KnE Social Sciences | The 3rd International Conference on Social and Political Science (ICoSaPS) | pages: 59-68

, , and

1. Background

Indonesia is the largest economy in the ASEAN region with a significant growth in e-commerce. According to [17], individual consumers accounted for 79.80% of national e-commerce actors and will increase with the penetration of online shoppers in 2019 in around 55.5% of internet users, or 30.1 % of the population [8]. The increasing number of Indonesia's e-commerce consumers will impact on its transaction reaching USD3.56 billion in 2015, and USD4.89 billion in 2016, and is expected to increase to approximately USD130 billion by 2020 [16]. The contribution of Indonesia online market to e-commerce will be 57% or USD46 billion and it is expected to comprise 52% of South East Asian e-commerce by 2025 [12].

One of the e-commerce challenges in Indonesia, according to [12], is consumers' inadequate trust in transaction fraud leading to poor consumer sentiment. McKinsey report [1] showed that the fraud in the transaction, the payment security and the quality of products are the factors taken into account by e-commerce users to purchase. In 2015, consumer complaints about online shopping was ranked in fourth position with 77 cases related to counterfeiting products, products incompatibility to the information available on website, and refund problem [26]. Consumer's trust becomes the key for e-commerce sellers or merchants to enhance their business and to grow in digital era. According to [22] the intention of Indonesia consumer to purchase in e-commerce is trust of merchants and their perception on cyber fraud. Consumer's trust can be achieved if merchants can assure their environment with strong data privacy and security practices [6].

Consumer's information privacy is a value in e-commerce, which may consist of variety of personal information needed in transactions [3]. Consumer's information privacy can be the target of profiling and data mining activities by governments, companies or other individuals for specific purposes such as surveillance or advertising. In [11], stated that the stealing of personal information and identities accounted for 53% of all data breach around the world in 2015 and the retail business was ranked third position as a target sector in data breach. Through e-commerce database, consumer's information privacy can be collected in large quantities and has a high economic value, so the potential violation of information privacy is larger [7].

The protection of consumer's information privacy is one issue in Indonesia's e-commerce to be addressed to reinforce the online security [15]. Many sellers or merchants operating in Indonesia have built their security systems with technology approach to protect consumers' information privacy. They also state a privacy policy to enhance consumer's trust about how they treat the information privacy. However, the security system and privacy policy used in e-commerce sites is not standardized, and these will lead to unequal treatment of consumer information privacy [13]. This paper describes how a legal approach can ensure that consumer rights are protected to guarantee a safe environment in Indonesia's e-commerce.

2. Concept of e-Commerce, Information Privacy and Legal Approach

The next section describes the concept of e-commerce, information privacy and legal approach to the question of consumer information privacy in e-commerce.

3. E-Commerce

E-commerce refers to a commercial (usually contractual) transaction taking place between two or more people using internet. E-commerce is different from conventional commerce not only in the medium it uses, but also in other things such as location and physical facilities as shown in Table 1.

Table 1

Comparison between Conventional Commerce and e-Commerce [10].

Conventional Commerce e-Commerce
  • Real store at certain location

  • Paper-based transaction (cash, invoice and receipts)

  • Offline business

  • Use cash, credit card, debit and other methods for payment

  • Bounded by geographical factor

  • Can feel and touch the product before it was purchased

  • Virtual store on the web

  • Electronic records and communications

  • Online business

  • Usually use credit card for transaction

  • Transaction at anywhere as long as there is a connection to internet

  • Cannot feel and touch the product before it was purchased

As a new mechanism in conducting a business, e-commerce changes the nature of the business, which relies on the use of information on the internet. E-commerce differs from e-business because it has an exchange value involved in the transaction [18], including the value of information on transactions.

With e-commerce, consumers can search for timeless and borderless market, compare products easily, execute the order conveniently and receive the goods instantly. For business organizations or sellers, e-commerce can increase revenue by means of exploring new opportunities and expanding the market, reducing manpower and operating expenses, speeding up the processing time and facilitating the data updating, and enhancing the productivity [4].

3.1. Information privacy

Much information is generated through the process of interaction and transaction in cyberspace, one of which is information privacy. Information privacy is an individual's claim to control the terms under which personal information (information identifiable to the individual) is acquired, disclosed and used [14]. Information privacy, according to [21], is a part of personal privacy containing the confidentiality of thoughts and communications. Information privacy, according to Solove and Schwartz [25], concerns the power of commercial and government entities over individual and decision making. When ones make online in their devices, it would produce information as a public good and can be used for many organizations and purposes [24].

Business organizations or sellers can collect data containing information privacy such as: name, address, birth dates, credit scores, shopping habits, financial history and et cetera, from consumers. Consumer information is needed to business organizations or sellers because it helps them: understand what consumers want and respond to their goods and services, create more value, and improve the services and products they offer [5]. Business organizations or sellers could share or sell the information privacy with third party (marketers, advertisers, other companies or governments) without prior notification to the consumers. Consumers should have the ability of controlling how business organizations or sellers use, store and share their information privacy [21].

3.2. Legal Approach

In [23] stated that legal approach is how government carries out its adjudicatory function, commitment to maintaining constitutional rights and the rule of law. Constitutional law is concerned with the role and powers of the institutions within the state and with the relationships between the citizen and the state [1]. Organization needs a constitution to define its powers, rights and duties of the organization's members. A constitution is needed to regulate an internal organization and its relationships with external bodies. Constitutional law will continue to define the rights of individuals in new situations and revises its interpretations relative to older ones [23].

Information privacy law, according [25], has a wide-range of law bodies which is common law, constitutional law, statutory law and international law. These bodies of laws are needed to protect the individual's rights and adherence to legal constitutional procedures. The legal approach has several central values: the first one is procedural due process standing for fairness value, which will protect individuals from malicious, arbitrary, erroneous, or capricious deprivation of life, liberty or property at the hands of government. The second value is individual substantive rights and the third one is equity empowering the judges to enact remedies for individual whose statutory rights have been violated [23]. In [19] stated that laws applied to protect information privacy will give the owners of information the rights that can be enforced against parties who access or use that information improperly.

Meanwhile, [19] stated that there are several legal bases that will protect individual information privacy from others' violation. Firstly, general privacy laws are statutes that imposing requirements for the collection, distribution, and use of information privacy applicable to all formats (electronic or non-electronic). This general privacy laws become a framework for information privacy. Secondly, internet and electronic privacy laws are enacted to protect information privacy obtained using internet or other electronic systems. This legislation gives private parties and governments the ability of enforcing it through litigation against the parties that violates the statutory privacy requirements. Thirdly, information privacy rules are enforced with regard to specific types of personal information and specific content.

Fourthly, contract laws that are enforceable contract terms between a computer user and a service provider. The limitation on the use of system or service to user, and standards and practices of system security and information privacy to service provider become the reason of these contract laws. Fifthly, consumer protection laws enforce the privacy rights through these regulations application. Service providers should ensure that they deliver on all promises regarding information privacy. Sixthly, tort laws give the private a vehicle to claim for the recovery of damages caused by improper use of personal information by other private parties. Seventhly, civil liberties provide certain legal protections against unreasonable searches or seizures of property conducted by governments. And finally, privacy practices are developed and implemented by computer system operators. The operators should implement and publicize a description of their information privacy practices and procedures.

4. Method

This paper reviewed the literature and examined the public documents and regulations related to information privacy in Indonesia. To provide complete description, we analyzed Indonesia's e-commerce sites and their privacy policies and e-commerce's terms of condition to find out their position on privacy policy.

5. Finding and Discussion

Indonesia has an obligation to protect its citizens and the entire homeland as stated in the Preamble of 1945 Constitution of the Republic of Indonesia. In digital era, the term `people protection' has redefined and encompassed the protection of the people's rights. Indonesia's constitution has mandated the State to protect its citizens' right to life ensuring their dignity and harmony with their environment. According to the 1945 Constitution article 28F, one of the Indonesians' rights is to communicate, to acquire, to find, to possess, to store, to process and to deliver the information. Indonesians' rights to communicate and to manage the information supported by protection efforts as included in article 28G clause (1) giving a individual the protection right and security from threats that meet or do not meet the basic rights. This article is binding not only the government but also the business organizations and individuals. The state should balance the rights and interests of government, business organizations and individuals with the laws [2].

Table 2

Indonesia's' legal basis to support the protection of information privacy. Sources: Indonesia legislation and merchants' site.

Type of Legal (Matsuura) Indonesia's Context Substance
General privacy laws    - -
Internet and electronic privacy laws
  • ITE Act No. 11/2008 article 26

  • Government Regulation No. 82/2012 article 15

  • The usage of data must have permission

  • The notification of personal data protection

Specific of protected information
  • Private Document Act No. 8/1997 article 4

  • Banking Act No. 10/1998 article 40

  • Telecommunication Act No. 36/1999 article 42

  • Information Disclosure Act No. 14/2008 articles 17

  • Health Act No. 36/2009 article 57

  • Archives Act No. 43/2009 article 44

  • Population Administration Act No.23/2006 article 2, 84, and 85

  • Revision of 23/2006 article 84 and 86

  • Unclearly mentioning about information privacy

  • Non-disclosure information

  • Protection to personal data Types of personal data and the protection on its Types of personal data

Contract law Terms and Conditions Depends on provider and not detailed
Consumer protection rules Consumer Protection Act No. 8/1999 Unclearly mentioning about information privacy
Tort law protection    - -
Civil liberties Article 28F Unclearly mentioning about information privacy
Privacy practices Privacy policy on merchants Mention about information privacy, but the procedures not standardized and uniform

The protection of information privacy, according to [19], can have several legal basis that will protect information privacy of consumer in e-commerce. Information privacy of consumer in Indonesia's e-commerce is not protected by a comprehensive legal basis. Even though, the state is required to protect its citizen in communicating, acquiring, finding, possessing, storing, processing and delivering the information. As shown in Table 2, Indonesia's e-commerce is only supported by a few legal bases protecting the consumers' information privacy from a violation or breach.

Indonesia does not yet have a comprehensive legal basis to protect information privacy in e-commerce. Existing legislations defined information privacy varyingly according to its sector. A few legislations mandate an obligation to provider (privates or governments) to protect information privacy under its management. The mechanism of information privacy protection is not regulated explicitly in legislation.

Information privacy of e-commerce consumers is most critical in light of the high economic value of profiling and data mining from companies for specific purposes, e.g. to determine the market preference and other economic trends. The increasing e-commerce consumer numbers will bring an effect on Indonesian digital economy and its information privacy value. The absence of comprehensive legal basis to protect information privacy of consumers can be considered as Indonesia's negligence against its citizen rights. The legal basis is significant for the protection of information privacy because laws can work to protect individual privacy; can work to enable and to support infringements and invasions of privacy; and can outlaw or block ways by which people can protect their own privacy [2].

The comprehensive legislation becomes a good detailed guidance to the e-commerce entities and will direct the process of collecting, distributing or using information privacy properly and in standardized activities. The comprehensiveness of information privacy legislation will represent legal values such as procedural due process, individual substantive rights and equity that will give an assurance not only to Indonesia citizen, but also to e-commerce entities in Indonesia and abroad. The legal basis of information privacy protection will increase obedience and submission of e-commerce entities to the implementation of security system and effective information privacy management.

6. Conclusion

Information as privacy of consumers is a valued asset and a potential factor in Indonesia's e-commerce that should be managed by a comprehensive legislation to protect the collection, distribution and usage of information in proper manner and standardized activities. These comprehensive legislations will be represented as the e-commerce entities' commitment to building a safe and trustworthy environment to consumer, to maintain constitutional rights and the rule of law, and to give the citizen a new basic right in digital era.



Hilaire Barnett, Constitutional Administrative Law, Year: 2013, 10thNew YorkRoutledge


Bernal P., Internet privacy rights: Rights to protect autonomy, Year: 2012, Page: 1-311. DOI: 10.1017/CBO9781107337428


Peter Carey., The Internet and e-Commerce, Year: 2001, LondonThorogood


Henry Chan, E-Commerce: Fundamentals and Applications, Year: 2001, EnglandJohn Wiley & Sons


CMA , Competition & Markets Authority, The Commercial Use of Consumer Data: Report on the CMAs call for Information, Year: 2015, Crown


Conroy Pat., Building Consumer Trust: Protecting Personal Data in the Consumer Product Industry, Year: 2014, Deloitte University Press


Dewi S., 2009. Cyber Law: Perlindungan Privasi atas Informasi Pribadi dalam E-Commerce Menurut Hukum Internasional. Bandung: Widya Padjajaran


eMarketer , Worldwide Retail Ecommerce Sales: Emarketers Updated Estimates and Forecast Through, Year: 2015, Emarketer's Updated Estimates and Forecast ThroughWorldwide Retail Ecommerce Sales


Frost. , Sullivan , Indonesia Digital Transformation Outlook Briefing: ASEAN Indonesia e-Commerce Outlook, Year: 2016,


Ghani N. A., Sidek Z. M., Personal information privacy protection in e-commerce, WSEAS Transactions on Information Science and Applications, Year: 2009, Volume: 6, Issue: 3, Page: 407-416.


Gemalto , 2016. 2015: The Year Data Breaches Got Personal Findings from the 2015 Breach Level Index


Google , Temasek. 2016. E-conomy SEA: Unlocking the $200 billion digital opportunity in Southeast Asia


Jumiati , Haula Rosdiana; Retno Kusumastuti. 2016. Why a Policy is Needed to Protect Privacy Information in Indonesia's e-Commerce. Paper presented at IAPA International Conference 2016. UGM Yogyakarta Indonesia, October 6-8


Kang J., Information Privacy in Cyberspace Transactions, Stanford Law Review, Year: 1998, Volume: 50, Issue: 4, Page: 1193-1194. DOI: 10.2307/1229286


Kearney A. T., Lifting the Barriers to E-Commerce in ASEAN, Year: 2015, A.T. Kearney Inc


Kominfo , 2015. Info Grafis E-commerce Indonesia


Kominfo , Data dan Statistik, Pelaku E-commerce Nasional, Year: 2016,


Laudon Kenneth C., Carol G., E-Commerce: Business, Technology, Society. New Jersey: Pearson Education Inc


Matsuura J. H., 2002. Security, Rights, and Liabilities in e-Commerce. Norwood: Artech House Inc


Mckinsey & Company , 2013. The Evolving Indonesian Consumer. Asia Consumer Insights Center


Carla Mooney, Privacy in The Online World: Online Privacy and Business, Year: 2015, CaliforniaReference Point Press Inc


Ainur Rofiq, Impact of Cyber Fraud and Trust of e-Commerce System on Purchasing Intentions: Analysing Planned Behaviour [Dissertation, thesis], Year: 2012, Faculty of BusinessAustralia, and Law. University of Southern Queensland


Rosenbloom David H., Robert S. K., Richard M. C., 2009. Public Administration: Understanding Management, Politics, and Law in the Public Sector 7th Edition. McGraw-Hill International Edition: The McGraw-Hill Companies Inc


Rubin P. H., Lenard T. M., Privacy and the Commercial Use of Personal Information, Year: 2002, Boston, MASpringer US DOI: 10.1007/978-1-4615-1719-1


Solove Daniel J., Information Privacy Law, Year: 2011, 4thCCH IncorporatedWolters Kluwer Law & Business


YLKI , 2016. Berita Konsumen 2015



  • Downloads 33
  • Views 850



ISSN: 2518-668X