19 Dec 2019
Government Acts to Regulate Booming E-commerce Sector and Foreign Providers Operating in Indonesian Market

A. Introduction

Despite being mandated by Article 66 of the Trade Law,[1] which entered into force on 11 March 2014, a government regulation specifically focused on e-commerce has only recently been issued after having been under discussion since 2015.

The new regulation (Government Regulation No. 80 of 2019 on Electronic Commerce / “GR 80/2019[2]) entered into force on 25 November 2019. However, a grace period of two years (running to 25 November 2021) is provided to allow existing e-commerce operators to bring themselves into compliance with the legislation’s provisions.

GR 80/2019 comes hard on the heels of the issuance of Government Regulation No. 71 of 2019 (“GR 71/2019,”[3] effective 10 October 2019), which is also of relevance to e-commerce as it regulates electronic systems and transactions in general (for an analysis of GR 71/2019, see our ABNR Legal Update published on 30 October 2019 (click here)).

Overall, GR 80/2019 attempts to provide a comprehensive framework for the regulation of e-commerce, encompassing such aspects as the licensing requirements and procedures applicable to e-commerce providers; obligations related to the provision of e-commerce services; e-commerce implementation, consumer rights, personal-data protection, payment, delivery, advertising, dispute resolution, etc.

As with GR 71/2019, GR 80/2019 incorporates quite detailed provisions on electronic contracts that build on the rather skeletal framework set out in the Electronic Information and Transactions Law (as amended)[4] and its implementing regulations. Given the practical importance of the new rules on electronic contracts in GR 71/2019 and GR 80/2019, we shall analyze them in a separate ABNR Legal Update, while confining our discussion in this update to brief descriptions of other key aspects of GR 80/2019 that directly affect e-commerce operators and consumers.

B. Some Key Definitions in GR 80/2019

  1. Commerce” (Perdagangan) refers to activities related to transactions in goods and / or services, whether on a domestic or cross-border basis, that are conducted for the purpose of transferring title to or ownership of a good and / or service in return for remuneration or compensation (same definition as in the Trade Law).

    As regards the scope of a good / service, GR 80/2019 introduces two definitions that are new to Indonesian law and which will be important going ahead for, among other things, the taxing of e-commerce transactions, namely:

    1. Digital good (barang digital): an intangible good that takes the form of electronic or digital information, whether resulting from conversion / transformation or originally in digital format, including but not limited to software, multimedia and / or electronic data;

    2. Digital service (jasa digital): a service that is delivered through the Internet or an electronic network, which is automatic in nature or only involves a limited amount of human intervention, and which cannot be ensured without the use of information technology, including but not limited to software-based services.

  2. E-commerce” (Perdagangan Melalui Sistem Elektronik) is a form of commerce where transactions are conducted using electronic equipment and procedures (same definition as in the Trade Law). Unfortunately, this definition appears rather inadequate as it could conceivably be construed as encompassing, for example, a transaction involving a medical examination or treatment at a doctor's surgery using electronic equipment where the patient is physically present, or the making available of electronic games in a video arcade where the customer is physically present. By contrast, the European Union’s E-commerce Directive[5] explains that e-commerce transactions (which are referred to in the directive as “information society services”) are confined to those that are provided (a) via electronic means; (b) at a distance (which excludes the two examples above); and (c) at the individual request of the service recipient (thereby excluding such things as radio and TV broadcasts).

  3. E-commerce provider” (Pelaku Usaha Perdagangan Melalui Sistem Elektronik) is an individual or undertaking, whether incorporated or unincorporated and whether domestic or non-domestic, that engages in commercial operations in the e-commerce field (“e-commerce provider” is a catch-all term that is used throughout GR 80/2019 for all types of commercial provider of e-commerce services). The Elucidation on Article 5 GR 80/2019 explains that a payment gateway provider is also classified as an e-commerce provider, but is subject to separate regulation “by the relevant authority” (currently Bank Indonesia).

  4. Consumer” is an individual that uses a good and / or service, whether in their own interest or in the interest of a family member, another person or another living creature, for non-commercial purposes.

C. E-commerce Regulatory Scheme

E-commerce providers are differentiated into three classes:

  1. Merchant (pedagang): a domestic / non-domestic e-commerce provider that engages in e-commerce transactions using either its own facilities or facilities provided by a domestic / non-domestic e-commerce service provider (see paragraph 2 below) or another electronic system that provides e-commerce facilities.

A party that sells a good or service on a temporary basis and for non-commercial purposes is not categorized as a merchant.

  1. E-commerce service provider (penyelenggara perdagangan melalui sistem elektronik / hereinafter “service provider”): a domestic / non-domestic e-commerce provider that provides electronic services and/or communication facilities which make the conducting of e-commerce transactions possible (such as facilitating e-commerce transactions by merchants and / or the settlement of e-commerce transactions). Business models that come within the scope of “e-commerce service provider” include (a) online retailing (where the merchant has its own facilities for conducting e-commerce transactions); (b) online marketplaces or platforms where merchants post offers of goods and / or services; (c) online classified advertising platforms that bring together sellers and buyers without the involvement of a third-party e-commerce service provider; (d) price comparison websites; and (e) daily deals (also frequently referred to as “deal of the day” or “flash sales”).

The electronic communication facilities may function to provide information, facilitate communication, conduct transactions, facilitate payment (payment system) and/or as part of a delivery system.

  1. E-commerce intermediary service provider (penyelenggara sarana perantara / hereinafter “intermediary service provider”): a domestic / non-domestic e-commerce provider which provides electronic communication facilities that function solely to electronically link a “sender” and a “recipient.” Such facilities include search engines, hosting services and caching. Telecommunications providers are specifically excluded from the definition of “intermediary service provider.”

An e-commerce provider may be a domestic or non-domestic individual or enterprise.

D. Extraterritoriality

Crucially, GR 90/2019 is of extraterritorial effect thanks to Article 7, which provides that non-domestic e-commerce providers will be deemed to be present physically and to carry on business on a permanent basis in Indonesia (as a permanent or fixed business establishment) if they actively make offers to, or engage in transactions with, consumers who are resident within the territory of Indonesia, provided that certain criteria are satisfied. These criteria focus on transaction volume; transaction value; number of deliveries; and / or total traffic or access. Should a non-domestic e-commerce provider satisfy these criteria, it will be required to appoint a representative in Indonesia to act on its behalf. More detailed provisions on the criteria are to be set out in a ministerial regulation.

E. E-commerce Providers: Requirements & Obligations

E.1. License Requirement

Under Article 15 GR 80/2019, an e-commerce provider is required to obtain a license using the Online Single Submission (OSS) System, save in the case of an intermediary service provider that (a) does not directly benefit from e-commerce transactions; and (b) is not a party to contracts between parties conducting e-commerce transactions. Further provisions on licensing are to be subsequently set out in a ministerial regulation.

E.2. Other Requirements & Obligations

GR 80/2019 also imposes a lengthy list of other requirements and obligations on e-commerce providers. Some of the principal requirements / obligations may be summarized as follows:

  1. E-commerce transactions are specifically subject tothe Indonesian Trade Law and the Electronic Information and Transactions Law (as amended), and the general provisions of Indonesian tax law, consumer protection law, customs & excise law, and competition law.

  2. E-commerce providers must assist / comply with government policies, such as policies on local content, competitiveness, protecting the national interest; export restrictions; product and service standards; etc.

  3. Every party involved in e-commerce must possess, state and provide clear information / data demonstrating their legal identity

  4. An e-commerce provider must comply with general legal requirements, such as those related to business licenses, technical licenses, etc.

  5. An e-commerce provider is required to provide accurate, clear and truthful information on the condition of goods / services being sold, and the electronic system employed; and to comply with ethical advertising rules, as established by law.

  6. A service provider is prohibited from listing merchants that fail to comply with Indonesian law.

  7. Technical requirements prescribed by Indonesian law must be complied with.

  8. Financial-transaction data must be retained for a minimum of 10 years, and for five years in the case of non-financial transaction data.

G. Liability for Illegal Content

G.1. General Rule of Liability

Article 22 GR 80/2019 makes all e-commerce service providers and intermediary service providers generally liable for the civil and criminal consequences that arise from illegal content, save in circumstances where they take prompt measures to remove or disable such content, or the relevant link, upon becoming aware of it.

G.2. Exemptions from Liability for Intermediary Service Providers

As regards intermediary service providers, GR 80/2019 provides a number of exemptions from liability (“safe harbors”), which for the most part are taken verbatim (as translated) from the European Union’s E-commerce Directive. These exemptions are as follows:

  1. Search-engine services.

  2. Where an intermediary service provider acts as a mere conduit, that is, it (a) does not initiate the transmission; (b) does not select the receiver of the transmission; and (c) does not modify the information contained in the transmission.

  3. Caching, that is, the temporary storage of information for the sole purpose of making more efficient the information’s onward transmission, where an intermediary service provider (a) does not modify the information; (b) complies with conditions on access to the information; (c) complies with the generally accepted industry rules for the updating of the information; (e) does not interfere with the lawful use of technology, widely recognized and used by industry, to obtain data on the use of the information; and (f) acts expeditiously to remove or to disable access to information it has stored upon obtaining actual knowledge of the fact that the information at the initial source of transmission has been removed from the network, or access to it has been disabled, or that a court of administrative authority has ordered such removal or disablement.

  4. Hosting services, that is, the storage of information provided by a recipient of the service, where (a) the provider does not have actual knowledge of illegal activity or information and, as regards claims for damages, is not aware of facts or circumstances from which the illegal activity or information is apparent; or (b) the provider upon obtaining such knowledge or awareness, acts expeditiously to remove or to disable access to the information.

  5. A service provider that provides interactive computer services is exempted from liability for restricting access to or removing content where (a) it acts in good faith in circumstances where it believes the content is illegal; or (b) access is restricted or the content removed by the provider of the content based on its own analysis or that of a third party as regards the content’s legality.

G.3. General Duty to Monitor

Unlike the E-commerce Directive, which expressly prohibits EU member states from imposing a general obligation to monitor content on intermediary service providers, GR 80/2019 does precisely the opposite by requiring such providers to establish a technical content control mechanism and/or a mechanism through which the public can submit reports of or complaints on illegal content. In addition, intermediary service providers are required to impose terms of use or clauses in licensing agreements that require the recipients of services to use them in a legal manner.

H. Consumer Protection

E-commerce providers must protect consumer rights in accordance with Indonesian law, and provide a mechanism for responding to and resolving consumer complaints.

The principal problem with this provision is that Indonesia’s consumer protection legislation has not been updated since 1999 - a time when e-commerce was still in its infancy. To help provide relief for abuses that fall outside the ambit of the existing consumer protection legislation, losses suffered by consumers may be reported directly to the Ministry of Trade. In such circumstances, the e-commerce service provider is required to take action so as to resolve the complaint. Should they fail to do so, they will be placed on a publicly accessible “priority watch list” (daftar prioritas pengawasan) maintained by the Ministry of Trade.

I. Personal Data protection

GR 80/2019 provides tighter protections for personal data than the general protections incorporated in GR 71/2019. For example, Article 59(2)h GR 80/2019 prohibits offshore personal data transfer unless the recipient country or territory has been certified by the Minister of Trade as having at least the same level of personal data protection and standards as Indonesia. Meanwhile, the Elucidation on Article 59(2) states that such standards should have regard to “European data protection standards” (presumably the European Union (EU)’s General Data Protection Regulation / “GDPR[6]) and / or the APEC Privacy Framework.

J. ABNR Commentary

As GR 80/2019 marks the state’s first foray into e-commerce, it should come as no surprise that it has elicited criticism from some industry participants, particularly micro, small and medium enterprises (MSMEs), which strongly object to what they see as unduly burdensome licensing requirements.

Nevertheless, by contrast with Indonesia’s previous approach to regulating digital businesses, GR 80/2019 (in common with GR 71/2019) adopts a much lighter touch that is in line with the government’s commitment to improving the country’s ease of doing business. On the other hand, however, GR 80/2019 means that Indonesia has now joined a growing list of jurisdictions that have resorted to extraterritoriality to regulate and tax the Indonesian operations of overseas based e-commerce providers.

Overall, we feel that GR 80/2019 is to be cautiously welcomed for the greater legal certainty it provides. Nevertheless, it has to be said that its approach to certain aspects of e-commerce appears quite simplistic, and in some cases already rather outdated. For example, a number of key aspects of GR 80/2019 are clearly influenced by the EU’s E-commerce Directive, which is now 20 years old and looks set to be reviewed in the near future (indeed, the new President of the European Commission, Ursula von der Leyen, has committed to upgrade the EU’s liability and safety rules for digital platforms, safety and products with a new Digital Services Act). In addition, by comparison with the EU’s recently adopted Digital Content Directive,[7] there seem to be some significant areas of concern as regards content that have not been specifically addressed, or have been addressed only superficially, by GR 80/2019.

By Agus Ahadi Deradjat (aderadjat@abnrlaw.com) and Mahiswara Timur (mtimur@abnrlaw.com)

[1] Law No. 7 of 2014 on Trade (Undang-undang No. 7 Tahun 2014 Tentang Perdagangan)

[2] Peraturan Pemerintah No. 80 Tahun 2019 Tentang Perdagangan Melalui Sistem Elektronik

[3] Government Regulation No. 71 of 2019 on Electronic Systems and Transactions (Peraturan Pemerintah No. 71 Tahun 2019 Tentang Penyelenggaraan Sistem dan Transaksi Elektronik)

[4] Law No. 11 of 2008 on Electronic Information and Transactions (Undang-undang No. 11 Tahun 2008 Tentang Informasi dan Transaksi Elektronik)

[5] Directive 2000/31/EC of the European Parliament and of the Council of 8 June 2000 on certain legal aspects of information society services, in particular electronic commerce, in the Internal Market ( https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32000L0031&from=EN)

[6] EU General Data Protection Regulation (GDPR): Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), OJ 2016 L 119/1.

[1] A set of principles and implementation guidelines that were created in order to establish effective privacy protections that avoid barriers to information flows, and ensure continued trade and economic growth in the Asia Pacific Economic Cooperation region. The APEC Privacy Framework was first adopted in 2005 and was subsequently updated in 2015.

[7] Directive 2019/770 of the European Parliament and of the Council of 20 May 2019 on certain aspects concerning contracts for the supply of digital content and digital services (https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A32019L0770)

This ABNRNewsand its contents are intended solely to provide a general overview, for informational purposes, of selected recent developments in Indonesian law. They do not constitute legal advice and should not be relied upon as such. Accordingly, ABNR accepts no liability of any kind in respect of any statement, opinion, view, error, or omission that may be contained in this legal update. In all circumstances, you are strongly advised to consult a licensed Indonesian legal practitioner before taking any action that could adversely affect your rights and obligations under Indonesian law.

More Legal Update

NEWS DETAIL

Back

19 Dec 2019
Government Acts to Regulate Booming E-commerce Sector and Foreign Providers Operating in Indonesian Market

A. Introduction

Despite being mandated by Article 66 of the Trade Law,[1] which entered into force on 11 March 2014, a government regulation specifically focused on e-commerce has only recently been issued after having been under discussion since 2015.

The new regulation (Government Regulation No. 80 of 2019 on Electronic Commerce / “GR 80/2019[2]) entered into force on 25 November 2019. However, a grace period of two years (running to 25 November 2021) is provided to allow existing e-commerce operators to bring themselves into compliance with the legislation’s provisions.

GR 80/2019 comes hard on the heels of the issuance of Government Regulation No. 71 of 2019 (“GR 71/2019,”[3] effective 10 October 2019), which is also of relevance to e-commerce as it regulates electronic systems and transactions in general (for an analysis of GR 71/2019, see our ABNR Legal Update published on 30 October 2019 (click here)).

Overall, GR 80/2019 attempts to provide a comprehensive framework for the regulation of e-commerce, encompassing such aspects as the licensing requirements and procedures applicable to e-commerce providers; obligations related to the provision of e-commerce services; e-commerce implementation, consumer rights, personal-data protection, payment, delivery, advertising, dispute resolution, etc.

As with GR 71/2019, GR 80/2019 incorporates quite detailed provisions on electronic contracts that build on the rather skeletal framework set out in the Electronic Information and Transactions Law (as amended)[4] and its implementing regulations. Given the practical importance of the new rules on electronic contracts in GR 71/2019 and GR 80/2019, we shall analyze them in a separate ABNR Legal Update, while confining our discussion in this update to brief descriptions of other key aspects of GR 80/2019 that directly affect e-commerce operators and consumers.

B. Some Key Definitions in GR 80/2019

  1. Commerce” (Perdagangan) refers to activities related to transactions in goods and / or services, whether on a domestic or cross-border basis, that are conducted for the purpose of transferring title to or ownership of a good and / or service in return for remuneration or compensation (same definition as in the Trade Law).

    As regards the scope of a good / service, GR 80/2019 introduces two definitions that are new to Indonesian law and which will be important going ahead for, among other things, the taxing of e-commerce transactions, namely:

    1. Digital good (barang digital): an intangible good that takes the form of electronic or digital information, whether resulting from conversion / transformation or originally in digital format, including but not limited to software, multimedia and / or electronic data;

    2. Digital service (jasa digital): a service that is delivered through the Internet or an electronic network, which is automatic in nature or only involves a limited amount of human intervention, and which cannot be ensured without the use of information technology, including but not limited to software-based services.

  2. E-commerce” (Perdagangan Melalui Sistem Elektronik) is a form of commerce where transactions are conducted using electronic equipment and procedures (same definition as in the Trade Law). Unfortunately, this definition appears rather inadequate as it could conceivably be construed as encompassing, for example, a transaction involving a medical examination or treatment at a doctor's surgery using electronic equipment where the patient is physically present, or the making available of electronic games in a video arcade where the customer is physically present. By contrast, the European Union’s E-commerce Directive[5] explains that e-commerce transactions (which are referred to in the directive as “information society services”) are confined to those that are provided (a) via electronic means; (b) at a distance (which excludes the two examples above); and (c) at the individual request of the service recipient (thereby excluding such things as radio and TV broadcasts).

  3. E-commerce provider” (Pelaku Usaha Perdagangan Melalui Sistem Elektronik) is an individual or undertaking, whether incorporated or unincorporated and whether domestic or non-domestic, that engages in commercial operations in the e-commerce field (“e-commerce provider” is a catch-all term that is used throughout GR 80/2019 for all types of commercial provider of e-commerce services). The Elucidation on Article 5 GR 80/2019 explains that a payment gateway provider is also classified as an e-commerce provider, but is subject to separate regulation “by the relevant authority” (currently Bank Indonesia).

  4. Consumer” is an individual that uses a good and / or service, whether in their own interest or in the interest of a family member, another person or another living creature, for non-commercial purposes.

C. E-commerce Regulatory Scheme

E-commerce providers are differentiated into three classes:

  1. Merchant (pedagang): a domestic / non-domestic e-commerce provider that engages in e-commerce transactions using either its own facilities or facilities provided by a domestic / non-domestic e-commerce service provider (see paragraph 2 below) or another electronic system that provides e-commerce facilities.

A party that sells a good or service on a temporary basis and for non-commercial purposes is not categorized as a merchant.

  1. E-commerce service provider (penyelenggara perdagangan melalui sistem elektronik / hereinafter “service provider”): a domestic / non-domestic e-commerce provider that provides electronic services and/or communication facilities which make the conducting of e-commerce transactions possible (such as facilitating e-commerce transactions by merchants and / or the settlement of e-commerce transactions). Business models that come within the scope of “e-commerce service provider” include (a) online retailing (where the merchant has its own facilities for conducting e-commerce transactions); (b) online marketplaces or platforms where merchants post offers of goods and / or services; (c) online classified advertising platforms that bring together sellers and buyers without the involvement of a third-party e-commerce service provider; (d) price comparison websites; and (e) daily deals (also frequently referred to as “deal of the day” or “flash sales”).

The electronic communication facilities may function to provide information, facilitate communication, conduct transactions, facilitate payment (payment system) and/or as part of a delivery system.

  1. E-commerce intermediary service provider (penyelenggara sarana perantara / hereinafter “intermediary service provider”): a domestic / non-domestic e-commerce provider which provides electronic communication facilities that function solely to electronically link a “sender” and a “recipient.” Such facilities include search engines, hosting services and caching. Telecommunications providers are specifically excluded from the definition of “intermediary service provider.”

An e-commerce provider may be a domestic or non-domestic individual or enterprise.

D. Extraterritoriality

Crucially, GR 90/2019 is of extraterritorial effect thanks to Article 7, which provides that non-domestic e-commerce providers will be deemed to be present physically and to carry on business on a permanent basis in Indonesia (as a permanent or fixed business establishment) if they actively make offers to, or engage in transactions with, consumers who are resident within the territory of Indonesia, provided that certain criteria are satisfied. These criteria focus on transaction volume; transaction value; number of deliveries; and / or total traffic or access. Should a non-domestic e-commerce provider satisfy these criteria, it will be required to appoint a representative in Indonesia to act on its behalf. More detailed provisions on the criteria are to be set out in a ministerial regulation.

E. E-commerce Providers: Requirements & Obligations

E.1. License Requirement

Under Article 15 GR 80/2019, an e-commerce provider is required to obtain a license using the Online Single Submission (OSS) System, save in the case of an intermediary service provider that (a) does not directly benefit from e-commerce transactions; and (b) is not a party to contracts between parties conducting e-commerce transactions. Further provisions on licensing are to be subsequently set out in a ministerial regulation.

E.2. Other Requirements & Obligations

GR 80/2019 also imposes a lengthy list of other requirements and obligations on e-commerce providers. Some of the principal requirements / obligations may be summarized as follows:

  1. E-commerce transactions are specifically subject tothe Indonesian Trade Law and the Electronic Information and Transactions Law (as amended), and the general provisions of Indonesian tax law, consumer protection law, customs & excise law, and competition law.

  2. E-commerce providers must assist / comply with government policies, such as policies on local content, competitiveness, protecting the national interest; export restrictions; product and service standards; etc.

  3. Every party involved in e-commerce must possess, state and provide clear information / data demonstrating their legal identity

  4. An e-commerce provider must comply with general legal requirements, such as those related to business licenses, technical licenses, etc.

  5. An e-commerce provider is required to provide accurate, clear and truthful information on the condition of goods / services being sold, and the electronic system employed; and to comply with ethical advertising rules, as established by law.

  6. A service provider is prohibited from listing merchants that fail to comply with Indonesian law.

  7. Technical requirements prescribed by Indonesian law must be complied with.

  8. Financial-transaction data must be retained for a minimum of 10 years, and for five years in the case of non-financial transaction data.

G. Liability for Illegal Content

G.1. General Rule of Liability

Article 22 GR 80/2019 makes all e-commerce service providers and intermediary service providers generally liable for the civil and criminal consequences that arise from illegal content, save in circumstances where they take prompt measures to remove or disable such content, or the relevant link, upon becoming aware of it.

G.2. Exemptions from Liability for Intermediary Service Providers

As regards intermediary service providers, GR 80/2019 provides a number of exemptions from liability (“safe harbors”), which for the most part are taken verbatim (as translated) from the European Union’s E-commerce Directive. These exemptions are as follows:

  1. Search-engine services.

  2. Where an intermediary service provider acts as a mere conduit, that is, it (a) does not initiate the transmission; (b) does not select the receiver of the transmission; and (c) does not modify the information contained in the transmission.

  3. Caching, that is, the temporary storage of information for the sole purpose of making more efficient the information’s onward transmission, where an intermediary service provider (a) does not modify the information; (b) complies with conditions on access to the information; (c) complies with the generally accepted industry rules for the updating of the information; (e) does not interfere with the lawful use of technology, widely recognized and used by industry, to obtain data on the use of the information; and (f) acts expeditiously to remove or to disable access to information it has stored upon obtaining actual knowledge of the fact that the information at the initial source of transmission has been removed from the network, or access to it has been disabled, or that a court of administrative authority has ordered such removal or disablement.

  4. Hosting services, that is, the storage of information provided by a recipient of the service, where (a) the provider does not have actual knowledge of illegal activity or information and, as regards claims for damages, is not aware of facts or circumstances from which the illegal activity or information is apparent; or (b) the provider upon obtaining such knowledge or awareness, acts expeditiously to remove or to disable access to the information.

  5. A service provider that provides interactive computer services is exempted from liability for restricting access to or removing content where (a) it acts in good faith in circumstances where it believes the content is illegal; or (b) access is restricted or the content removed by the provider of the content based on its own analysis or that of a third party as regards the content’s legality.

G.3. General Duty to Monitor

Unlike the E-commerce Directive, which expressly prohibits EU member states from imposing a general obligation to monitor content on intermediary service providers, GR 80/2019 does precisely the opposite by requiring such providers to establish a technical content control mechanism and/or a mechanism through which the public can submit reports of or complaints on illegal content. In addition, intermediary service providers are required to impose terms of use or clauses in licensing agreements that require the recipients of services to use them in a legal manner.

H. Consumer Protection

E-commerce providers must protect consumer rights in accordance with Indonesian law, and provide a mechanism for responding to and resolving consumer complaints.

The principal problem with this provision is that Indonesia’s consumer protection legislation has not been updated since 1999 - a time when e-commerce was still in its infancy. To help provide relief for abuses that fall outside the ambit of the existing consumer protection legislation, losses suffered by consumers may be reported directly to the Ministry of Trade. In such circumstances, the e-commerce service provider is required to take action so as to resolve the complaint. Should they fail to do so, they will be placed on a publicly accessible “priority watch list” (daftar prioritas pengawasan) maintained by the Ministry of Trade.

I. Personal Data protection

GR 80/2019 provides tighter protections for personal data than the general protections incorporated in GR 71/2019. For example, Article 59(2)h GR 80/2019 prohibits offshore personal data transfer unless the recipient country or territory has been certified by the Minister of Trade as having at least the same level of personal data protection and standards as Indonesia. Meanwhile, the Elucidation on Article 59(2) states that such standards should have regard to “European data protection standards” (presumably the European Union (EU)’s General Data Protection Regulation / “GDPR[6]) and / or the APEC Privacy Framework.

J. ABNR Commentary

As GR 80/2019 marks the state’s first foray into e-commerce, it should come as no surprise that it has elicited criticism from some industry participants, particularly micro, small and medium enterprises (MSMEs), which strongly object to what they see as unduly burdensome licensing requirements.

Nevertheless, by contrast with Indonesia’s previous approach to regulating digital businesses, GR 80/2019 (in common with GR 71/2019) adopts a much lighter touch that is in line with the government’s commitment to improving the country’s ease of doing business. On the other hand, however, GR 80/2019 means that Indonesia has now joined a growing list of jurisdictions that have resorted to extraterritoriality to regulate and tax the Indonesian operations of overseas based e-commerce providers.

Overall, we feel that GR 80/2019 is to be cautiously welcomed for the greater legal certainty it provides. Nevertheless, it has to be said that its approach to certain aspects of e-commerce appears quite simplistic, and in some cases already rather outdated. For example, a number of key aspects of GR 80/2019 are clearly influenced by the EU’s E-commerce Directive, which is now 20 years old and looks set to be reviewed in the near future (indeed, the new President of the European Commission, Ursula von der Leyen, has committed to upgrade the EU’s liability and safety rules for digital platforms, safety and products with a new Digital Services Act). In addition, by comparison with the EU’s recently adopted Digital Content Directive,[7] there seem to be some significant areas of concern as regards content that have not been specifically addressed, or have been addressed only superficially, by GR 80/2019.

By Agus Ahadi Deradjat (aderadjat@abnrlaw.com) and Mahiswara Timur (mtimur@abnrlaw.com)

[1] Law No. 7 of 2014 on Trade (Undang-undang No. 7 Tahun 2014 Tentang Perdagangan)

[2] Peraturan Pemerintah No. 80 Tahun 2019 Tentang Perdagangan Melalui Sistem Elektronik

[3] Government Regulation No. 71 of 2019 on Electronic Systems and Transactions (Peraturan Pemerintah No. 71 Tahun 2019 Tentang Penyelenggaraan Sistem dan Transaksi Elektronik)

[4] Law No. 11 of 2008 on Electronic Information and Transactions (Undang-undang No. 11 Tahun 2008 Tentang Informasi dan Transaksi Elektronik)

[5] Directive 2000/31/EC of the European Parliament and of the Council of 8 June 2000 on certain legal aspects of information society services, in particular electronic commerce, in the Internal Market ( https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32000L0031&from=EN)

[6] EU General Data Protection Regulation (GDPR): Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), OJ 2016 L 119/1.

[1] A set of principles and implementation guidelines that were created in order to establish effective privacy protections that avoid barriers to information flows, and ensure continued trade and economic growth in the Asia Pacific Economic Cooperation region. The APEC Privacy Framework was first adopted in 2005 and was subsequently updated in 2015.

[7] Directive 2019/770 of the European Parliament and of the Council of 20 May 2019 on certain aspects concerning contracts for the supply of digital content and digital services (https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A32019L0770)

This ABNRNewsand its contents are intended solely to provide a general overview, for informational purposes, of selected recent developments in Indonesian law. They do not constitute legal advice and should not be relied upon as such. Accordingly, ABNR accepts no liability of any kind in respect of any statement, opinion, view, error, or omission that may be contained in this legal update. In all circumstances, you are strongly advised to consult a licensed Indonesian legal practitioner before taking any action that could adversely affect your rights and obligations under Indonesian law.