INDONESIA Law and Practice Contributed by: Emir Nurmansyah, Monic N. Devina, D. Meitiara P. Bakrie and Ruth A. Mendrofa, ABNR Counsellors at Law
2.11 Implications of Additional, Non- Financial Services Regulations Obtaining an Electronic System Operator (ESO) Certificate Fintech providers must comply with regulations on the use of electronic platforms in Indone - sia. Whether applications or websites, these are classified as electronic systems pursuant to Government Regulation No 71 of 2019 on the Implementation of Electronic Systems and Transactions ( “Reg, 71” ). An ESO and its elec - tronic system must be registered with the MCD in accordance with Reg, 71. The MCD will issue an ESO Certificate to an ESO that has success - fully registered its platform with it. Personal Data Management and Handling In addition to a requirement to obtain an ESO Certificate, implementation of an electronic sys - tem must accord with personal data protection principles. All stages of personal data process - ing by an ESO (including the collection, process - ing and analysis, storage, disclosure and dele - tion of user data) must maintain data privacy and comply with the law – in this case, Law No 27 of 2022 on Personal Data Protection in conjunc - tion with Law No 11 of 2008, as amended by Law No 19 of 2016 and Law No 1 of 2024 on Electronic Information and Transactions (the “EIT Law” ), Reg, 71, and Ministry of Communication and Informatics Regulation No 20 of 2016 on Personal Data Protection in Electronic Systems. Prohibition on Pornographic Content The law and regulations prohibit the intentional and unauthorised distribution of, transmission of, creation of or action resulting in accessibility to electronic information or data with immoral content. This is also in line with the Pornogra - phy Law, which prohibits anyone from produc - ing, creating, copying, multiplying, distributing, broadcasting, importing, exporting, offering,
• the outsourcing is implemented in accord - ance with the provisions of laws and regula - tions in the field of employment. OJK Reg, 40 emphasises that P2P lending com - panies are responsible for work outsourced to third parties. P2P lending companies that sign co-operation agreements on outsourcing with vendors shall report the co-operation to the OJK within five days as of the execution of the co- operation agreement. 2.9 Gatekeeper Liability Fintech providers are fully responsible for their platforms and other services provided to their customers and cannot abdicate their responsi - bility to any party (with reference to Law No 8 of 1999 on Consumer Protection, or the “Con- sumer Protection Law” , and OJK Reg, 22, and also adopted by OJK Regs 40 and 57). 2.10 Significant Enforcement Actions The OJK has deregistered many fintech play - ers, especially P2P lending companies. The most significant reasons for deregistration are late filing of licence applications (or passing of the deadline) and illicit conduct. Through its EIFA Task Force, the OJK regularly receives reports from the public on a variety of unlicensed investments, including cross-border investments. The OJK updates a list of entities that allegedly offer “illegal” investments and that are potentially fraudulent. In performing its duties, the EIFA Task Force co-operates with the MCD to block access to websites or apps of the operators concerned.
336 CHAMBERS.COM
Powered by FlippingBook