The Role of Digital Footprint and its Potential Hazard
By: Rahmat Adrian (firstname.lastname@example.org) and Rahel Manurung
Nowadays, there are more than 150 million internet users in Indonesia, who in average spend 8 hours and 36 minutes online every day. Visiting one website to another one, using the internet to show the direction to a destination, and creating a new account to enjoy facilities offered by an online platform. Moreover, during this time of the pandemic, people rely more on the internet to connect them with other people, to conduct online meetings and e-learning, as well as to buy their daily needs. This leads to the increased use of the internet in daily life as one of the Indonesian internet providers reported 16 percent increase in its broadband traffic during the COVID-19 pandemic. Each time the internet users conduct online activities, they leave behind their digital footprint.
What is a digital footprint?
International Data Corp defines a digital footprint as a capsule that holds all information on the activity of internet users. The information includes the internet users’ personal data, which is defined by the Government Regulation Number 71 of 2019 on the Implementation of Electronic Systems and Transactions (“GR 71/2019”) as all data related to an identified and/or identifiable person which can be identified separately or combined with other information, directly or indirectly through electronic and non-electronic systems.
It is not exaggeratedly claimed that data is the new oil of the world. Data is deemed to be highly valuable commodity these days, therefore it is necessary to learn the roles and also anticipate the potential hazard that might emerge from having a digital footprint.
The Role of Digital Footprint
As internet users, a digital footprint is deemed to be very helpful in many parts of their life. For example, it helps you to find the history of websites that you have visited previously, it personalizes an advertisement so it will be easier for you to find the things that suit your interests, and it also helps you remember your data without having to retyping it all over again. All these things can efficiently help you save some of your valuable time.
A digital footprint can say a lot about one person, including its credibility. Since the digital footprint is freely and easily accessible, nowadays, many companies that want to hire employees are likely to explore the candidate’s digital footprint, to ensure that they are not hiring the problematic candidate. And vice versa, each individual can look into a company’s digital footprint to make sure they are not applying to the “shady” company. A digital footprint can prevent you from buying things from the non-credible online stores. And also, can help any online store to build up its credibility from the ground. Thus, it is important to maintain your digital footprint, the way you expect others to determine your personal image.
The Potential Hazard of Digital Footprint
As mentioned above, a digital footprint contains internet users’ personal data. The digital footprint is formed in a small form, therefore most of the time the internet users don’t see it as a problem. However, if digital footprints are accumulated into one, these become patterns. These patterns of online habit could be used as the source to identify the digital behavior of a person. What does the user do for a living? Where does he go to work? What time does he usually go back from office? are personal data that the users, by their own will, casually post and share on their social media account. However, these activities are prone to the probability of cybercrimes to occur, such as scams and hacking.
Moreover, pursuant to GR 71/2019 and Minister of Communication and Information Technology Regulation Number 20 of 2016 on the Protection of Personal Data (“MOCI Reg. 20/2016”), an internet platform or a company that collects personal data through the internet is obligated to protect the personal data. However, there is still a high probability for any internet platform or a company to experience a data breach. And if this happens, it will harm the personal data owner. For example, if a data breach occurs and the personal data becomes accessible to an unauthorized party, such party can log in to the data owner’s online bank account, track down the personal data owner’s home address, blackmail the personal data owners for the sake of money, power, and many more.
How the Prevailing Regulations Can Reduce the Potential Hazard
The prevailing regulations in Indonesia recognise several rights that can help to reduce the potential hazard of digital footprint.
According to the Law Number 11 of 2008 on Electronic Information and Transaction, as amended by Law Number 19 of 2016 (“EIT Law”), personal data is recognised as part of privacy rights. EIT Law stipulates that the use of any information through electronic media that involves personal data of a person, must be made with the consent of the person himself. And any person whose right is infringed has the right to file a claim for damages incurred. This provision gives the personal data owner the right to be “in control” of its own personal data.
Other than that, GR 71/2019 and MOCI Reg. 20/2016 acknowledge the right to erasure, which is equivalent to the right to be forgotten based on General Data Protection Regulation. This right allows the personal data owner to request the erasure of their personal data. Exercising the right to erasure can help reducing the potential hazard that might emerge from a digital footprint.
How the Upcoming Personal Data Protection Regulation Can Reduce the Potential Hazard
On 24 January 2020, the Indonesian Government has submitted the final draft of Personal Data Protection Bill (“PDP Bill Draft”) to the Indonesian House of Representatives.
The PDP Bill Draft regulates new rights of personal data owners that are deemed to protect personal data owners and to reduce the potential hazard of digital footprint. One of which is the right to decide on the processing of personal data using a pseudonym mechanism. PDP Bill Draft defines a pseudonym mechanism as a processing of personal data in which the personal data can no longer be associated with its personal data owner without using an additional information provided, to ensure those personal data cannot be associated with the identified owner or identifiable personal data.
By exercising this right, the personal data owner can give their personal data without worrying to be identified. Therefore, this should be lower the risk of potential data breach and safeguard personal data.