Press Release: Indonesia Government must protect people’s privacy during Its COVID-19 contact tracing efforts


For Immediate Release: 30/06/2020

Indonesia Government Must Protect People’s Privacy during Its COVID-19 Contact Tracing Efforts

Bangkok/Jakarta – In an open letter to the Ministry of Communication and Information Technology (KOMINFO), the Representative of Indonesia to the ASEAN Intergovernmental Commission on Human Rights (AICHR) and 13 organizations have called for the Government of Indonesia to be more transparent about their contact tracing efforts during the time of COVID-19.

In April 2020, as COVID-19 spread, Indonesia rolled out the PeduliLindungi app. While other countries have released the source code of their exposure notification apps, the only available information about PeduliLindungi is from the government. The source code of the app has never been released, and the privacy policy of the app has never been clearly stated on both the iOS and Android app stores. The fact that Indonesia also lacks a robust personal data protection regulation in line with the best practices — such as Europe’s General Data Protection Regulation (GDPR) Europe – raises grave concerns about privacy. There is an urgent need for the Government of Indonesia to issue a regulation specific to its contact tracing efforts regarding what data is allowed to be collected and how that data should be treated in order to protect privacy. The data collection process from all contact tracing efforts must be in line with internationally-accepted standards and best practices, particularly the World Health Organization’s ‘Ethical considerations to guide the use of digital proximity tracking technologies for COVID-19 contact tracing.’

The parties request the Indonesian governments to do the following:

  1. Release the white paper and the source code of PeduliLindungi under an open source license. The white paper should contain all necessary details of the system’s architecture, functions, protocols, data management and security design. The source code should be that of the deployed system, complete, up-to-date, and buildable so that the system’s security and privacy treatment can be independently verified. The white paper and the source code must be regularly updated along with the app.
  2. Provide a clear privacy policy for PeduliLindungi on both the App Store and Google Play. All the elements of how the data is collected, processed, and stored must be transparent. This should be in line with international standards and best practices for privacy protection. Users’ informed consent must be obtained before the app can be downloaded.
  3. Issue data privacy regulations that specifically address PeduliLindungi. The regulation must stipulate that the collected data will not be used for purposes other than contact tracing, as well as ensuring there are prevention methods (e.g. third-party audit where the result is publicly available) in place to keep the data secure from cyberattacks and data breach incidents.
  4. Be transparent about the data breach incident that occurred from the PeduliLindungi’s database, including extent of the data breach, type (s) and volume of personal data involved, cause or suspected cause of the data breach, whether the data breach has been rectified, and measures and processes that KOMINFO had in place at the time of the data breach. The ministry should conduct a formal investigation and report on the incident and take steps to harden the system to prevent a reoccurrence.
  5. In keeping with its international commitments to protect the fundamental human right to privacy, KOMINFO and the Indonesian Government must protect the right to privacy of citizens in any upcoming contact tracing efforts. Transparency must be provided to the furthest extent possible in relation to how privacy is treated.

The open letter is signed by the following parties;

Yuyun Wahyuningrum, Representative of Indonesia to the ASEAN Intergovernmental Commission on Human Rights (AICHR)
Southeast Asia Freedom of Expression Network (SAFEnet)
Institute for Policy Research and Advocacy (ELSAM)
Commission for the Disappeared and Victims of Violence (KontraS)
Protection Desk Indonesia/Yayasan Perlindungan Insani Indonesia (YPII)
Indonesia Legal Aid Foundation (YLBHI)
Human Rights Working Group (HRWG)
Access Now
CIVICUS: World Alliance for Citizen Participation
Combine Resource Institution (CRI)
Asia Democracy Network (ADN)

For the full open letter, it can be found here in this link.

The PDF version of this Press Release is available for download in English and Bahasa Indonesia.

For media enquiries, please contact:
[email protected]
PGP: 0x8C9E4DD3E9714074
Fingerprint: 0D02 CC2A 5DCA 6EC8 731F 9D0B 8C9E 4DD3 E971 4074

Latest Updates

May 29, 2020
Checking Myths and Facts: COVID-19 Contact Tracing Apps
As tracing apps have become a hype in many countries, governments have been urging people to use them. However, due to privacy concerns, the rate of […]
November 6, 2019
Freedom of Expression versus Disinformation: Don’t Allow the Latter to Happen in the Name of the First
Mark Zuckerberg’s latest stance refusing to fact-check political ads on Facebook has drawn significant criticism, even his own employees. He said that his decision is to […]
2 years ago
Report Submitted to Special Rapporteur on the Right to Privacy on Digital Contact Tracing in Southeast Asia
Digital Contact Tracing in Southeast Asia The Summary Report Submitted to the United Nations Special Rapporteur on the Right to Privacy Prof. Joseph Cannataci  December 8, […]