Despite the economic uncertainty caused by the Covid-19 pandemic, Indonesia continues to be one of the fastest-growing digital economies in Southeast Asia. By 2025, Indonesia’s digital gross merchandise value (GMV) will hit $124 billion, up from $44 billion in 2020.
Cloud technology, which allows for the delivery of different computing services such as data storage, servers, and databases through the Internet, has catalyzed Indonesia’s digital economic growth. In 2019, Indonesia’s public cloud market was expected to grow from $0.2 billion in 2018 to $0.8 billion in 2023.
It has supported the advancement of small and medium enterprises (SMEs) by democratizing access to technologies and services that used to be available only to large enterprises. It has also enabled the government to provide better services such as the Cash-for-Training (Kartu Prakerja) program from the Coordinating Ministry of Economic Affairs and online learning initiatives from the Ministry of Education.
As more Indonesians come online and local businesses switch to cloud solutions, demand for cloud services is growing exponentially. The private sector has driven a significant part of this growth in cloud adoption. Grab, for instance, has used cloud computing technology to rapidly accelerate the digitization of SMEs by helping merchants with zero online presence get onboarded to the platform, set up digital payment and delivery systems, and access business analytics tools.
While the private sector has been the primary engine for cloud adoption in the economy, there is a tremendous opportunity for digital transformation in the public sector. The Covid-19 pandemic has helped governments realize the potential of cloud solutions, especially as they are forced to deploy digital services quickly to respond to citizens’ needs.
A recent survey by Alibaba Cloud found that 83 percent of executives in Indonesia believe that cloud-based tools help them cope with their needs during Covid-19, highlighting the uptick in
cloud service adoption in the country.
To truly leverage the cloud to spur the growth of Indonesia’s digital economy, it is imperative that the digital economy is empowered to embrace the cloud at speed and scale easily. The government’s cloud-first policy must translate into forward-looking regulations that promote, not hinder, cloud adoption.
To ensure that the Indonesian digital economy reaps the full benefits that cloud computing solutions have to offer, the government needs to address crucial aspects of existing policies that may impede the ability of the digital economy to adopt cloud solutions quickly, dampen innovation, and impact investments that drive growth in this space.
A 2020 Ministerial Regulation on Private Electronic System Operators (MR 5), 2018 Government Regulation on E-Government (GR 95), and the Personal Data Protection Bill all contain welcome improvements to the existing legal framework. However, there are provisions within these that create an uncertain and fragmented regulatory environment.
MR5, for instance, defines Electronic System Operators (ESOs) very broadly, essentially encompassing most types of electronic system providers that may not pose a risk to Indonesia’s national security, cause social and political unrest, or personal data breaches.
Cloud service providers are equated with other ESOs, including the likes of social media and search engines. That creates confusion over the responsibility of the cloud, especially over personal data, and grants excessive access for law enforcement and regulatory purposes. The potential inclusion of offshore entities is also a concern, along with the onerous registration
processes involved, details of which are not clear.
The Personal Data Protection Bill (RUU PDP), which regulates personal data processing in Indonesia, exempts data owners’ rights if their data are needed for the purpose of national defense and security, law enforcement, state administration, supervision of the financial or monetary sector, payment systems, or financial system stability. These exemptions are concerning because they provide the government with unfettered access to personal data.
In addition to RUU PDP, Indonesia also has restrictive data localization policies that make the Internet less accessible and secure, more costly and complicated, and less innovative. A recent study on cross-border data flows by ITIF notes that over five years, Indonesia’s gross economic output dropped by 7.8 percent while experiencing lower productivity and an increase in prices due to more stringent data restrictions from 2013-2018.
Specifically, for cloud service providers, data localization makes it impossible for them to employ cybersecurity best practices, such as through “sharding,” wherein data is spread over multiple data centers. This is particularly useful to SMEs who cannot afford to implement a robust security program.
The National Data Centre initiative, part of the legal framework for e-government services – GR 95, is an ambitious project intended to be a shared infrastructure/managed service to ensure efficiency among the Central and Local Governments. In preparation for the National Data Centre, which is targeted to be completed in 2024, Kominfo has issued two circulars that seem to be antithetical to supporting a holistic cloud computing environment for public agencies.
First, Circular 5/2020 requires all public agencies to seek Kominfo’s clearance before procuring data centers, including the ‘data center lease’ of cloud or disaster recovery centers. A second Circular – 3/2021 on the Use of Cloud for the Public Sector – indicated that cloud procurement does not require clearance. This contradicts Circular 5/2020, as cloud services can be considered a ‘data center lease’, and therefore would require Kominfo approval.
However, Kominfo’s stance for usage beyond 2021 is also unclear. Additionally, Circular 3/2021 states that while ministries and agencies “must prioritize integration into a National Data Centre, they may “use their own data centers to increase the availability and capacity of cloud computing services.” This implies that cloud is the second preferred option after the National Data Centre, which contradicts the objective of leveraging cloud services to strengthen the delivery of e-government services.
Unlocking the true potential of cloud to power Indonesia’s digital economy As policymakers and regulators seek to reap the benefits of cloud technology while managing its risks, it is
important to recognize that the legal and regulatory landscape for cloud is highly complex and as broad as the scope of the technology itself, spanning multiple industries and geographies.
Implementing a data classification policy that adheres to a risk-based data classification framework is fundamental in helping governments adopt cloud solutions. Recognizing the inherent security of the cloud architecture and the evolving nature of this technology will be critical to responsibly unlock the potential of cloud services for Indonesia’s public sector, businesses, and
Consistent, cloud-friendly policies that recognize the unique model of cloud, are aligned with industry best practices, and are harmonized with other cloud-related policies can be achieved by working closely with industry to develop regulatory frameworks that can effectively aid national efforts to stimulate the country’s cloud ecosystem and strengthen trust and participation by all stakeholders. Only then would the government be able to fully maximize the potential of cloud computing to drive the growth of the country’s economy as a whole.
Jeff Paine is managing director of Asia Internet Coalition, a trade association co-founded by eBay, Google, Nokia, Skype, and Yahoo! in 2010 to promote public policy issues about the Internet in the Asia Pacific region.