Indonesia-US Trade Deal Prompts House Commission to Demand Establishment of Data Protection Authority

House of Representatives Commission I Deputy Chairman Sukamta has urged the government to immediately establish a personal data protection (PDP) authority following the inclusion of cross-border data transfer provisions in the Agreement on Reciprocal Trade (ART) between Indonesia and the United States. Sukamta said the PDP authority would be tasked with overseeing data protection.

“The establishment of an independent personal data protection authority — an independent body with investigative and technical capacity, as well as adequate sanctioning powers — must be a priority. Without effective oversight, data protection remains merely normative,” Sukamta said in a statement on Monday (23/2/2026).

Sukamta said the government is currently drafting a Presidential Regulation (Perpres) derived from Article 58 of Law No. 27 of 2022 on Personal Data Protection. He urged that the draft regulation be finalised without delay.

“I am pressing the government to immediately complete deliberations on this draft Presidential Regulation,” Sukamta said.

The PKS politician said the data transfer clause in the agreement signed by President Prabowo Subianto and US President Donald Trump has direct implications for the governance of Indonesian citizens’ personal data, particularly in the digital economy sector, including cloud services, digital platforms, fintech, digital health, and e-commerce.

“Cross-border data transfer is an inevitability of the modern digital economy. However, the ease of data flows must be balanced with the strengthening of digital sovereignty and the protection of citizens’ rights. Protecting individual rights is a state obligation. Policies are needed to ensure that every Indonesian citizen’s data, wherever it is processed, remains protected by a robust and enforceable legal system,” he said.

Beyond the establishment of the PDP authority, Sukamta emphasised the need for comprehensive implementing regulations in the form of a Government Regulation (PP). These rules, he said, must clarify the criteria for countries with adequate levels of data protection, periodic evaluation mechanisms, and standards for cross-border data protection contracts.

“This includes matters concerning data transfers outside Indonesian jurisdiction, as stipulated in Article 56 of the PDP Law, which states that cross-border data transfers are permitted provided the destination country has an equivalent level of protection, or there are binding protection guarantees, or the data subject has given consent. These provisions are to be further regulated by Government Regulation,” he said.

Sukamta also called for the classification of sensitive strategic data, including health data, biometric data, and critical infrastructure data requiring additional safeguards.

“Cross-border complaint and remediation mechanisms must be established. Citizens must have clear and accessible complaint channels in the event of data misuse abroad,” he explained.

“Periodic evaluation of adequacy status is also essential. Recognition of a country as ‘adequate’ should be dynamic and periodically evaluated based on regulatory developments and practices in partner countries,” he added.

Sukamta said the strengthening of domestic data infrastructure is also necessary. He stressed that cross-border data transfers must not impede the development of national data centres and the domestic cloud industry.

“This is the momentum to accelerate the consolidation of national data governance so that Indonesia does not merely become a digital market, but is also capable of becoming a significant global player in the digital marketplace,” he said.

Previously, Indonesia and the United States officially opened a new chapter in economic cooperation through the Agreement on Reciprocal Trade (ART) entitled ‘Toward a New Golden Age for the US-Indonesia Alliance’. One of the key provisions in the agreement concerns consumer data transfers.