Understanding the Role of Consent in Data Protection Regime: How Indonesia Can Learn From the GDPR

The issue of consent has received considerable critical attention in the data protection regime. The recent development of the data-driven economy, which heavily rely on data processing, have heightened the need for data protection. Furthermore, previous research has established that data processing deals with the individual’s fundamental rights where the processing would be considered as unlawful without prior individual’s consent. However, the Indonesian Government seems to not address these issues of consent in the data processing seriously, since currently there is no general data protection law. Conversely, the European Union’s (‘EU’) legislative history shows the reliance on consent as a measure for legitimising data processing. The General Data Protection Regulation (‘GDPR’) provides the most comprehensive requirements of consent as a lawful ground of data processing. Interestingly, the concept of consent is a dominant feature in Indonesia’s proposed Personal Data Protection Law (‘PDPL’) which first introduced in 2015. The present research aimed to evaluate the effectiveness of conditions of consent in the proposed PDPL, using the GDPR as the benchmark of the comparative analysis. The analysis revealed that the proposed PDPL fails to address the conditions of consent as comprehensive as the GDPR. It is argued that the substance of the proposed PDPL content was more or less a copy-paste of the concept and provisions from the GDPR without knowing the objective of such concept and provisions. This research provided a valuable opportunity to demonstrate that it is essential to include a comprehensive condition of consent within Indonesian data protection legislation.