Vous êtes sur la page 1sur 51

Information and Communications

Technology (ICT) Laws: Recent


Issues & Development

Agenda

Overview on ICT Law


Personal Data Protection
Freedom of Information
Electronic Commerce Law

Overview of ICT Law


Definition of ICT law
The importance of ICT law

Good governance
Technology development
Economic development
Human rights

Overview of ICT Law (contd)


Scope of ICT law
Rules and regulations concerning the use and
utilization of information and communications
technology

Trend: towards internationalization of ICT law

UNCITRAL
OECD
APEC
European Union

Personal Data Protection

Reality Check
More information about more people is
more readily accessible than ever before
Efficiency of computer network had caused
more and more information to be stored in
computer readable form
Potential for privacy invasion is great
Loss of privacy is one of the major worries

Personal Information: Commodity and


Life-blood of Information Economy
EU Working Party: Consumer data right now is the
currency of e-commerce in a lot of ways.
The Economist (18 Dec. 1999):
Information about individual is the life-blood of most
of the new burgeoning new service businesses

How?
Many sites sell products at a lower price in
exchange of personal data
Many services allow users free surfing also in
exchange of personal data for marketing
purposes
List of customers are being sold or shared
through mergers of IT companies
Consumers data been offered for sale when
internet companies go bankrupt

Privacy as Human Right


Art. 12 Universal Declaration of Human
Rights:
No one should be subjected to arbitrary
interference with his privacy, family, home
or correspondence nor to attack on his
honour and reputation

Numerous other instruments give


specific reference to privacy as a right
International Covenant on Civil and
Political Rights
UN Convention on Migrant Workers
UN Convention on the Rights of the Child
European Convention for the Protection of
Human Rights and Fundamental
Freedoms
American Convention on Human Rights

Cost for Not Protecting Privacy


FTC Studies have estimated that privacy concerns
may have amounted to US$ 2.8 billion in lost
online sales in 1999 for the US alone, rising to a
possible US$ 18 billion by 2002 should the
consumers privacy concerns not be addressed

IBM Research

1. 50% consumers in Germany, UK and US had refused to


give information on websites because of privacy concerns
2. Between 39-47% stated that privacy issues had stopped
them from making online purchases
3. 30% of users demonstrate, privacy assertive behaviour
such as giving false information when asked to register
online.

International Data Protection


Regime
OECD Guidelines set out 8 basic Privacy Principles:
1.
2.
3.
4.
5.
6.
7.
8.

Collection Limitation
Data Quality
Purpose Specification and Notice
Use Limitation
Security
Openness
Access
Accountability

1995 EU Data Protection Directive


The Directive makes several important changes
or additions to the OECD Guidelines:
Legitimate purpose
It requires national registration of databases
and data controllers
No transfer of data if there is no adequate
protection
Encourages use of code of conduct for
industries

APEC Privacy Framework


2004
Recognises reasonable expectation of privacy
but gives greater emphasis to the benefits of
participation in a global information economy.
Specifically endorses proportionality in national
regulation. Regulation and remedy should be
proportional to the likelihood and significance of
harm to an individual.

Focuses on what it calls core fundamentals of


the OECD Guidelines and on the use of the
Internet itself to provide notice, consent, and
control.
Endorses the Collection Limitation, Data Quality
and Security Principles.
Emphasises the usefulness of providing
individuals with mechanisms of choice (opt-out).

Encourages a combination of legislative,


administrative, and industry self regulatory
measures as well as educational efforts

Final Remark on Data Protection


Privacy issues drive or drag the information
economy. Without privacy protection there will
be no consumer confidence in e-business. This
is not an either/or situation. We must protect the
rights of individuals, or e-business will suffer.
(PriceWaterhouseCoopers)

Freedom of Information

What is Freedom of Information?


The terms rights to information and freedom of
information often used interchangeably
Freedom of information (FOI) has long been
regarded as fundamental human right
Resolution 59(1) of the 1946 UN General
Assembly:
Freedom of information is a fundamental human right
and the touch-stone of all the freedoms to which
the United Nations is consecrated.

Universal Standard of the FOI


Article 19 of the Universal Declaration of Human
Rights:
Everyone has the right to the freedom of opinion and
expression; this right includes freedom to hold opinion
without interference and to seek, receive and impart
information and ideas through any media and
regardless of frontiers.

More or less similar provision is found in Article


19 of the International Covenant on Civil and
Political Rights 1966 and American Convention
of Human Rights 1948.

Universal Standard of the FOI


1999 Commonwealth Expert Group:
Freedom of information should be guaranteed
as a legal and enforceable right permitting
every individual to obtain records and
information held by the executive, the
legislative and the judicial arms of the state,
as
well
as
any
government-owned
corporations and any other body carrying out
public functions.

Why FOI?
1. Creating a more democratic and open society:
Information is the oxygen of democracy
No democratic participation in decision making
without transparency and sharing information
Secretive government is nearly always inefficient
Free flow of information is essential if problems are
to be identified and resolved
Information is a necessity and essential part of good
government

Why FOI? (contd)


2. Reducing poverty:
Effective anti-poverty program requires accurate
information on problems hindering development to
be in the public domain
Meaningful debates need to take place around the
policies designed to tackle the problems
Information can empower poor communities to
battle the circumstances in which they find
themselves
Transparent approach helps poor communities to be
visible on the political map so that their interests can
be advanced

Why FOI? (contd)


3.

Rights to information laws are critical tools in the fight


against corruption:

4.

Public duty to disclose details on deals and negotiations


serves as deterrent for corrupt activities
If more information in the hands of citizens, even where
corruption persists it can be exposed and eliminated
Sunshine is the best disinfectant

International compliance:

As of March 2004, there were over 50 countries have


comprehensive legislation on FOI including the US, United
Kingdom, Australia, Thailand, Philippines, India, Pakistan and
Japan.

The FOI Principles


(Based on international & regional laws and
standards)
Principle #1:
FOI legislation should be guided by the principle of
maximum disclosure
Based on the presumption that all the information held by public
body shall be subject to disclosure
This presumption may be overcome only in very limited
circumstances
The overriding goal of legislation should be to implement
maximum disclosure in practice
If public authority seeks to deny access they bear the onus of
justifying the refusal

The FOI Principles (contd)

Principle #2:
Public bodies should be under an obligation to publish
key information

FOI also implies that public bodies should publish and


disseminate documents of significant public interest

Principle #3:
Public bodies must actively promote open government

Informing the public of their rights is essential if the goals of


FOI are to be realized
Promotional activities are the important component of FOI
regime
FOI should provide a number of mechanism to address the
problem of a culture of secrecy within the government.

The FOI Principles (contd)

Principle #4:
Exceptions should be clearly and narrowly drawn and subject to
strict harm and public interest tests.

Principle #5:
Request for information should be processed rapidly and fairly, and
an independent review of any refusals should be available.

Principle #6:
Individuals should not be deterred from making request for
information by excessive cost.

The FOI Principles (contd)

Principle #7:
Meetings of public bodies should be open to the public.

Principle #8:
Laws which are inconsistent with the principle of maximum
disclosure should amended or repealed.

Principle #9:
Individuals who release information on wrong doing (whistle
blowers) must be protected.

Brief & preliminary comments on


Indonesias FOI Law no 14 of 2008
Indonesias initiative to have the FOI law is applaudable and
comparably ahead of some countries in the region.
Some of the provisions in the law are inline with the
international standard, e.g.:

Obligations of public body to publish information


Limited exceptions
Justification of refusal of information request
Provision on appeal against public body

Nevertheless, some reservations are bound to follow on


some issues such as the structure of the Information
Commission and the way they are supposed to be
answerable.

Electronic Commerce Law

Electronic Commerce Defined


The term "electronic commerce" has achieved
widespread recognition, becoming a highly
visible symbol in the contemporary language of
the information technology culture that brought
profound changes in the final years of the last
millennium.
The words are commonly used to refer to a
broad class of activities which we generally
understand to be associated with the use of a
computer and the Internet to trade goods and
services in a new, direct and electronic manner.

Electronic Commerce Defined


The word "commerce" in this context
refers to an expanding array of activities
taking place on the open networks
buying, selling, trading, advertising and
transactions of all kinds that lead to an
exchange of value between two parties.

Reinvention towards e-Business


With the increasing value of information and the enabling technology,
organizations start to reinvent their ways of doing business and
gradually leaving their conventional ways. This is reflected in the
following:

E-tools:
Computin
g
devices,
Commun
ication
devices,
Internet,
Intranet,
etc.

E-asset:
Corporat
e
database
,
Trade se
cret,
Intellectu
al
property,
Personal
data,
PCs, etc
.

E-operat
ion:
Corporat
e
website,
E-CRM,
E-market
ing,
E-mail@
work,
E-procur
ement
ICT polic
ies

E-produ
ct:
ICT tools
,
Software
,
Hardware
,
Access,
Content,
ICT servi
ces,
Consultin
g etc.

The greater this change, the greater the


RISK!
E-tools

E-RISK

E-asset

Reputation
Security
Reliability
Confidentiality

E-operation
E-product

(Legal, financial
& technical)

ICT LAWS-RELATED
RISKS

Legal liability risk:

Direct, e.g.: Legal


requirement compliance,
contract liabilities,
Employer-employee
relationships
Indirect, e.g.: system
failure, computer virus
attack, hackers intrusion,
theft of information

Reputational Risk

Compliance of ICT
laws (e.g. data protection,
security & authentication
measures and consumer
protection) will boost the
confidence of business
partners & consumers.

Trade Barrier Risk

Global recognition
Towards harmonization
of law
Worldwide compliance
Violation could render
trade barrier.
e.g.: TBDF under
European privacy laws

E-commerce at home

Indonesia connected to the global Internet in 1994. In 2002, the


number of Internet users in Indonesia is 4.5 million (2.14% of the
population), and estimated to grow to 7.550 million (3.5%) at the
end of 2003.

In 2000, accumulated value of e-commerce in Indonesia was


estimated at under US$ 100 million, or less than 0.1 per cent of
GDP

It only represents 0.026% of the total world transaction value that


reached USD 390 billion in the same period (ITU, 2002).

Meanwhile, it is estimated that the number of Indonesians who buy


goods via the Internet would swell to 600,000 by 2003 (from 70,000
in 2000). (IDC)

E-commerce Environment

1999

Internet Users

Internet
Subscribers
Internet Service
Providers
Country top level
domain (.id)

1,000,000

2003
(till 1st quarter)
7,550,000

256,000

800,000

50

186

3627

16,257

Table1:Internetande-commerceindicatorsinIndonesia.Source:Association
ofInternetServiceProvidersIndonesia(www.apjii.or.id)

Countrys E-readiness

It is the extent to which a countrys business environment is


conducive to Internet-based commercial opportunities. In this,
Indonesia still trails behind other developing countries in the region.

The e-readiness ranking in 2002 placed Indonesia 52 nd; trailing


behind Singapore (11th), Malaysia (32nd), Thailand (46th) and the
Philippines (49th), and only ahead of Vietnam (56th).

Q: what is (are) those conducive e-business environment?


Technology aspect?
Human resources aspect?
Law & regulatory aspect?

Challenges & Threats


Internet Crimes Incidents
Indonesia has been cited as having the third highest software
piracy in the world, 89 per cent in 2000 that results in a loss of
US$ 70 million (ITU, 2002).

Online Fraud relating to Credit Card


About 20% of credit card transaction from Indonesia was
suspected to be illegal (ClearCommerce, 2002).
In year 2002 alone, there were 218 cases of credit card fraud
reported to the Police.
Meanwhile, there have been 23 cases reported in 2003 (until
August) (Gatra, 2003).

Inappropriate email triggered workplace


sexual harassment claims, e.g. in the
email message reads 25 Reasons Why
Beer is Better Than Women (Chevron
Corp. case, 1999).

Lost Productivity; when an inspection revealed


that fire division HQs staff were visiting as
many as 8,000 porn sites a day.
HR Headache: The NY Times fired nearly 2
dozen employees & reprimanded another 20 for
sending/receiving offensive & obscene emails

DISASTER STORIES IN THE US


Xerox fired more than 40 employees in
1999 for idling away up to eight hours a
day on X-rated sites. The downloading
was so pervasive thus chocked Xerox
computer network & prevented
employees from sending and receiving
legitimate emails.

Computer Crime & Security Breaches:


According to the 1999 Computer Security
Institute/FBI Computer Crime Security
Survey, US business and institutions lost
more than $100 million to computer
security breaches in 19999

NISERs survey of 100 organizations in


October 2003 revealed that the most IT
security attack occurred were virus
attack (87%), spamming (83%), hack
threat (27%), and theft of proprietary
information (14%)

Virus attack and information theft.


offences had resulted in a total of RM
500,000 loss to Malaysian companies
within year 2001/2002 alone, based on
the research conducted on 200
organizations in the country (NISER).

DISASTER STORIES IN MALAYSIA


Malaysian ISP Jaring identified in 1999
a group of hackers from a local
university as being responsible for
breaking into and using local and
foreign servers as launch pads for
attacks and abuse on the Undernet chat
network. Due to this, 14 subscriber
accounts were suspended.

Recently in August 2003, police nabbed 3


people in connection with an Internet
banking scam where they had allegedly
transferred victims money after exploiting
bank systems weakness to obtain
victims password. One of the three was
an employee of that bank .

Where is the Panacea?


The answer is there is no single panacea for the problems that
increasingly arise and become aggravated. The solution should come
from a blender of measures, INCLUDING legal and regulatory measures:

People

Technology

Process

E-commerce laws and regulatory framework

Challenges & Threats


Legal obstacles as a result of absence of a
comprehensive cyberlaw.
Thus, enforcers still try hard to find redress from
conventional laws with so many limitations, especially in
defining the constitution of commission of crime, extent
of punishment and defining evidentiary requirements.
This condition has warranted the urgency of enacting a
comprehensive cyberlaw in order to ensure reliability of
e-business, as well as the confidence of consumers,
merchants and investors to embark in the new venture.

Extension of Conventional Laws


In Indonesian legal systems, the values, rights and
liabilities surrounding the electronic information
as asset, document, evidence, etc. have been
recognized by diverse and sporadic pieces of
legislation including:
Criminal Code Law; Procedural Law; Archive
Law; Corporate Document Law; Banking Law;
Telecommunications Law; Anti Corruption Law;
Copyright Law, etc.

Needs for Specific and Comprehensive


Cyberlaw Legislation
In order to cater issues and challenges of new ICT
dimensions, and to be inline with international
legal frameworks, there appears the need to
initiate specific laws on certain areas such as:

Computer misuses (Cyber Crimes)


Information and electronic transaction
Fund transfer
Personal data protection

Requirements for Good ECommerce Law


Preserving national interests & inline with national legal
system framework
In conformity with internationally-accepted legal norms and
practices
Balance between potential conflicting interests: government
vs. private sectors; public order vs. individual rights; and
commercial vs. social aspects
Technology neutral and anticipative
Understandable, workable and enforceable.

Law no11 of 2008 on Information


and Electronic Transaction
This is considered the first initiative of the country to
enact a comprehensive legislation on cyberlaw, started
in 2000 involving academics, government agencies, as
well as IT practitioners.
The draft Law finalized by relevant agencies after it was
consulted to public for comment. After intensive
discussions with the Parliament, the Law was enacted in
2008.
The Law is inspired by the legislations of other countries
as well as international model laws.

Extensive Subject Matters


Legal Position of Electronic Message &
Admissibility of Electronic Evidence
Consumer Protection
Electronic Contract
Writing & Signature Requirements
PKI & Certification Authority
Cyber Squatting
Intellectual Property Rights
Personal Data Protection
Offences of Cyber Crime

Enforcement Challenges
Effective administrative measures, policies and
strategies in executing the requirements of
cyberlaw and e-government.
Awareness and educational programs for both
enforcement agency and the public at large.
International and worldwide cooperation.

LESSON & FINAL REMARKS


Indonesia, being the largest economy and market in the
region would require conducive e-business environment
to speed up its business and economic growth.
Absence of necessary legal protection on e-business
proves detrimental to the country.
In this respect, the first initiative on cyberlaw legislation
would serve as cure to this disadvantage and condition.
It is therefore necessary for any business stakeholders in
the country to be aware of the development and future in
this area of law.