Regulating Facial Recognition Technology under the Indonesian Privacy and Data Protection Frameworks: The Pacing Problem?

Adelia Rachmaniar, Aris Mustriadi, Hasyimi Pradana, Aditya Prastian Supriyadi


The incentive behind artificial intelligence is to develop computers that can perform complex tasks that could only be performed by humans. One of the embodiments is facial recognition that is utilised in a commercial context to law enforcement. This technology could endanger the fundamental rights of an individual; the right to privacy and the right for personal data protection. The terms privacy and data protection should not be used interchangeably since privacy refers to what extent interferences against an individual can be justified, whereas data protection covers protection against unlawful processing of one’s personal data. In Indonesia, the regulatory frameworks on privacy and data protection are still widely fragmented. European Convention on Human Rights (ECHR) and General Data Protection Regulation (GDPR) in the European Union have become prime examples for privacy and data protection frameworks. Therefore, this paper uses a doctrinal methodology to analyse the regulatory gaps in the current Indonesian privacy and data protection frameworks, by taking into account the ECHR and GDPR. It can be concluded that facial recognition highlights the pacing problem in Indonesia data governance. There should be exhaustive lists for limitations against interferences on privacy and newly unified regulation on data protection.


Artificial Intelligence, Facial Recognition Technology, Data Protection

Full Text:



European Regulations

Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation)

Convention for the Protection of Human Rights and Fundamental Freedoms

Indonesian Regulations

1945 Constitution of the Republic of Indonesia

Law Number 36 Year 1999 on Telecommunications

Law Number 39 Year 1999 on Human Rights

Law Number 25 Year 2003 on The Amendment to Law Number 15 Year 2002 on Money Laundering Crime

Law Number 14 Year 2008 on Transparency in Public Information

Law Number 17 Year 2011 on State Intelligence

Law Number 19 Year 2016 on the Amendment to Law Number 11 Year 2008 on Electronic Information and Transactions

Government Regulation Number 71 Year 2019 regarding Provisions of Electronic Systems and Transactions

Minister of Communications and Informatics Regulation Number 20 Year 2016 concerning the Protection of Personal Data in an Electronic System

Official Documents

Adam Thierer, 'The Pacing Problem and The Future of Technology Regulation' (MercatusCenter,2020) accessed08 October 2020.

Aliansi Jurnalis Independen/Alliance of Independent Journalists (AJI), ‘State Intelligence Law Challenged in Court’, 26 January 2012, , accessed 05 November 2020.

Amnesty International UK, ‘What is the European Convention on Human Rights?’, (Amnesty International UK, 2018), accessed 03 November 2020.

Andrew Rossow, ‘The Birth Of GDPR: What Is It And What You Need To Know’, (Forbes, 25,May,2018), know/?sh=ce23c7755e5b , accessed 04 November 2020.

CitizenLab and Canada Centre for Global Security Studies, Island of Control Island of Resistance: Monitoring the 2013 Indonesian IGF, Number 29, January 20, (2014),, page 52, accessed 05 November 2020.

European Court of Human Rights, Guide on Article 8 of the European Convention on Human Rights Right to respect for private and family life, home and correspondence,, accessed 03 November 2020.

European Data Protection Board, Guidelines 3/2019 on processing of personal data through video devices, Adopted on 29 January 2020

Nicholas Fearn, How facial recognition technology threatens basic privacy rights, (,2019), accessed 08 October 2020.

Privacy International, ‘State of Privacy Indonesia’, 26 January 2019, , accessed 10 November 2020.

PWC, ‘The global footprint of data protection regulations’, , page 3, accessed 11 November 2020.

Steven Greer, The exceptions to Articles 8 to 11 of the European Convention on Human Rights, (Council of Europe Publishing, 1997), , page 9, accessed 03 November 2020.

Ursula Kilkelly, The right to respect for private and family life: A guide to the implementation of Article 8 of the European Convention on Human Rights, (Council of Europe, Human Rights Handbook) , page 31, accessed 03 November 2020.


Els J. Kindt, Privacy and Data Protection Issues of Biometric Applications: A Comparative Legal Analysis, (Springer Netherland, 2013),

European Union Agency for Fundamental Rights and Council of Europe, Handbook on European Data Protection Law, (2018),

Privacy and Human Rights: An International Survey of Privacy Laws and Practices, Privacy International

John Vacca, Biometric Technologies and Verification Systems, Elsevier, 2007,

Sara M. Smyth, Biometrics, Surveillance and the Law: Societies of Restricted Access, Discipline and Control, Routledge, 2019.

Journal Articles

Bart Custers and Helena Ursic, ‘Worker Privacy in a Digitalized World Under European Law’, Comparative Labour Law & Policy Journal, January 2018, , page 333, accessed 05 November 2020.

Bernard Marr, ‘Facial Recognition Technology: Here Are The Important Pros And Cons’, (Forbes,2019) cons/#e52097514d16 accessed 08 October 2020.

E. Bloustein, Privacy as An Aspect of Human Dignity: an Answer to Dean Prosser, on New York University Law Review Vol. 39 (1964).

Samuel Warren dan Louis Brandeis, The Right to Privacy, dalam Harvard Law Review Vol. IV No. 5, 15 Desember 1890, di, accesed on 07 Nov. 2020.

Lee A. Bygrave, ‘Data Protection by Design and by Default: Deciphering the EU’s Legislative Requirements’, Oslo Law Review, Volume 4, No. 2-2017, , page 115, accessed 05 November 2020.

Juliane Kokott and Christoph Sobotta, ‘The distinction between privacy and data protection in the jurisprudence of the CJEU and the ECtHR’, International Data Privacy Law, 2013, Vol. 3, No. 4, , page 224, accessed 03 November 2020.

Peter Blume, 'The Citizens' Data Protection' (1998) 1 Journal of Information Law & Technology accessed 08 October 2020

Salim Ibrahim Ali,, 'Legal Research of Doctrinal and Non-Doctrinal' (2017) Volume 4 (1) International Journal of Trend in Research and Development, page 493, accessed 14 October 2020.


Christina Dewi, ‘Taking a sneak peek of JD’s first unmanned store in Indonesia’, (Techinasia, 2018) accessed 08 October 2020.

Eisya A. Eloksari, ‘Government trials facial recognition system to improve social aid disbursement’, (The Jakarta Post, 2020),

Heru Andriyanto, 'Indonesia Expects to Adopt Data Protection Law Sooner' Jakarta Globe (2020) accessed 08 October 2020.

ICW Ajukan Sengketa Rekening Gendut ke KIP, lihat, accesed on 07 Nov. 202

Lintang Setianti, Urgensi Regulasi Perlindungan Data Pribadi, (ELSAM, Lembaga Studi dan Advokasi Masyarakat), accessed 11 November 2020.

Lydia F de La Torre, ‘What does ‘data protection by design and by default’ mean under EU Data Protection Law?’, (Medium, 2019), , accessed 05 November 2020.

Polri Tolak Buka INformasi 17 Rekening Gendut Perwira, Lihat, accesed on 07 Nov. 2020>


  • There are currently no refbacks.

Diterbitkan Oleh :

Faculty of Law

UPN Veteran Jakarta

Jl. RS. Fatmawati Raya, Pd. Labu, Kec. Cilandak,

Jakarta Selatan, DKI Jakarta 12450.

Fax : 021-7656971/021-7699431

Telp : 021-7656971 Ext.139/193

Email :

Website :

Proceedings INCOLS is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License.