Personal Data Protection Authority: Comparative Study between Indonesia, United Kingdom, and Malaysia

The COVID-19 pandemic has increased the number of people connected to the internet. Based on data, internet users in Indonesia increased by 8.9% from 2018 to 73.7% (APJII, 2020). In addition, internet use is increasing in residential areas and residential areas (Kominfo, 2020). The development of Information, Communication and Technology Technology continues to progress, it needs to be accompanied by data protection regulations. However, Indonesia does not yet have a data protection regulation that can be implemented on the threat of cyber attacks. This research is aimed at finding best practices in data protection that can be applied in Indonesia. This study uses the Narrative Policy Framework (NPF). In the analysis, a comparison is made between data protection authorities to protect data in Indonesia and best practices in the UK and Malaysia, especially in post-pandemic conditions. This study aims to recommend solutions that strengthen data security protection in the post-COVID-19 era in Indonesia.

Using MALDI-TOF spectra in epidemiological surveillance for the detection of bacterial subgroups with a possible epidemic potential

Background For the purpose of epidemiological surveillance, the Hospital University Institute Méditerranée infection has implemented since 2013 a system named MIDaS, based on the systematic collection of routine activity materials, including MALDI-TOF spectra, and results. The objective of this paper is to present the pipeline we use for processing MALDI-TOF spectra during epidemiological surveillance in order to disclose proteinic cues that may suggest the existence of epidemic processes in complement of incidence surveillance. It is illustrated by the analysis of an alarm observed for Streptococcus pneumoniae.Methods The MALDI-TOF spectra analysis process looks for the existence of clusters of spectra characterized by a double time and proteinic close proximity. This process relies on several specific methods aiming at contrasting and clustering the spectra, presenting graphically the results for an easy epidemiological interpretation, and for determining the discriminating spectra peaks with their possible identification using reference databases. Results The use of this pipeline in the case of an alarm issued for Streptococcus pneumoniae has made it possible to reveal a cluster of spectra with close proteinic and temporal distances, characterized by the presence of three discriminant peaks (5228.8, 5917.8, and 8974.3 m/z) and the absence of peak 4996.9 m/z. A further investigation on UniProt KB showed that peak 5228.8 is possibly an OxaA protein and that the absent peak may be a transposase.Conclusion This example shows this pipeline may support a quasi-real time identification and characterization of clusters that provide essential information on a potentially epidemic situation. It brings valuable information for epidemiological sensemaking and for deciding on the continuation of the epidemiological investigation, in particular the involving of additional costly resources to confirm or invalidate the alarm. Clinical trials registration. NCT03626987Study authorization. This study has been allowed by the French Data Protection Authority (CNIL decision DR-2018-177).

Data Protection in the Public Procurement Process

Transparency is one of the fundamental principles in public procurement. At the same time, the General Data Protection Regulation (GDPR) requires all operators, whether public or private, to respect privacy and data protection. The study starts from the premise of avoiding sanctions and of complying with the obligations of the contracting authority by knowing the hierarchy of values protected by the regulations in force. An important role in ensuring compliance with the law is to correlate the activity of the data protection officer with the procurement department. The stages of the public procurement procedure will be analyzed in the most relevant aspects, from the publication in the Electronic Public Procurement System and the management of personal data submitted by bidders in the procurement procedures until the publication of the results. We will observe whether data protection can become an award criterion and the influence of bidding data breaches in procurement procedures. A sensitive issue is the protection of data transferred outside the European Union and, from the point of view of competition law, the consequences of the associations, and we will finally discuss some aspects regarding the corrective measures that the data protection authority may impose.

A Review of Personal Data Protection Law in Indonesia

The importance of protecting personal data issue starts strengthened along with the increasing number of telephone user mobile and internet in Indonesia. Several cases were sticking out, especially those that have a connection with the leak of personal data and leads to fraud or crime, strengthen the discourse on the importance of making legal rules to protect personal data. In Indonesia, the protection of personal data is related to the concept of privacy, which is the idea of safeguarding the integrity and personal dignity. Privacy rights are also an individual ability to determine who is holding their information and how the information is used. Currently, Indonesia’s long-awaited comprehensive draft Law on the Protection of Personal Data has been submitted by President Joko Widodo to the Chairperson of the Indonesian House of Representatives on January 24th, 2020. When passed, it will be the first framework legislation on personal data protection in Indonesia. This paper discusses and summarizes the progress of personal data protection based on the law and the regulatory authority in Indonesia. The result shows that there is a lack of explanation of the term data protection authority (DPA) in the final Bill submitted.

The Legal Status of the National Data Protection Authority in light of the Regulatory State Theory

Purpose ”“ The purpose of this paper is to investigate the adequacy of the legal nature of the National Data Protection Authority (ANPD), proposed by Law no. 13.853/19, to the reality of Brazilian Law, starting from the theoretical bases developed by the Regulatory State Theory regarding the valorization of the technical decision immune to political influences. Methodology ”“ This study adopts the doctrine revision of the Regulatory State Theory, aiming to point the theoretical bases on the autonomy of the regulatory entities, in order to make the comparison of adequacy between the legal nature of the ANPD placed in Law no. 13.709/18 and the material concept of administrative decentralization. Findings ”“ The study demonstrates that the Brazilian legal-political tradition will make it difficult for the National Data Protection Supervisor to act in view of its legal nature as a public body that is part of the structure of the Presidency of the Republic, which greatly relativizes its autonomy. Practical Implications ”“ The probable revision of the legal nature of the ANPD, as provided for in art. 55-A, §1, of Law no. 13.709/18, and the effectiveness of the performance of this National Authority. Originality ”“ A very current issue in the Brazilian legal environment is the suitability of the companies that will be affected by the entry into force of the General Data Protection Act (Law no. 13.709/18) in August 2020, due to the comprehensive potential of this law. This paper studies the legal nature of the National Data Protection Authority, a regulatory body that will have a relevant regulatory role in the data economy society, highlighting the relevance of the study to the sector.

Before and after enforcement of GDPR

Introduction The European Union’s (EU) General Data Protection Regulation (GDPR) was put in force on 25th May 2018. It is not known how many personal data protection requests the national authority in Croatia had received before and after GDPR, and how many of those were related to research. Materials and methods We obtained data from the Croatian Personal Data Protection Agency (CPDPA) about requests/complaints related to personal data protection that were received specifically from academic/research institutions, specifically the number and type of all cases/requests between the years 2015-2019. Results In 2018, CPDPA had a dramatic increase in the number of requests in the post-GDPR period, compared to the pre-GDPR period of the same year. In 2019, CPDPA received 2718 requests/complaints; less than in the year 2018. From 2015 to 2019, CPDPA received only 37 requests related to research. Conclusions Very few requests about personal data protection from academic and research institutions in Croatia were submitted to the national Croatian data protection authority. Future studies could explore whether researchers have sufficient awareness and knowledge about personal data protection related to research, to adequately implement the GDPR regulations.

Third-Generation European Data Protection Law and Professional Journalism

This chapter explores the legislative interface between data protection and the professional journalistic media under the General Data Protection Regulation (GDPR). Like the Data Protection Directive (DPD), the GDPR mandates that States adopt derogations ‘necessary’ for reconciling two competing fundamental rights. However, broadly mirroring the situation under the DPD, there remain considerable differences at local level. Northern European countries have tended to set out wide and deep derogations for journalism, whilst Southern and Eastern Europe have often stipulated that this activity adhere to strict data protection standards. These differences map on to broader cultural fissures as regards attitudes to individualism, uncertainty avoidance, and power differences in society. Nevertheless, these outcomes are slightly more balanced than under the DPD. In particular, almost half the States have set out partial statutory limits to the supervisory powers of the Data Protection Authority here. Approximately one-third of States also continue to formalize a co-regulatory connection between statutory and self-regulation. However, a widespread problem has emerged concerning the statutory treatment of media/news archiving. In sum, although the GDPR mandates derogations here, only around one-third of European Economic Area (EEA) States have explicitly provided that the journalism regime can apply to public interest archiving which is subject to its own default regime in the GDPR.