Examining Personal Data Protection Law of Indonesia and South Korea: The Privacy Rights Fulfilment

Abstract

Personal data leakages have been experienced by both Indonesia and South Korea. To ensure the protection of privacy rights relating to personal data, both countries have promulgated special laws, namely the Indonesian Personal Data Protection Law (PDP Law) and the South Korean Personal Information Protection Act (PIPA). This study aims to compare the two laws to ascertain their similarities and differences by adopting a comparative law approach. The study found that similarities exist in the two laws. They are to protect personal data and confer rights on data subjects. In the absence of explicit consent given by data subjects, data controllers and processors are prohibited from collecting and processing the data with some exceptions. They also mandate a special institution that is tasked to investigate and sanction data controllers and processors when they conduct data infringement. There are inherent differences in the two laws. PIPA is designed to be the framework legislation and PDP is designed to be a special statute. Additionally, PIPA mandates the institution dealing with personal data protection without referring to any other law but the Act itself. PDP Law clearly states that further provisions relating to this institution will be governed by Presidential Regulation.