Indonesian Political, Business & Finance News

Ban on Photocopying e-KTP: Data Misuse Faces Up to 5 Years in Prison

| By Nawir Arsyad Akbar | Source: KOMPAS Translated from Indonesian | Regulation
Ban on Photocopying e-KTP: Data Misuse Faces Up to 5 Years in Prison
Image: KOMPAS

JAKARTA - The act of duplicating or photocopying an electronic identity card, or e-KTP, has the potential to breach regulations, particularly under Law No. 27 of 2022 on Personal Data Protection (PDP). The ban on photocopying e-KTP was emphasised by the Director General of Population and Civil Registration at the Ministry of Home Affairs, Teguh Setyabudi. “In fact, the e-KTP no longer needs to be photocopied, as that is actually a violation of the PDP,” Teguh said in Depok, West Java, on Wednesday (6/5/2026). “The e-KTP is equipped with advanced technology, a chip. That chip contains the data. In fact, the e-KTP no longer needs to be photocopied,” Teguh added. Personal data, according to Article 1 paragraph (1) of the PDP Law, is data about an individual that is identified or can be identified individually or in combination with other information, either directly or indirectly, through electronic or non-electronic systems. Furthermore, Articles 65 paragraphs (1), (2), and (3) of the PDP Law regulate the prohibition on using personal data that does not belong to oneself. The wording of these three articles is as follows: “Every person is prohibited from unlawfully disclosing personal data that is not their own,” states Article 65 paragraph (2) of the PDP Law. “Every person is prohibited from unlawfully using personal data that is not their own,” states Article 65 paragraph (3) of the PDP Law. Provisions on criminal penalties related to the misuse of personal data are regulated in Article 67 paragraphs (1), (2), and (3) of the PDP Law. Then, in Article 67 paragraph (2) of the PDP Law, it is stipulated that every person who intentionally and unlawfully discloses personal data that is not their own as referred to in Article 65 paragraph (2) shall be sentenced to a maximum imprisonment of 4 years and/or a maximum fine of Rp4,000,000,000. “Every person who intentionally and unlawfully uses personal data that is not their own as referred to in Article 65 paragraph (3) shall be sentenced to a maximum imprisonment of 5 (five) years and/or a maximum fine of Rp5,000,000,000 (five billion rupiah),” states Article 67 paragraph (3) of the PDP Law.

View JSON | Print