Indonesia is the largest economy in the ASEAN region with a significant growth in e-commerce. According to , individual consumers accounted for 79.80% of national e-commerce actors and will increase with the penetration of online shoppers in 2019 in around 55.5% of internet users, or 30.1 % of the population . The increasing number of Indonesia's e-commerce consumers will impact on its transaction reaching USD3.56 billion in 2015, and USD4.89 billion in 2016, and is expected to increase to approximately USD130 billion by 2020 . The contribution of Indonesia online market to e-commerce will be 57% or USD46 billion and it is expected to comprise 52% of South East Asian e-commerce by 2025 .
One of the e-commerce challenges in Indonesia, according to , is consumers' inadequate trust in transaction fraud leading to poor consumer sentiment. McKinsey report  showed that the fraud in the transaction, the payment security and the quality of products are the factors taken into account by e-commerce users to purchase. In 2015, consumer complaints about online shopping was ranked in fourth position with 77 cases related to counterfeiting products, products incompatibility to the information available on website, and refund problem . Consumer's trust becomes the key for e-commerce sellers or merchants to enhance their business and to grow in digital era. According to  the intention of Indonesia consumer to purchase in e-commerce is trust of merchants and their perception on cyber fraud. Consumer's trust can be achieved if merchants can assure their environment with strong data privacy and security practices .
Consumer's information privacy is a value in e-commerce, which may consist of variety of personal information needed in transactions . Consumer's information privacy can be the target of profiling and data mining activities by governments, companies or other individuals for specific purposes such as surveillance or advertising. In , stated that the stealing of personal information and identities accounted for 53% of all data breach around the world in 2015 and the retail business was ranked third position as a target sector in data breach. Through e-commerce database, consumer's information privacy can be collected in large quantities and has a high economic value, so the potential violation of information privacy is larger .
2. Concept of e-Commerce, Information Privacy and Legal Approach
The next section describes the concept of e-commerce, information privacy and legal approach to the question of consumer information privacy in e-commerce.
E-commerce refers to a commercial (usually contractual) transaction taking place between two or more people using internet. E-commerce is different from conventional commerce not only in the medium it uses, but also in other things such as location and physical facilities as shown in Table 1.
As a new mechanism in conducting a business, e-commerce changes the nature of the business, which relies on the use of information on the internet. E-commerce differs from e-business because it has an exchange value involved in the transaction , including the value of information on transactions.
With e-commerce, consumers can search for timeless and borderless market, compare products easily, execute the order conveniently and receive the goods instantly. For business organizations or sellers, e-commerce can increase revenue by means of exploring new opportunities and expanding the market, reducing manpower and operating expenses, speeding up the processing time and facilitating the data updating, and enhancing the productivity .
3.1. Information privacy
Much information is generated through the process of interaction and transaction in cyberspace, one of which is information privacy. Information privacy is an individual's claim to control the terms under which personal information (information identifiable to the individual) is acquired, disclosed and used . Information privacy, according to , is a part of personal privacy containing the confidentiality of thoughts and communications. Information privacy, according to Solove and Schwartz , concerns the power of commercial and government entities over individual and decision making. When ones make online in their devices, it would produce information as a public good and can be used for many organizations and purposes .
Business organizations or sellers can collect data containing information privacy such as: name, address, birth dates, credit scores, shopping habits, financial history and et cetera, from consumers. Consumer information is needed to business organizations or sellers because it helps them: understand what consumers want and respond to their goods and services, create more value, and improve the services and products they offer . Business organizations or sellers could share or sell the information privacy with third party (marketers, advertisers, other companies or governments) without prior notification to the consumers. Consumers should have the ability of controlling how business organizations or sellers use, store and share their information privacy .
3.2. Legal Approach
In  stated that legal approach is how government carries out its adjudicatory function, commitment to maintaining constitutional rights and the rule of law. Constitutional law is concerned with the role and powers of the institutions within the state and with the relationships between the citizen and the state . Organization needs a constitution to define its powers, rights and duties of the organization's members. A constitution is needed to regulate an internal organization and its relationships with external bodies. Constitutional law will continue to define the rights of individuals in new situations and revises its interpretations relative to older ones .
Information privacy law, according , has a wide-range of law bodies which is common law, constitutional law, statutory law and international law. These bodies of laws are needed to protect the individual's rights and adherence to legal constitutional procedures. The legal approach has several central values: the first one is procedural due process standing for fairness value, which will protect individuals from malicious, arbitrary, erroneous, or capricious deprivation of life, liberty or property at the hands of government. The second value is individual substantive rights and the third one is equity empowering the judges to enact remedies for individual whose statutory rights have been violated . In  stated that laws applied to protect information privacy will give the owners of information the rights that can be enforced against parties who access or use that information improperly.
Meanwhile,  stated that there are several legal bases that will protect individual information privacy from others' violation. Firstly, general privacy laws are statutes that imposing requirements for the collection, distribution, and use of information privacy applicable to all formats (electronic or non-electronic). This general privacy laws become a framework for information privacy. Secondly, internet and electronic privacy laws are enacted to protect information privacy obtained using internet or other electronic systems. This legislation gives private parties and governments the ability of enforcing it through litigation against the parties that violates the statutory privacy requirements. Thirdly, information privacy rules are enforced with regard to specific types of personal information and specific content.
Fourthly, contract laws that are enforceable contract terms between a computer user and a service provider. The limitation on the use of system or service to user, and standards and practices of system security and information privacy to service provider become the reason of these contract laws. Fifthly, consumer protection laws enforce the privacy rights through these regulations application. Service providers should ensure that they deliver on all promises regarding information privacy. Sixthly, tort laws give the private a vehicle to claim for the recovery of damages caused by improper use of personal information by other private parties. Seventhly, civil liberties provide certain legal protections against unreasonable searches or seizures of property conducted by governments. And finally, privacy practices are developed and implemented by computer system operators. The operators should implement and publicize a description of their information privacy practices and procedures.
5. Finding and Discussion
Indonesia has an obligation to protect its citizens and the entire homeland as stated in the Preamble of 1945 Constitution of the Republic of Indonesia. In digital era, the term `people protection' has redefined and encompassed the protection of the people's rights. Indonesia's constitution has mandated the State to protect its citizens' right to life ensuring their dignity and harmony with their environment. According to the 1945 Constitution article 28F, one of the Indonesians' rights is to communicate, to acquire, to find, to possess, to store, to process and to deliver the information. Indonesians' rights to communicate and to manage the information supported by protection efforts as included in article 28G clause (1) giving a individual the protection right and security from threats that meet or do not meet the basic rights. This article is binding not only the government but also the business organizations and individuals. The state should balance the rights and interests of government, business organizations and individuals with the laws .
The protection of information privacy, according to , can have several legal basis that will protect information privacy of consumer in e-commerce. Information privacy of consumer in Indonesia's e-commerce is not protected by a comprehensive legal basis. Even though, the state is required to protect its citizen in communicating, acquiring, finding, possessing, storing, processing and delivering the information. As shown in Table 2, Indonesia's e-commerce is only supported by a few legal bases protecting the consumers' information privacy from a violation or breach.
Indonesia does not yet have a comprehensive legal basis to protect information privacy in e-commerce. Existing legislations defined information privacy varyingly according to its sector. A few legislations mandate an obligation to provider (privates or governments) to protect information privacy under its management. The mechanism of information privacy protection is not regulated explicitly in legislation.
Information privacy of e-commerce consumers is most critical in light of the high economic value of profiling and data mining from companies for specific purposes, e.g. to determine the market preference and other economic trends. The increasing e-commerce consumer numbers will bring an effect on Indonesian digital economy and its information privacy value. The absence of comprehensive legal basis to protect information privacy of consumers can be considered as Indonesia's negligence against its citizen rights. The legal basis is significant for the protection of information privacy because laws can work to protect individual privacy; can work to enable and to support infringements and invasions of privacy; and can outlaw or block ways by which people can protect their own privacy .
The comprehensive legislation becomes a good detailed guidance to the e-commerce entities and will direct the process of collecting, distributing or using information privacy properly and in standardized activities. The comprehensiveness of information privacy legislation will represent legal values such as procedural due process, individual substantive rights and equity that will give an assurance not only to Indonesia citizen, but also to e-commerce entities in Indonesia and abroad. The legal basis of information privacy protection will increase obedience and submission of e-commerce entities to the implementation of security system and effective information privacy management.
Information as privacy of consumers is a valued asset and a potential factor in Indonesia's e-commerce that should be managed by a comprehensive legislation to protect the collection, distribution and usage of information in proper manner and standardized activities. These comprehensive legislations will be represented as the e-commerce entities' commitment to building a safe and trustworthy environment to consumer, to maintain constitutional rights and the rule of law, and to give the citizen a new basic right in digital era.