indonesian Criminal Code (“Criminal Code”). There are several types of defamation stipulated under the Criminal Code, as follows:
(a) Slander defined as verbal defamation (Article 310 (1))
(b) Libel defined as defamation in writing (Article 310 (2))
(c) Calumny defined as libel or slander in circumstances in which the alleged offender knowingly or maliciously issues the false statement (Article 311)
(d) Simple defamation defined as defamation that does not constitute libel or slander (Article 315)
(e) Calumnious submission of charge or information to authorities (Article 317)
(f) Calumnious insinuation (Article 318)
Under Article 310 of the Criminal Code, a defamation claim, be it slander or libel, requires the following elements to be proven: (i) the intention of the alleged offender; (ii) harm towards the defamed party’s honor or reputation; (iii) an allegation about the defamed party charging him with a certain matter; and (iv) the obvious intent to give publicity thereof. In addition to the aforesaid elements, for defamation in the form of libel, additional elements of “writing or picture” which is “broadcasted, shown, or posted in public” must also be proven. A person being accused of defamation may put up a defense provided under Article 310 (3) of the Criminal Code, namely that such action was clearly conducted in the interest of the public or as necessary self-defense.
Defamation is also governed under Law No. 11 of 2008 regarding Electronic Information and Transactions as amended by Law No. 19 of 2016 (“ITE Law”), specifically in Article 27 (3) which prohibits the distribution, transmission, and/or granting of access of electronic information and/or electronic documents with offensive and/or defamatory content.
According to Article 319 of the Criminal Code, the aforementioned types of defamation constitute as crimes to be prosecuted only upon complaint by the person against whom the crime has been committed. In accordance with Article 74 (1) of the Criminal Code, such complaint must be filled by the concerned person within six months after the committed act is known by that person if he/she is domiciled within Indonesia, or within nine months otherwise.
To initiate a criminal process against defamation as explained above, one must follow the general criminal process in Indonesia as follows:
(a) The affected party shall file complaint to the Police for the criminal actions allegedly committed by the alleged offender. Specifically for cybercrime reports, including but not limited to online defamation, the affected party may file such crime to the Police through www.patrolisiber.id.
(b) The police will conduct an investigation. If, based on the investigation, the police is of the opinion that there is insufficient evidence, such event does not constitute a criminal act, or the investigation has been ceased by virtue of law, the police have the authority to officially terminate the investigation. Otherwise, the case dossier is deemed to be complete and will be delivered to the Prosecutor’s Office.
(c) The prosecutor will further conduct their own investigation and lay charges as well as initiate a criminal trial.
(d) In a criminal trial, if the Court believes that a defendant is guilty of having committed the criminal act of which he has been indicted, the Court shall impose a sanction.
The defendant or public prosecutor shall have the right to appeal against a decision of a court of first instance to the High Court, and they may also file a request for an examination of an appeal to the Supreme Court against a decision rendered in the High Court.
Violation of Articles 310 (1) and (2) of the Criminal Code may result in the defendant being incarcerated for a maximum period of nine months for slander or one year and four months for libel. Alternatively, the defendant may be charged with a maximum fine of four thousand and five hundred Rupiah (subject to adjustment), applicable to both slander and libel. Meanwhile, a person carrying out the prohibited action stipulated in Article 27 (3) of ITE Law may be subject to imprisonment for a maximum of four years and/or a maximum fine of seven hundred and fifty million Rupiah.
A party suffering from defamation may also submit a civil claim based on unlawful act (known as “perbuatan melawan hukum” in Indonesia) under Article 1365 of the Indonesian Civil Code (“Civil Code”). Based on Article 1365 of the Civil Code, the elements which have to be proven in an unlawful act claim are: (i) the existence of an act or omission; (ii) such act must be unlawful; (iii) the existence of damage/loss; (iv) a causal link between the unlawful act and the damage/loss; and (v) the existence of fault. It is important to note that an unlawful act shall not be interpreted as mere violation of a positive law, but also the following acts: (i) violation of others’ subjective right; (ii) violation of one’s legal obligation; (iii) actions that contradict with the principles of decency; and (iv) actions that are inappropriate in light of other’s interest in the society.
Civil claims for defamation are also affirmed through Article 1372 of the Civil Code which provides that civil claims arising from defamation is intended for the defamed party to obtain compensatory damages and reinstatement of his/her reputation and honor. However, Article 1376 of the Civil Code stipulates that such claim shall not be granted if the defamatory action does not contain any intent to offend, which shall be evaluated on whether or not the alleged offender acted in the public interest or as an act of necessary self-defense.
To initiate a civil claim for defamation, one must follow the general civil proceedings in Indonesia as set below:
(a) The claimant shall submit the Statement of Claims to the authorized District Court
(b) After the lawsuit is submitted, the District Court would appoint the Panel of Judges and substitute registrar to preside over the case. Once appointed, the Panel of Judges would set out the date of the first hearing and instruct the substitute registrar to deliver court summons to the parties
(c) Once all of the parties in the dispute are present or failed to appear after three court summonses, the disputing parties are required to undergo mandatory mediation process overseen by the court
(d) If the mediation yields no result, then the case would proceed to the examination of the Statement of Claims and further submission of Statement of Defense, Rejoinder, and the Response to Rejoinder
(e) After all the disputing parties have made their submissions, the proceedings will continue with evidentiary hearing, followed by the issuance of a decision by the Court
The disputing parties shall each have the right to appeal against the District Court’s decision at the High Court. Each party further has the right to request cassation at the Supreme Court against the High Court’s decision, as well as subsequent right to file civil review to the Supreme Court for the Supreme Court’s decision.
As accorded in Article 1967 of the Civil Code, all civil claims shall expire after thirty years. Such limitation shall also apply to unlawful act claims over defamation.
As regards remedies afforded to victims of defamation, Indonesian courts recognize two types of damages for unlawful act, namely material damages and immaterial damages. Material damages are damages of a compensatory nature—that is, damages awarded in order to reimburse for the victim’s actual loss and to put him/her back into a position as if the unlawful act did not occur. On the other hand, immaterial damages are damages which may be claimed based on a wrongful act which has caused intangible losses (e.g., mental distress, shame, and excessive fear). A defamed party shall not claim for damages beyond what he/she actually suffered. Nevertheless, the amount of damages to be awarded will depend on the evidence submitted in court, and the granting of immaterial damages in particular will be based on the judges’ discretion.
In terms of internet libel, a defamed party may consider submitting a request for termination of access of certain online content to the Ministry of Communication and Informatics (“MOCI”) pursuant to MOCI Regulation No. 5 of 2020 regarding Private Scope Electronic System Providers as amended by MOCI Regulation No. 10 of 2021 (“MOCI Reg. 5/2020”). This action may be taken prior to any legal proceedings with the purpose of preventing further losses caused by such content as it subjects the private-scope Electronic System Provider (“ESP”) responsible for granting access to such defamatory content to carry out content blocking, account closure, and/or content erasure. The request can be submitted through: (i) the website and/or application of MOCI; (ii) non-electronic mail to MOCI; and (iii) electronic mail to MOCI.
The basic principle of privacy in Indonesia is founded in Article 28G of the Indonesian Constitution, which provides that every person has the right to protect themselves, their families, and their respect, dignity, and possessions, as well as the right over security and protection from threat of fear for exercising their human rights. There is no specific law which regulates privacy. The most relevant regulations for the protection of privacy are related to personal data protection, which are scattered throughout various central and sectoral regulations. As of the time of writing, personal data protection is principally regulated by the following instruments:
(a) The ITE Law
(b) Government Regulation No. 71 of 2019 regarding Provision of Electronic Systems and Transaction (“GR 71/2019”)
(c) MOCI Regulation No. 20 of 2016 regarding Personal Data Protection in Electronic Systems (“MOCI Reg. 20/2016”) (together, the “PDP Regulations”)
In addition to the aforementioned PDP Regulations, provisions on personal data protection can be found in various sectoral laws and regulations. These include:
(i) Article 57 of Law No. 36 of 2009 regarding Health as amended by Law No. 11 of 2020 regarding Job Creation which provides that everyone is entitled to confidentiality over their personal health information that has been divulged to health care providers
(ii) Article 32 of Law No. 39 of 1999 regarding Human Rights which provides that freedom and secrecy of communication by letter or any other electronic media may not be disturbed or interrupted except under the instruction of a judge or other lawful authority
(iii) Article 42 of Law No. 36 of 1999 regarding Telecommunications as amended by Law No. 11 of 2020 regarding Job Creation which provides that telecommunications services operators must keep confidential any information transmitted or received by a subscriber through a telecommunications network and the telecommunications services they provide to the subscribers
(iv) Article 31 of Financial Services Authority Regulation No. 1/POJK.07/2013 regarding Financial Consumer Protection which prohibits financial services providers from disclosing customer data or information to third parties without the customer’s written consent or unless required by law
MOCI Reg. 20/2016 allows personal data owners and ESPs to seek dispute resolution through the MOCI in the event:
(a) an ESP fails to provide written notification of personal data breach to the personal data owner or other relevant ESPs, irrespective of whether such data breach has the potential of causing damages
(b) the personal data owner or the other relevant ESPs has suffered a loss related to the personal data breach, whereby the ESP has provided written notification of such data breach but was untimely made
In the aforementioned circumstances, the MOCI or the Directorate General of Application Informatics, as the institution receiving mandate from MOCI to resolve such disputes, shall resolve the dispute through deliberation to reach a consensus or through any alternative mechanism. The official or institution in charge of settling such dispute may recommend to the MOCI the imposition of administrative sanction towards the breaching ESP. If the dispute resolution is ultimately unsuccessful, the personal data owner and the other relevant ESPs may submit a civil claim against the ESP in breach.
The administrative sanctions provided under MOCI Reg. 20/2016 are imposed towards any person who obtains, collects, processes, analyzes, stores, shows, announces, transfers and/or disseminates Personal Data without authority or not in accordance with the law with administrative sanction in the form of (i) verbal warning; (ii) written warning; (iii) temporary suspension of activities; and/or (iv) announcement on MOCI website. Additionally, GR 71/2019 imposes administrative sanctions in the form of (i) written warning; (ii) administrative penalty; (iii) temporary suspension of activities; (iv) termination of access to electronic system; and/or (v) expulsion for list of registered ESPs for violation of certain provisions of GR 71/2019 relating to protection of personal data. These include:
(i) any person who fails to implement data protection principles in processing personal data
(ii) any person who fails to provide written notification of failure to protecting personal data it processes
(iii) an ESP who does not erase irrelevant electronic information and/or electronic documents under its control based on the request of the relevant party
(iv) an ESP who does not erase irrelevant electronic information and/or electronic documents based on court order on the grounds of right to delist
The imposition of administrative sanctions under GR 71/2019 does not exempt offenders from criminal and civil liability as affirmed in Article 100 (5) of GR 71/2019.
ITE Law stipulates numerous general provisions which prohibit a person from conducting actions connected to violation of privacy, as follows:
(a) intentional and unauthorized or unlawful access to another person’s computer and/or electronic system (Article 30)
(b) intentional and unauthorized or unlawful interception/wiretapping of transmission (Article 31)
(c) intentional and unauthorized or unlawful alteration, addition, reduction, transmission, tampering, deletion, moving, or hiding of electronic information and/or electronic records belonging to another person or the public (Article 32)
(d) intentional and unauthorized or unlawful manipulation, creation, alteration, destruction, damage of electronic information and/or electronic document with a purpose of creating electronic information and/or an electronic document which appears authentic (Article 35)
The elements to be proven in each case depend on the certain provisions as indicted; the “intention” of the alleged offender and the “unauthorized or unlawful” elements are some found in each provision. The criminal sanctions to be awarded also depend on the provisions relied upon. A person carrying out a prohibited action as mentioned above may be punished with a maximum imprisonment ranging from six to twelve years and/or a maximum fine ranging from six hundred million Rupiah to twelve billion Rupiah.
The ITE Law does not regulate on the time limit for criminal proceedings, and as such the general provision on expiration for prosecution as set in Article 78 of Criminal Code shall apply. The general criminal process as explained in Section A.1. shall also apply in initiating criminal proceedings against a violation of privacy under the ITE Law.
Article 26 (1) of the ITE Law provides that the use of any information through the electronic media concerning one’s personal data shall be made with the consent of the relevant person, unless otherwise provided by law. Further, Article 26 (2) of ITE Law expressly permits the victim to claim for compensation for any violation of such personal data protection. In addition, the right to submit for civil claims as a result of a breach of personal data protection is affirmed through Article 100 (5) of GR 71/2019 and Article 32 of MOCI Reg. 20/2016.
Violation of one’s privacy or personal data may be deemed as an unlawful act under Article 1365 of Civil Code. Please refer to Section A.2. for discussion on the elements of claim, time limitation, civil proceedings, and remedies for an unlawful act claim.
As discussed in Section B.1., Indonesia’s current data protection law spreads into several laws and regulation. The Indonesian House of Representatives is currently in the process of finalizing the Personal Data Protection Bill, which has been included in the Priority National Legislation Program for 2021 (“Program”). The Program compiles several draft bills that are targeted to be enacted in 2021. However, despite being included in the Program, there is no certainty as to when the PDP Bill will be passed into law.
Soewito Suhardiman Eddymurthy Kardono
14th Floor Mayapada Tower I
Jl. Jend. Sudirman Kav.28 Jakarta 12920 Indonesia
The material in this Guide is for general information only and does not constitute legal advice.
SEE MORE INTERNATIONAL MEDIA LAW GUIDES