This article was written by Agung Sihombing and Muhammad Nur Mahatmanta from the Faculty of Law, Universitas Padjajaran. Article published for the ALSA Law Journal of Indonesia, a periodical scientific publication published by the Association of Asian Law Students of the Indonesian National Chapter with the theme of Cyber Law.
Article publication in the rubric “KLIKALSA” as a form of collaboration between KlikLegal and the Indonesian National ALSA Council (2018-2019 Period). This article is the author’s personal opinion, and does not represent the editor’s view of KlikLegal.
1.1 The Development of Technology in The Fourth Industrial Revolution and Its Challenges
As cliched as it may sound, any development in life must pose a new challenge. This also happens in the era of the Fourth Industrial Revolution which was first discussed in Germany in 2011, and was introduced by Professor Klaus Schwab at the World Economic Forum in 2015.[i] Revolution concerns a fundamental change in aspects of our life that is sudden. In the case of the industrial revolution, this has to do with changes in the process of technological development driven by innovation and inventions, resulting in the emergence of new types of technology at each stage of their development that people are utilizing. This phenomenon greatly affects aspects of human life, physically and virtually.[ii]
In the era of the Fourth Industrial Revolution, change is marked as the development of very rapid communication and connectivity by technologies that are very different from the previous three stages of revolution. The first three stages of the industrial revolution were only focused on the development of physical technologies and the discovery of technologies that have now been renewed and become simpler. Meanwhile, the fourth stage of the industrial revolution focuses on digital developments and seeks potential in modern technologies that are faster than ever.[iii]
One of the products of this era is the internet, or a massive digital space that connects users located within different parts of the world. Those “users” that take part in the internet usually utilize platforms, or intermediary facilities provided by providers of electronic systems to interact in the cyberspace. These platforms vary in use; some are used to trade, and others to transfer data. Examples of the most well-known platforms in Indonesia are namely Facebook, Youtube, Whatsapp, and Tokopedia. The more users, the more valuable the platform. This can be correlated to a market, where the more visitors and consumers come, the better the market opportunity.[iv]
Unfortunately, in some cases, the internet, and by extension platforms, have become a sort of breeding ground for criminal acts and infringement of rights. Consider the internet as flea markets, where goods are being traded towards users in a location that is under the oversight of a larger authority. However, the trade of these goods does not necessarily guarantee that those goods are real, legal, or were not the product of theft. The same can be said of certain services within the internet.[v]
The law generally provides a method on which people whose rights are violated through the internet could seek remedy. However, in light of the sheer number of potential violations, it is deemed unwise and ineffective to seek remedy for each individual breach. Returning to the flea market analogy; it is better to close the entire flea market (the platform) if it is already known that most of its shops sell illegal goods.[vi]
An understanding of the concept of accountability for platform providers that explains when and how the responsibility must be borne by the platform provider, and when the platform provider cannot be held liable for the user’s own mistakes is therefore required. The acknowledgement of this need is what gave way to the creation of “safe harbor”, which drew limitations of the liability of platforms.
The question that will be asked is whether the Indonesian cyber laws adequately address platform liability. Further more, considering the fact that platform liability has grown much further in practice in other countries, comparisons will also be made with the existence of safe harbor laws in other countries using the theory of law convergency approach.[vii]
- Notice: To notify towards users as to the type of data collected, the purpose of such collection, the method of collection, and the disclosure (or lack thereof) towards third parties.
- Choice: To provide the right to “withdraw” permission of data collection and dissemination.
- Onward Transfer: To guarantee that transfer of data will only take place to parties within countries that adhere to the principles.
- Access: To facilitate users to access and correct their own data.
- Security: To undertake “reasonable precautions” to ensure data security.
- Data Integrity: To use the data for and only for the purposes as agreed to by the users.
- Enforcement: Apply enforcement mechanisms to ensure compliance, such as creating government bodies towards which complaints could be lodged by the public.
- not receive a financial benefit directly attributable to the infringing activity;
- not be aware of the presence of infringing material or know any facts or circumstances that would make infringing material apparent; and
- upon receiving notice from copyright owners or their agents, act expeditiously to remove the purported infringing material, if that service provider wishes to be free from the payment of monetary relief of a breach.
- made best efforts to obtain an authorization;
- made, in accordance with high industry standards of professional diligence, best efforts to ensure the unavailability of specific works and other subject matter for which the rightholders have provided the service providers with the relevant and necessary information; and in any event
- acted expeditiously, upon receiving a sufficiently substantiated notice from the rightholders, to disable access to, or to remove from their websites, the notified works or other subject matter, and made best efforts to prevent their future uploads in accordance with point (b).
- To set out various terms and conditions in the operation of the platform which must at least include the details of the rights and obligations of both users and the provider; and provisions regarding accountability for the content uploaded;
- The company has a complaint about Prohibited Content, and has reported complaints and delays or blockages for specified timeframes within specified timeframes;
- To actively evaluate and monitor Merchants’ activities on their Platforms; and
- Obligations under the applicable laws.
- able to re-display Electronic Information and / or Electronic Documents in their entirety in accordance with the retention period stipulated by Legislation;
- able to protect the availability, integrity, authenticity, confidentiality, and accessibility of Electronic Information in the Implementation of the Electronic System;
- able to operate in accordance with procedures or instructions in the Implementation of the Electronic System;
- equipped with procedures or instructions announced with language, information or symbols that can be understood by the parties concerned with the Implementation of the Electronic System; and
- have a sustainable mechanism to maintain the novelty, clarity, and accountability of procedures or instructions.
- That the use of personal data must be based on the consent of the person concerned, as well as for the violation of a person who feels his right to be violated can sue for losses incurred; and
- Require providers of electronic systems to delete electronic data that is irrelevant at the request of the person concerned, and provide a mechanism for its removal in accordance with government regulations.
- The development of the Fourth Industrial Revolution has led to the advent of many things towards which the law should pay more attention. The internet, platforms, and their conductors are just few of those things. The recognition of the importance of this issue has led to the creation of the safe harbor concept, which addresses the limitation of liability of platforms towards certain infringements.
- The application of the concept of safe harbor varies between states. Originally an idea pushed between EU and the US, the two have separated within their approaches towards the limits of safe harbor. This can be seen as the law of the two states develop.
- Indonesia has applied the concept of safe harbor through a Circular, aimed to better regulate e-commerce and for-trade platforms. However, there are still problems within the application, such as the fact that the Circular itself is not binding. Moreover, the same depth of regulation cannot be found for non-e-commerce platforms and towards copyright infringement.
- End Note [i] Mix Xu and others, ‘The Fourth Industrial Revolution: Opportunities and Challenges’ (2018) 9 International Journal of Financial Research.. [ii] Danrivanto Budhijanto, Cyber Law dan Revolusi Industri 4.0 (LOGOZ Publishing 2019).. [iii] Klaus Schwab, The Fourth Industrial Revolution (World Economic Forum 2016).[11-12]. [iv] Maximilian Schreieck and others, ‘Governing Platforms in the Internet of Things’ (2011) 304 Springer.. [v] cf Danrivanto (n 2).. [vi] cf Gerard M Stegmaier, Digital Millennium Copyright Act – 2005 Supplement (Pike and Fischer, Inc. 2005).. [vii] Danrivanto Budhijanto, Teori Hukum dan Revolusi Industri 4.0 (LOGOZ Publishing 2018).. [viii] Christopher Escobedo Hart, ‘Social Media Law: Significant Developments’ (2017) 72 The Business Lawyer . [ix] Privacy Shield Framework’ <https://www.privacyshield.gov>, accessed 20 July 2019. [x] Paul Bernal, Internet Privacy Rights: Rights to Protect Autonomy (Cambridge University Press 2014).. [xi] Virtual liability is a developing concept derivated from the concept of virtual jurisdiction. Virtual jurisdiction is the convergence of the application of principles, rules, processes, and institutions that cover virtual legal subjects carrying out virtual legal actions that have the virtual and factual legal consequences. See also Danrivanto Budhijanto, BIG DATA: Virtual Jurisdiction and Financial Technology (FinTech) in Indonesia (LOGOZ Publishing 2018).. [xii] cf Julian Burnside, ‘Virtual Liability’ (1996) 29 Journal for the Australian and New Zealand Societies for Computers and Law [xiii] James v. Meow Media, Inc., 300 F.3d 683 (6th Cir. 2002). See also Perry A. Zirkel, ‘Virtual Liability?’ (2003) 84 Sage Journal. [xiv] Alina Yordanova Trapova & Maria Lillà Montagnani, ‘Safe harbours in deep waters: a new emerging liability regime for Internet intermediaries in the Digital Single Market’ (2018) 26 International Journal of Law and Information Technology . [xv] See: U.S. Code Title 17. COPYRIGHTS. Chapter 5. COPYRIGHT INFRINGEMENT AND REMEDIES. Section 512. [xvi] Hannibal Travis, ‘Opting Out of the Internet in the United States and the European Union: Copyright, Safe Harbors, and International Law’ (2008) 84 Notre Dame Law Review . [xvii] See: MGM Studios Inc. v. Grokster, Ltd, 545 U.S. 913 (2005), where the defendants lost against a similar claim. [xviii] Jennifer L. Hanley, ‘ISP Liability and Safe Harbor Provisions: Implications of Evolving International Law for the Approach Set Out in Viacom v. YouTube’ (2012) 11 Journal of International Business and Law . [xix] Ibid.. [xx] Alexandre de Streel and others, LIABILITY OF ONLINE HOSTING PLATFORMS: Should Exceptionalism End? (Centre on Regulation in Europe (CERRE) Report 2018). [xxi] Transaksi E-Commerce Indonesia Naik 500% dalam 5 Tahun’, (Katadata, 2016) <https://databoks.katadata.co.id/datapublish/2016/11/16/transaksi-e-commerce-indonesia-naik-500-dalam-5-tahun> accessed 11 July 2019. [xxii] Alex Comninos, The Role of Social media and user-generated Content in Post-Conflict Peacebuilding (Transitional Demobilization and Reintegration Program 2013).. [xxiii] Martin A. Weiss and others, ‘U.S.-EU Data Privacy: From Safe Harbor to Privacy Shield’ (2016) Congressional Research Service Report.. [xxiv] Kanina Cakreswara, ‘Tanggung Jawab Pengelola Tempat Perdagangan Online Atas Pelanggaran Hak Cipta’ (Master thesis, Universitas Indonesia 2016).[207-212]. [xxv] Miriam Buiten and others, ‘Rethinking Liability rules for Online Hosting Platforms’ (2019) Collaborative Research Center Transregio 224.. [xxvi] Masitoh Indriani and others, ‘Implementasi Peraturan Pemerintah Nomor 82 Tahun 2012 Sebagai Upaya Negara Mencegah Cybercrime Dalam Sistem Transaksi Elektronik’ (2014) 29 Yuridika.. [xxvii] Edmon Makarim, ‘Kerangka Kebijakan Dan Reformasi Hukum Untuk Kelancaran Perdagangan Secara Elektronik (E-Commerce) Di Indonesia’ (2014) 44 Jurnal Hukum & Pembangunan.. [xxviii] See: Law Number 12 of 2011 concerning the Establishment of Legislation. [xxix] Bambang Pratama, ‘Prinsip Moral Sebagai Klaim Pada Hak Cipta Dan Hak Untuk Dilupakan (Right To Be Forgotten)’ (2012) 2 Veritas et Justitia.. [xxx] Sutejo, ‘Kriminalisasi Pelanggaran hak Cipta di Indonesia Kepada Pengguna Akhir terhadap Perbanyakan Pengguna Program Komputer Tanpa Izin’ (Master Thesis, Universitas Indonesia 2012).. [xxxi] Annisa Syaufika Yustisia R., ‘Tanggung Jawab penyedia jasa File Hosting terhadap Pelanggaran hak Cipta Yang Dilakukan Pengguna’ (Master Thesis, Universitas Islam Indonesia 2013).. [xxxii] Ibid, . [xxxiii] William M. Landes and others, ‘Indirect Liability for Copyright Infringement: An Economic Perspective’ (2003) 16 Harvard Journal of Law and Technology.[395-396]. [xxxiv] Sutejo (n 27).[97-105]. [xxxv] Digital 2019 Indonesia’ (DataReportal, 2019) <https://datareportal.com/reports/digital-2019-indonesia> accessed 12 July 2019
1.2. Problem Identification
1.2.1 How did the concept of Safe Harbor emerged?
1.2.2 How do other countries regulate Safe Harbor?
1.2.3 How does Indonesia regulate Safe Harbor under its national law?
1.2.4 Is the Indonesian legal instruments sufficient in protecting the interests of all parties concerned under its Safe Harbor?
2.1 The Legal Concept of Safe Harbor
2.1.1 The History and Concept of Safe Harbor
Generally, the providers of services, conventional or digital, operate under the legal umbrella of “service providers”; that is, a service being sold as a product, whereby those who provide are then burdened with a certain level of duty of care towards consumers.[viii] The legal act of using these services, as is the case with the purchase of an object, involves the law of contracts that cover basic transactions. In addition, social media websites usually involve a myriad of things that necessitate other matters that require further legal attention. One such example is how copyright is usually underlined within the agreement between the service provider and the consumer. All of these legal obligations and the agreements upon which they are written always come in the form of terms and conditions.
The development of knowledge that service providers must be given a higher duty standard of care towards the data given towards them was the basis of the creation of the International Safe Harbor Privacy Principles, developed from 1998; an idea first proposed by The Organization for Economic Co-operation and Development (OECD) and the first to bring that idea to the international level. Previously, such concerns were only addressed regionally within the European Union. The document stressed the importance of adherence to the 7 principles of safe harbor:
As the principles are rather abstract, their implementation are dependent on how each states decide to interpret them within their regulations. The same can be said of the Privacy Shield, which up to this point is in contention in its application within the U.S.
These principles are non-binding, although tighter regulations that laid out stricter obligations based on these principles were put into force in the European Union, and were essentially a two-way conversation between the U.S. and the European Union. Throughout the following years, the two parties have even strayed apart within their approaches towards the limits of safe harbor: the United States adopting more lenient policies in regard to data protection as opposed to states within the Euroepean Union. These principles were in a sense “updated” with a new framework agreed upon by the U.S. and the E.U in 2016, which is the EU-US Privacy Shield (Privacy Shield). The framework was designed by the U.S. Department of Commerce and the European Commission and Swiss Administration to provide companies on both sides of the Atlantic with a mechanism to comply with data protection requirements when transferring personal data from the European Union and Switzerland to the United States in support of transatlantic commerce.[ix]
In addition to the development of the applicable principles, the idea of providers have also developed, as the services provided have become more varied. The advent of electronic services that allow members of society to interact virtually with each other through the internet, also known as social media, has been nothing short of a revelation. The ease of use and convenience of most of these services has reached a point where many people could not imagine how life would be without them. Moreover, the establishment of a sustainable system through the existence of things like advertisement spaces within those services has allowed them to be accessible, as most of these social media services are free. However, the depth of data being handed over by the users of social media to the providers, such as through their profiles, and the easiness of those digital data being misused when compared to conventional businesses that also process or store customer data has throughout the years given birth to a new concern. This is not unwarranted, as the misuse of those data, much of which is private data, could potentially violate privacy rights.[x]
The advent of media sharing sites such as YouTube, Imgur, and Vimeo have also given way to not just the trade and distribution of personal information, but also of created content. The involvement of this content also logically leads to the involvement of other branches of law, such as intellectual property law, and with it the complexity of how intellectual property laws interact with laws related to service providers on the internet. Indeed, this too has led to differences in approach in different jurisdictions. Nowhere is this clearer than the recent adoption of the European Union Copyright Directive and its provisions, most recently in May 2019, and the stark difference of its contents with the Digital Millennium Copyright Act of the U.S., two documents that apply different levels of liability towards internet service providers vis-à-vis copyright infringement.
Another concept that arises as a result of these virtual activities is a virtual liability.[xi] It is where the platform provider’s accountability can be questioned over the violation committed in real life or on the internet that is ‘affected’ or ‘related’ to the content available on the platform.[xii] This, for example, challenged in a case of shooting by Michael Carneal in Heath High School which caused deaths and injuries to his schoolmates as a result of ‘exposure’ from contents on the internet platform, such as a violent video games. For that question, the court concluded that there could not be proven a form of causation that could prove the platform provider’s negligence, nor the intention that could cause strict liability.[xiii] This emphasizes the importance to understand the basic limitations of platform providers’ liability in internet activity.
2.1.2 The Practices of Safe Harbor and Copyright
What the “safe harbor” concept essentially entails is protection; protection towards those who fulfil the prerequisites of a safe harbor provision from any blame or fault for a breach against another party.[xiv] That is not to say it clears companies from any wrongdoing, as they are only protected from breaches that are specific to those provided by the relevant safe harbor regulations. Originally, safe harbor provisions, such as that laid out within the now-invalid International Safe Harbor Privacy Principles, applied on a certification-basis. This means that companies had to apply to be certified of the protection, and that such certification had to be done regularly over certain periods of time.
However, modern safe harbor provisions, especially those related to digital services such as that contained within the Online Copyright Infringement Liability Limitation Act, that is a part of the DMCA which it itself amends Title 17 of the United States Code on Copyright, apply on a case-to-case factual-findings basis. For these type of provisions, the assessment of safe harbor provisions essentially only takes place in court, and that the court will find on the basis of the relevant facts whether a service provider is protected, giving merit to the possibility that the same provider could be liable for one breach but not another.[xv]
The question related to the limits of safe harbor, especially on service providers on the internet or platforms, is what has lately been a warm topic of debate. As is reflected between the difference in reception towards the abovementioned OECD effort, platforms and their liability also currently experience different levels of expectations, depending on if the applicable law are those from the E.U, or the U.S.
2.1.3 DMCA Safe Harbor
Section 512 of Chapter 17 of the United States Code of Law, which was amended by the DMCA, specifically Title II or the Online Copyright Infringement Liability Act, contained the basic provisions of safe harbor. The main idea behind these provisions were to favour those that would be protected from it. By limiting liability, internet service providers (or ISPs) would be incentivized to operate and develop.[xvi] Indeed, many cases have been ruled with the DMCA provisions as a basis. One well-known case is that between Viacom, a mass media company holding the copyrights of many television works, and YouTube, a globally-renowned video media platform.
The gist of the case facts is as follows: Viacom brought YouTube and its parent company Google to court after it had discovered the television shows towards which they held the copyrights to being uploaded by users without a license (a breach of its right to, reproduction, publication and display; three rights granted to copyright holders by U.S. copyright law). Viacom sought remedy from YouTube for being negligent and therefore bearing secondary liability. The case was finally brought to federal court in 2013, whereby the judge ruled in favour of YouTube by referring to the DMCA. The case had since been settled.
Judge Stanton, the presiding judge for the case within the District Court, took into account four questions in order to answer the problem of liability, all of which revolved around the concept of whether YouTube received financial benefit, was “aware” of the breach taking place, and the actions that it took upon knowledge of any breaches. This, in turn, refers to §512(c) of the U.S.C. where online service providers are required to
One can say that the DMCA safe harbor only expects online service providers to have a system that isn’t conducive to or encouraging infringements,[xvii] and that any infringements only need to be reacted to ex post.[xviii]
2.1.4 European Union Safe Harbor
The safe harbor provisions adopted by the European Union is a bit more restrictive, at least in the context of copyright infringements. The relevant regulation could be found within article 17 of the DIRECTIVE (EU) 2019/790 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 17 April 2019 on copyright and related rights in the Digital Single Market and amending Directives, or EU Copyright Directive. Previously, many believed that had the case between Viacom and YouTube be a dispute within the EU, the ruling would be more or less the same with what was decided by the US district court.[xix] However, the above 2019 addition to the applicable law on copyright could potentially change the status quo.
Article 17 calls for the need of authorization of the communication of copyrighted works. Paragraph 4 of the article addresses if authorization is not granted: If this is the case, the regulation would make liable any platforms for the communication of unauthorized works, barring the following being fulfilled by the platform:
One particular thing to note is the liability of not only removing works that are unauthorized, but also to prevent “their future uploads”. This is an extension not found within the DCMA version of copyright, and is one of the reasons why this document is so contentious. Indeed, if the applicability of copyright infringement within a given state within the EU could go as far as criminal liability, this could mean that platforms could very well be implicated in a criminal act should article 17 be applied within those states.
Safe harbor for e-commerce platforms can also be found within the EU E-Commerce Directive, agreed upon in 2000. The contents of the document reflect much of what was already acceptable as safe harbor limits at that time (before the copyright directive in 2019), where the principle of “mere conduit” is applied and therefore strongly limiting the liability of platforms under this regulation. The same could be said for platforms that are categorized as merely “caching” and “hosting” sites.[xx]
2.2 Safe Harbor Implementation and Copyright Infringement under Indonesian Law
2.2.1 Safe Harbor in Indonesian Cyber Laws
In response to the increasing number of internet usage in Indonesia, especially in the field of e-commerce,[xxi] the Indonesian government issued the Circular of the Minister of Communication and Information of the Republic of Indonesia Number 5 Year 2016 concerning the Limits and Responsibilities of Platform Providers and Trade Traders through Electronic Generated Content. User Generated Content (UGC) itself is a form of platform that allows users to create or upload their own content to the internet so that it is possible to be accessed by other internet users.[xxii]
The purpose of this Circular Letter is to support the implementation of electronic systems and provide legal protection for platform providers and merchants by ensuring their respective limits and responsibilities in conducting trading activities through electronic systems. Unlike the DMCA of 1998 which regulates the limitation of specific liability for copyright violation, the Circular regulates the limitation of liability for prohibited content in the form of negative content and illegal content. Negative content itself is defined as goods or services that contain pornography, gambling, violence and content on goods and services that violate other laws and regulations, while illegal content encompass goods and services that do not have permits such as weapons and explosive goods, drugs and prohibited foods, protected flora and fauna, hazardous chemicals, government subsidy houses, siri marriage services, and health-related content that is not in accordance with existing regulations.
When compared to the Safe Harbor concept that is applied to U.S and E.U companies, this SE has included several important components.[xxiii] One of them is to explain the obligations and responsibilities of each platform provider and its traders. To platform providers, this SE requires:
Regarding its responsibility, the Circular obliges the UGC platform provider to be responsible for the implementation of electronic systems and management of content within the Platform, unless when there is an error or negligence on the part of the merchant or platform users. This is consistent with the contents of the Law Number 11 of 2008 concerning Electronic Information and Transactions of Indonesia (ITE Law), specifically article 15, which will be elaborated below.
As for electronic users or merchants, Circular requires to provide clear details about the products sold, ensure that the products uploaded do not conflict with applicable laws in Indonesia, and comply with the stipulated terms and conditions or other related regulations. This Circular also regulates the merchant’s responsibility for the uploaded content, reports or complaints regarding the content or according to the terms and conditions of the platform provider.
However, there is still a hole that can lead to various interpretations, especially in the part of obligations and liabilities held by the provider of the platform itself. This Circular does not define the extent to which platform providers must monitor user activities. This could potentially lead to excessive monitoring, which can curb the activities and freedoms of platform users. In addition, even though e-commerce platforms are now implementing auto-filtering systems and notice and take down mechanism to block and erase negative or illegal contents,[xxiv] it does not escape system failures, allowing prohibited content to be missed.[xxv] The insecurity of platform providers liability is even exacerbated by article 28 of ITE Law which obliges electronic systems providers to be responsible for any failure of information systems.[xxvi]
When the Circular itself does not set clear limits on the accountability of e-commerce platform providers, we must bear the fact that the law also does not protect the platform providers’ liability in general. In fact, UGC-shaped platforms are also widely used as a means of social media, such as in BlogSpot, Twitter, Facebook, and others. These providers also need legal certainty so that they are not sued by any party for prohibited content upon which they should not be liable had they been covered by regulations such as the Circular.[xxvii]
In addition, in the Indonesian legal system, Circulars do not have binding legal force.[xxviii] The nature of Circular is only as an annotation or instruction to carry out certain matters on a regulation which are considered as unclear. It also does not have legal sanctions, so that any violators of the provisions may only be sanctioned only by imposing the regulations that are above the Circular, namely the Government Regulation of the Republic of Indonesia Number 82 of 2012 concerning Implementation of Electronic Transactions and Systems (PP 82/2012) and the ITE Law and its amendment in 2016.
While the Circular does not cover the platform providers in general, we can see the provisions from the three laws above regarding electronic system providers. ITE Law is a legal umbrella for the utilization of information and electronic systems that covers issues such as copyright, electronic transactions, disputes, jurisdiction and others. In article 15, the Law regulates the obligation of electronic system providers in general, where each provider is required to carry out an electronic system reliably, safely and responsibly. Regarding its responsibilities, this law states the Electronic System Operator is responsible for all the operation of the system, except in cases of coercion, error, and / or negligence by users of the Electronic System. Furthermore, article 16 lists the minimum requirements for electronic system operators, as follows:
Subsequent, the provisions for the provider of the electronic system are added to Law 19/2016, especially in article 26 which contains provisions including the following:
More specifically, Government Regulation Number 82 of 2012 regulates the implementation of systems and electronic transactions. Even so, it seems that the regulation also does not cover clear obligations and responsibilities by providers of electronic systems in the context of Safe Harbor. The provider’s responsibility is regulated in Article 27 where the electronic system operator is obliged to protect the user and the general public from the losses incurred by the Electronic System they are carrying out. Following, Article 28 also includes the obligation of the electronic system provider to be responsible for safeguarding and protecting Electronic System facilities and infrastructure.
The matter of criminal liability is regulated in chapter XI of ITE Law, namely Article 45 to Article 52 and followed by changes and additions stipulated in Article 45 to Article 45B of Act Number 19 of 2016. These provisions regulate the criminal penalty of both the perpetrators and those that allow the spread of prohibited content. However, these provisions do not discuss the limitations of liability at all. The limitation of liability is also determined entirely on the evidence in court regarding the extent to which the electronic system operator’s liability is forbidden content.
After dissecting the rules above, we can see that general principles have been included in the implementation of electronic systems such as the implementation of responsibility and protection of personal data. However, the regulation does not cover the actual Safe Harbor concept as stated in the DMCA. What’s more, the regulation does not cover liability for violations in the form of prohibited content such as pornography and copyright or intellectual property violations, which are the most common problems in limiting these liabilities.
Instead of fulfillng the need for protection of electronic system providers, the three regulations above seem to focus on the obligations of the sistem providers and data that are within the system alone, without providing protection for the system providers. The only provision that limits the liability of electronic system providers is only found in Article 15 (3) where the liability can be limited if it can be proven to be a situation of coercion, error, and / or negligence by users of the electronic system as said above.
2.2.2 Accountability for Copyright Infringement in Indonesia
In the context of copyright, Safe harbor is intended for providers of electronic systems to protect the copyright and privacy of the owners of uploaded content by giving notifications to uploaders and providing a means of reporting on the system for violations found by users.[xxix] However, these obligations and responsibilities are not included in the Indonesian Cyber Law, except in Circular Letters that specialize in the trading platform (which itself does not cover all available platforms, as many social media platforms are not for the purpose of trade and e-commerce and therefore outside the scope of the Circular elaborated above). While the issue of copyright itself is inclusive discussed in Law Number 28 of 2014 concerning Copyright (Law 28/2014). Although copyright basically concerns individual rights, the law also regulates articles about criminal penalty in it.[xxx]
As discussed earlier, the concept of copyright infringement covers two types of liability for violations, namely direct infringement, and indirect infringement. Indirect infringement is further divided into vicarious liability, and contributory liability or what is referred to as the concept of secondary liability. These forms of violations are not explicitly stated, but are implicit in the articles on criminal penalty.[xxxi]
Basically, direct infringement is a violation that is carried out directly and violates the exclusive rights of the creator by means of, among others, reproducing, announcing and renting out a work without a legitimate permit. The concept of accountability is borne by the perpetrators of their own violations.[xxxii] This differs from the concept of indirect infringement accountability, which allows the accountability of a person or body for violations caused by other people. Indirect infringement occurs when the perpetrator deals with objects that have infringed copyright law.[xxxiii]
The form of direct infringement can be seen implicitly in Articles 113 and 115 of Law 28/2014. The direct violation is marked by an act that directly and intentionally violates the rights of the copyright holder regulated in article 9 and article 10 of Law 28/2014. Article 114 is the clearest example of the form of indirect infringement in which the provider of the place of trade is prohibited from deliberately managing, knowing, and allowing copyright infringement in the place of trading. Whereas, Articles 112, 116, 117, and 118 of Law 28/2014 include concepts both direct and indirect infringement, where violations can be carried out directly against the rights of copyright owners, or by assisting in the form of distribution, leasing and provision of goods that have been have copyright. [xxxiv] Similar to the cyber law, this copyright law does not determine the limitations of liability, so that the limitation of liability depends on the evidence before the court.
By only assessing the above regulations, one will not find the limitations of accountability and protection of electronic system operators. This includes the provisions of the obligation of electronic system operators to avoid liability for violations caused by their users. It is different from the law that has been implemented in E.U-U.S which has provided guidance so that the liability electronic systems providers are exempted from infringement.
Thus, it can be concluded that the government has not paid attention to the importance of the accountability of electronic system operators in Indonesia. Although the Circular regulates the limitations of the accountability of e-commerce platform providers, this is far from enough to provide clear protection in general, primarily for the electronic systems providers in the form of social media platforms in Indonesia. This is compounded by the fact that there are 150 million internet users and 150 million active social media users from Indonesia. Each of these shows an increase of 13% and 15% from 2018. [xxxv] With that amount, the Indonesian government should have been more responsive in providing clear regulations in terms of Indonesian cyber law, especially in limiting the accountability of its platform providers to support Indonesia’s readiness in this era the Fourth Industrial Revolution.
Danrivanto Budhijanto, BIG DATA: Virtual Jurisdiction and Financial Technology (FinTech) in Indonesia (LOGOZ Publishing 2018).
Danrivanto Budhijanto, Cyber Law dan Revolusi Industri 4.0 (LOGOZ Publishing 2019).
Danrivanto Budhijanto, Teori Hukum dan Revolusi Industri 4.0 (LOGOZ Publishing 2018).
Gerard M Stegmaier, Digital Millennium Copyright Act – 2005 Supplement (Pike and Fischer, Inc. 2005).
Klaus Schwab, The Fourth Industrial Revolution (World Economic Forum 2016).
Paul Bernal, Internet Privacy Rights: Rights to Protect Autonomy (Cambridge University Press 2014).
Alina Yordanova Trapova & Maria Lillà Montagnani, ‘Safe harbors in deep waters: a new emerging liability regime for Internet intermediaries in the Digital Single Market’ (2018) International Journal of Law and Information Technology.
Christopher Escobedo Hart, ‘Social Media Law: Significant Developments’ (2017) 72 The Business Lawyer.
Bambang Pratama, ‘Prinsip Moral Sebagai Klaim Pada Hak Cipta Dan Hak Untuk Dilupakan (Right To Be Forgotten)’ (2012) 2 Veritas et Justitia.
Edmon Makarim, ‘Kerangka Kebijakan Dan Reformasi Hukum Untuk Kelancaran Perdagangan Secara Elektronik (E-Commerce) Di Indonesia’ (2014) 44 Jurnal Hukum & Pembangunan.
Hannibal Travis, ‘Opting Out of the Internet in the United States and the European Union: Copyright, Safe Harbors, and International Law’ (2008) 84 Notre Dame Law Review.
Jennifer L. Hanley, ‘ISP Liability and Safe Harbor Provisions: Implications of Evolving International Law for the Approach Set Out in Viacom v. YouTube’ (2012) 11 Journal of International Business and Law.
Martin A. Weiss and others, ‘U.S.-EU Data Privacy: From Safe Harbor to Privacy Shield’ (2016) Congressional Research Service Report.
Masitoh Indriani and others, ‘Implementasi Peraturan Pemerintah Nomor 82 Tahun 2012 Sebagai Upaya Negara Mencegah Cybercrime Dalam Sistem Transaksi Elektronik’ (2014) 29 Yuridika.
Maximilian Schreieck and others, ‘Governing Platforms in the Internet of Things’ (2011) 304 Springer.
Miriam Buiten and others, ‘Rethinking Liability rules for Online Hosting Platforms’ (2019) Collaborative Research Center Transregio.
Mix Xu and others, ‘The Fourth Industrial Revolution:Opportunities and Challenges’ (2018) 9 International Journal of Financial Research.
William M. Landes and others, ‘Indirect Liability for Copyright Infringement: An Economic Perspective’ (2003) 16 Harvard Journal of Law and Technology.
Annisa Syaufika Yustisia R., ‘Tanggung Jawab penyedia jasa File Hosting terhadap Pelanggaran hak Cipta Yang Dilakukan Pengguna’ (Master Thesis, Universitas Islam Indonesia 2013).
Kanina Cakreswara, ‘Tanggung Jawab Pengelola Tempat Perdagangan Online Atas Pelanggaran Hak Cipta’ (Master thesis, Universitas Indonesia 2016).
Sutejo, ‘Kriminalisasi Pelanggaran hak Cipta di Indonesia Kepada Pengguna Akhir terhadap Perbanyakan Pengguna Program Komputer Tanpa Izin’ (Master Thesis, Universitas Indonesia 2012).
Ray Jordan, “Jokowi: Anak Muda Harus Siap dengan Revolusi Industri 4.0”, (detikNews, 2018) <https://news.detik.com/berita/4035590/jokowi-anak-muda-harus-siap-dengan-revolusi-industri-40 >.
‘Transaksi E-Commerce Indonesia Naik 500% dalam 5 Tahun’, (Katadata, 2016) <https://databoks.katadata.co.id/datapublish/2016/11/16/transaksi-e-commerce-indonesia-naik-500-dalam-5-tahun> .
‘Digital 2019 Indonesia’ (DataReportal, 2019) <https://datareportal.com/reports/digital-2019-indonesia>.
‘Privacy Shield Framework’ < https://www.privacyshield.gov/welcome>.
Law of the Republic of Indonesia Number 19 of 2016 concerning Amendments to Law Number 11 of 2008 concerning Electronic Information and Transactions (State Gazette of the Republic of Indonesia of 2008 Number 58, Supplement to the State Gazette of the Republic of Indonesia Number 4843).
Law Number 12 of 2011 concerning Establishment of Legislation (State Gazette of the Republic of Indonesia of 2011 Number 82, Supplement to the State Gazette of the Republic of Indonesia Number 5234).
Government Regulation of the Republic of Indonesia Number 82 of 2012 concerning Implementation of Electronic Transactions and Systems (State Gazette of the Republic of Indonesia of 2012 Number 189, Supplement to the State Gazette of the Republic of Indonesia 5348).
Law of the Republic of Indonesia Number 28 of 2014 concerning Copyright (State Gazette of the Republic of Indonesia of 2014 Number 266, Supplement to the State Gazette of the Republic of Indonesia Number 5599).
Circular of the Minister of Communication and Information of the Republic of Indonesia Number 5 of 2016 concerning the Limits and Responsibilities of Platform Providers and Trade Traders through the Electronic System in the Form of User Generated Content.
Digital Millenium Copyright Act of 1998.
DIRECTIVE (EU) 2019/790 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 17 April 2019 on copyright and related rights in the Digital Single Market.
The Electronic Commerce Directive 2000/31/EC.
Alex Comninos, The Role of Social media and user-generated Content in Post-Conflict Peacebuilding (Transitional Demobilization and Reintegration Program 2013).
Alexandre de Streel and others, LIABILITY OF ONLINE HOSTING PLATFORMS: Should Exceptionalism End? (Centre on Regulation in Europe (CERRE) Report 2018).