The Government Ensures the Security of Personal Data Transfers in Accordance with the PDP Law
Jakarta — The Indonesian government has affirmed its commitment to ensuring the security and legality of cross-border personal data transfers, in line with the enactment of Law Number 27 of 2022 concerning Personal Data Protection (PDP Law). This legal certainty is crucial for maintaining public and business trust in the national and international digital ecosystem.
Member of Commission III of the Indonesian House of Representatives, Bambang Soesatyo (Bamsoet), emphasized that transferring personal data abroad—including to the United States—is not a violation of the law, as long as it is carried out in accordance with the provisions of the PDP Law.
“Transferring personal data abroad is not illegal. But there are conditions. There must be accountability, there must be agreements, and there must be protection. The Personal Data Protection Law provides all these instruments. Now it’s up to the government and businesses to consistently comply,” said Bamsoet.
According to him, in the era of the increasingly developing digital economy, data traffic between countries is inevitable. Therefore, the PDP Law is intended to provide a clear and firm legal framework.
“The PDP Law is here to provide legal certainty in international relations that depend on cross-border data traffic. The digital economy, cloud services, artificial intelligence, and even cross-border financial transactions are heavily reliant on data exchange. With the PDP Law, we have a firm framework to ensure that personal data transfers are carried out with the highest standards of protection, accountability, and legal compliance,” he added.
Similarly, Deputy Minister of Communication and Digital, Nezar Patria, emphasized that any transfer of personal data from Indonesia to overseas remains within the corridor of national law.
“We still have protocols as regulated by the PDP Law which was passed here,” he said.
Nezar explained that Indonesia adheres to the principle of data flows with conditions, as stipulated in Article 56 of the Personal Data Protection Law. This article stipulates that the transfer of personal data abroad must meet certain requirements to be legal and secure.
“This regulation ensures that even if personal data is transferred to another country, the protection of data subjects’ rights remains intact,” Nezar added.
The government also continues to encourage increased data literacy and private sector compliance with the Personal Data Protection Law as part of strengthening national digital sovereignty. With an adaptive and comprehensive regulatory approach, Indonesia is ready to maintain a balance between technological advancement and the protection of citizens’ rights in the digital space.
