Indonesia-US trade deal possible threat to data sovereignty

July 25, 2025

According to a joint statement on the framework for the prospective settlement published on the White House website on Tuesday, Jakarta agreed to provide certainty regarding personal data transfers from Indonesia to the US and eliminate tariffs on intangible products by recognizing the US as having “adequate” data protection.

Communication and Digital Minister Meutya Hafid wrote in a statement on Thursday that the negotiation was still ongoing, as previously conveyed by President Prabowo Subianto.

She added that the agreement could serve as a legal basis for protecting the personal data of Indonesian citizens when using digital services provided by US-based companies, such as search engines, social media cloud services and e-commerce.

“The government will ensure that data transfer to the US will not be carried out carelessly. On the contrary, the whole process will be conducted within a secure and reliable data governance framework,” Meutya noted, adding that the transfer would be carried out under “tight supervision of the Indonesian authorities, with high caution, based on the national law.”

On the same day, Coordinating Economy Minister Airlangga Hartarto said at a press conference that Jakarta had agreed to establish a secure protocol for managing cross-border data flows with the US, without elaborating.

“Cross-border [services] are not limited to the US and include other countries,” he noted, adding that Indonesia had prepared a range of such protocols, including one implemented in the Nongsa Digital Park special economic zone (SEZ) in Batam, Riau Islands.

Read also: Indonesia concedes on trade and data for US deal

Airlangga added that 12 US tech companies, including Amazon Web Services (AWS), Microsoft and Google Cloud, have complied with national regulations by building data centers in Indonesia.

Digital advocacy groups, however, have raised concerns over the agreement’s potential threat to domestic data rights and privacy, as well as compromised control over the country’s digital infrastructure.

Hendra Suryakusuma, chairman of the Indonesian Data Center Providers Organization (IDPRO), warned that allowing personal data generated in Indonesia to be transferred and analyzed in the US could undermine Indonesia’s digital sovereignty.

“We are at risk of losing our data control, whether it’s strategic, personal or open data. This may also lead to the potential of increased digital dependency,” Hendra told The Jakarta Post on Thursday.

He added that the local data centers could end up functioning only as “edge computing” or “hybrid cloud generators”, roles in which they would no longer serve as the main site for data processing.

This might cause prospective industry players to rethink their entry into Indonesia’s market, hindering investment, he said, noting that global tech firms that had planned to invest billions of dollars in data centers in the country might divert their investment to the US.

Domestic data center operators, internet service providers and state-owned power monopolist PLN could also miss out on significant revenue potential driven by demand for data storage and processing, which consumes large amounts of electricity.

Hendra also pointed out that the agreement could obscure legal boundaries outlined in the Personal Data Protection (PDP) Law, which requires electronic system operators, particularly those in critical sectors like education, banking and health care, to implement strong, onshore data protection measures.

“The personal data of Indonesian citizens is a strategic [resource]. If we say that data is the new oil, then it must be generated and processed domestically to become our asset,” he said.

Hendra urged the government to conduct a comprehensive assessment, preventing the cross-border data agreement from resulting in overdependence and diminished control, worsening already weak data security in the country, marked by breaches reported in the past few years.

The Institute for Policy Research and Advocacy for Society (Elsam) has also voiced concern over potential drawbacks of the deal and serious threats to Indonesia’s digital ecosystem.

In a press release published on Wednesday, Elsam described the digital trade deal as “unfair”, arguing that the agreement favored interests of US-based data storage companies over the protection of personal data.

It also highlighted the potential threat of mass surveillance of Indonesian citizens by US authorities, as well as risks from cross-border data flows, given that the Indonesian government has yet to establish a personal data protection body to oversee such practices.

“The absence of this institution, alongside fragmented cross-sectoral regulations, has led to weak oversight of the protection of personal data transferred overseas. This includes an increased risk of data leaks, misuse and violations of privacy rights,” reads the press release.

Read also: Government moving at snail’s pace in forming data protection body

Pratama Persadha, who chairs the cybersecurity watchdog Communication and Information System Security Research Center (CISSReC), said the agreement could help accelerate the establishment of an independent institution overseeing data protection.

However, he added that Indonesia should not overlook the looming risks from the free flow of personal data.

Controlled data management is directly linked to the added value of the digital economy, he explained, describing personal data and digital behavior as “essential raw materials” for the development of artificial intelligence, algorithm-based services and technological innovation.

“If not managed property, our data will only serve as a commodity exploited by foreign entities to build products and services that are then sold back to the Indonesian market,” he wrote in a statement on Thursday.

Indonesia should pursue a bilateral agreement to protect its digital rights, he suggested, adding that the country should also strengthen its digital infrastructure, research and the development of local digital talent to maintain technological independence.