Juris Gentium Law Review

The ubiquity of personal data online triggers the need to regulate the processing, storage and the deletion of such data. Within the territory of the European Union, its transfer (even past its boundaries) and processing of personal data are subject to the General Data Protection Regulation (GDPR) and its jurisprudence. Article 45(1) of the GDPR empowers the European Commission to issue an Adequacy Decision, which compares the regime of a third country against the GDPR and its jurisprudence. Its issuance would allow seamless transfer of personal data to third country. This provision begs the question if Indonesian legal landscape on data protection meets the yardsticks contained in GDPR. This editorial will introduce the regimes in European Union and Indonesia, analyse the pertinent Indonesian legislation on the subject, in light of the GDPR, along with the jurisprudence of the Court of Justice of the European Union on the matter. This paper concludes that the Indonesian present data protection regime is extremely lacking, notably due to its narrow scope of application, weak watchdog authority, and its feeble punishment for its violation.