24 hours to comply . . .
Indonesia’s Ministerial Regulation No.5 (MR5), enacted last November, continues to fuel public debate and concerns over freedom of speech. Under MR5, the Indonesian government has sweeping authority to order the removal of online content deemed to violate existing laws or “incite unrest and disturb public order,” giving online platforms 24 hours to comply. Foreign and domestic digital service providers – including a wide range of internet platforms from social media and internet search engines to financial technology and messaging applications – had until May 24 to register with the government for content monitoring. However, the Communications and Information Ministry has extended the deadline for an additional six months, after which the government could block unregistered services accessible in Indonesia.
Censoring or protecting Indonesian cyberspace?
According to the government, MR5 will “create a healthier” cyberspace by ensuring that digital service providers do not facilitate the dissemination of illegal content, such as child pornography and information supporting terrorism, but also information it says may cause social unrest. Critics argue MR5’s broad and one-sided definition of prohibited content and the implied need for platforms to self-monitor user-posted content will undermine freedoms of expression, privacy and the press, and access to information in Indonesia. MR5 also lacks any mechanisms to contest a take-down order. Human rights advocates have urged the government to suspend MR5 and undergo further consultations with civil society groups and technology experts. This process was neglected and cut short before MR5 was signed off by the Ministry last year.
Internet policy still lags behind . . .
MR5 comes as large-scale data breaches and increased digital attacks on anti-graft activists continue to demonstrate the country’s weak data and online protections for citizens. Leaked private information for over 200 million people is reportedly on sale online. The data allegedly originated from Indonesia’s Health Care and Social Security Agency (BPJS Kesehatan), which manages the national health insurance system. This is the second significant data breach within a year. An earlier hack of a user database from e-commerce site Tokopedia leaked the private information of 91 million accounts. Advocates have been quick to point out that MR5 does little to address these genuine issues plaguing the safety of Indonesians online and instead gives disproportionate power to the government to silence its critics.