To close 2019, the Indonesian government enacted the much-anticipated e-commerce regulation1 (“Regulation“) in late November. Being an implementing regulation to the Trade Law,2 the Regulation regulates not only the typical actors in e-commerce transaction (i.e. merchants and consumers), but also e-commerce service providers (penyelenggara perdagangan melalui sistem elektronik) and intermediary service providers (penyelenggara sarana perantara). In addition, the Regulation, among others, regulates e-contracts, online advertisements and personal data protection.
While the Regulation is undoubtedly welcomed, especially in clarifying the many existing uncertainties in the market, some provisions raise issues as it overlaps and contradicts the regulation on electronic systems and transactions,3 which was issued shortly before the Regulation.
Below we provide a snapshot of the Regulation and highlight the provisions that may potentially be a stumbling block to parties in the e-commerce industry.
Parties Targeted by the Regulation
The subjects regulated by the Regulation can be categorised into three groups:
Impact on Foreign Businesses
Foreign businesses that are actively engaging (e.g. making offers from offshore) with consumers in Indonesia and satisfy the applicable thresholds will be subject to the Regulation. The threshold will depend on the number of transactions, transaction value, number of delivery of packages and/or amount of traffic. Strikingly, the Regulation does not elaborate the actual threshold numbers. As such, we expect that these thresholds will be further regulated in an implementing regulation.
Once the thresholds are satisfied, the Regulation will deem a foreign business as:
As a consequence, a foreign business must appoint a representative domiciled in Indonesia. While the Regulation does not elaborate the requirements for appointing the representative, the Regulation expressly states that e-commerce transactions conducted by a foreign business will be subject to Indonesian tax. The concept of ‘Indonesian presence’ seems similar to the concept of ‘permanent establishment’ for foreign businesses under Indonesian tax laws. While there might still be some uncertainties, the underlying message of the Regulation is clear; the government intends to tap into the fiscal potential of revenue sourced and received by foreign businesses from e-commerce transactions in Indonesia.
Recognising the fact that the services provided by an e-commerce service provider or an intermediary service provider can be used by other parties to engage in unlawful conducts, these providers can be protected under the safe harbour rules. Similar to the safe harbour rules under the US’ Digital Millennium Copyright Act and the EU’s E-Commerce Directive, the Regulation gives a broad immunity to e-commerce service providers and intermediary service providers from the legal consequences arising from illegal third-party content.
As for intermediary service providers, the Regulation also discharges them from any liability for illegal content provided that such providers are acting as mere conduit. This will be evidenced by, among others, the provider’s lack of control over the transmission (including to modify the information). In addition, the Regulation also requires the providers to comply with the law, act in good faith and act expeditiously to remove or disable access to the illegal content upon knowing of its existence. If an intermediary service provider provides an ‘interactive computer service’ (layanan komputer interaktif), such as a social media platform, they will be discharged from any liability for restricting or removing access to a content if such action was carried out in good faith and based on a report that such content is illegal.
Cross-Border Personal Data Transfer
The Regulation also regulates personal data protection. Although these provisions are largely consistent with the rules imposed by other laws and regulations (i.e. the Electronic Information and Transactions Law5 and the electronic systems and transactions regulation), the Regulation does contain a provision on cross-border personal data transfer, which might be controversial.
Under the Regulation, a cross-border transfer of personal data can only be made to a country that is considered to have standard personal data protection at par with that of Indonesia. Whether another country’s personal data protection is at par will depend on the discretion of the Minister of Trade. This is unusual and as the Regulation has only been issued, it remains to be seen how the Minister will handle this and the consequences (if any) that may arise if one fails to observe such requirement.
Similar to the electronic systems and transactions regulation, the Regulation provides for certain administrative sanctions and the relevant regulator, in this case the Ministry of Trade (in cooperation with the relevant parties), can also temporarily block the services of an e-commerce service provider that has breached the Regulation.
With the enactment of the Regulation, it is clear that the prodigious growth of Indonesia’s e-commerce industry has finally pushed the government to act and explore a new source of fiscal revenue. We see this act most clearly through the thresholds and presence requirements.
Potential issues may arise with respect to the discretion afforded to the Minister of Trade for cross-border personal data transfer and to temporarily block the services of an e-commerce service provider. The assignment of a wide discretion to the Minister of Trade for a role that has traditionally been the domain of the Minister of Communications and Informatics, may open a pandora’s box of issues, particularly with regard to coordination and execution.
But at the end of the day, it will all boil down to enforcement. For now, the Regulation allows the government to put one foot at the door and it is finally time that e-commerce players in Indonesia start being vigilant and play by the rules.
AHP Client Alert is a publication of Assegaf Hamzah & Partners. It brings an overview of selected Indonesian laws and regulations to the attention of clients but is not intended to be viewed or relied upon as legal advice. Clients should seek advice of qualified Indonesian legal practitioners with respect to the precise effect of the laws and regulations referred to in AHP Client Alert. Whilst care has been taken in the preparation of AHP Client Alert, no warranty is given as to the accuracy of the information it contains and no liability is accepted for any statement, opinion, error or omission.