The Impact of the Peduli Lindungi Electronic System on Human Rights and Personal Data Protection

. With the pandemic that has lasted for 2 years, the government has made efforts to reduce the spread of the Corona Virus (Covid-19). With people able to go back to travel, the government issued the Peduli Lindungi application which was designated as an application to help detect the flow of spread and limit the growth of Covid-19. However, due to the nature of the application which relies heavily on personal data and community participation, this application raises concerns and issues in the field of personal data protection and human rights. This study uses a normative juridical research method. The approach in this study uses a statutory approach. The formulation of research questions in this research is first, what is the Impact of the Peduli Lindungi Electronic System on the Protection of Personal Data? And secondly, what is the impact of the Peduli Lindungi Electronic System on Human Rights? The conclusions from the research questions include, firstly, the Peduli Lindungi Application has the potential to violate personal data for the public, and second, the Peduli Lindungi application has the potential to violate human rights.


Introduction
The upheaval of the Covid-19 outbreak has changed the daily habits and lives of people around the world since the world was hit by the Covid-19 pandemic in 2020, most governments are implementing policies, actions, and restrictions as a form of effort to reduce the spread of the virus.On March 31, 2020, through Government Regulation No. 21 of 2020, arrangements related to Large-Scale Social Restrictions or PSBB were issued that allow local governments to restrict the movement of people and goods in and out of their respective regions, as well as restrictions on activities carried out at least including restrictions on religious activities, restrictions on activities in public places and facilities, and the scattering of schools and workplaces.When people can travel and activities outside the house, PT Telekomunikasi Indonesia Tbk (Telkom) and the Ministry of Communication and Informatics (Kominfo) issued an application, namely Peduli Lindungi Peduli Lindungi is an application developed to assist relevant government agencies in tracking to stopping the spread of Coronavirus Disease .This application relies on community participation to share location data on the go so that tracing contact history with people with COVID-19 can be done.Users of this application will also get a notification if they are in a crowd or the red zone, which is an area or village that has been recorded that there are people infected with COVID-19 positive or there are Patients Under Surveillance.Peduli Lindungi has several features such as Search, Tracking, Alerting, E-Certificate, Global Positioning System, and Digital Diary.This application will record the patient's movement data over the past 14 days, and connect with a mobile phone to produce a visualization of movement, the application system will provide alerts through the phones of people around the detected patient to run the ODP protocol (person in monitoring) [1][2][3][4].
So how does Peduli Lindungi work?When the user downloads Peduli Llindungi, the system will ask for the user's consent to enable location data.With active location conditions, the application will periodically identify the location and provide information related to the crowd and zoning of the spread of Covid-19.This tracking result will help the government to identify anyone who needs further treatment so that the spread of Covid-19 can be stopped.So that the use of this application relies on community participation to use Peduli Lindungi [1][2][3].

Objectives
The formulation of problems in this study include:  [6], Electronic System is a series of electronic procedures and devices that serve to prepare, collect, process, analyze, store, display, announce, send, and/or disseminate Electronic Information.

Personal Data Protection
According to the Indonesian Dictionary, Personal Data is information (in the form of the name, age, gender, etc) relating to an identifiable living individual [7].The ITE Law does not provide a clear legal definition of Personal Data or Personal Data Protection.Article 26 Paragraph 1 of the ITE Law, however, explained that Personal Data Protection is one part of a person's right to privacy, which includes: 1) the right to enjoy a private life and be free from all kinds of distractions, 2) the right to be able to communicate with Other Persons without being spied on, 3) the right to supervise information access regarding someone's personal life and data.Article 1 Paragraph 29 of Government Regulation No. 71 of 2019 on the Organization of Electronic Systems and Transactions further defined Personal Data as any data on a person which is identified and/or maybe identified individually or combined with other information both directly and indirectly through an Electronic System and nonelectronic system.
In this period, it rapidly became apparent that next to the benefits of digital technologies, they also brought along, among other things, previously unknown privacy risks that arose as the reality of collecting, processing, storing, and using data changed.It is important to stress at the outset that the right to privacy is a key concept of personal data protection [8].

Human Rights
The Indonesian Dictionary defined Human Rights as internationally protected rights (i.e the UN's Declaration of Human Rights), such as the right to life, the right to freedom, the right to own, and the right to express opinions.Law No. 39 of 1999 on Human Rights defined Human Rights as a set of rights that are inherent in the nature and existence of humans as creatures of God Almighty and are His gifts that must be respected, upheld, and protected by the state, law, government, and everyone for the sake of honor and protection of human dignity.Human rights are often held to be universal in the sense [9] that most societies and cultures have practiced them throughout most of their history.All societies cross-culturally and historically manifest conceptions of human rights [10].Human rights have high-priority.Maurice Cranston held that human rights are matters of "paramount importance" and their violation "a grave affront to justice" [11].If human rights did not have high priority they would not have the ability to compete with other powerful considerations such as national stability and security, individual and national self-determination, and national and global prosperity.High priority does not mean, however, that human rights are absolute.As James Griffin says, human rights should be understood as "resistant to tradeoffs, but not too resistant" [12].Further, there seems to be priority variation within human rights.For example, when the right to life conflicts with the right to privacy, the latter will generally be outweighed.they feel they are not benefited.

Research Methods
The research methods that the authors use in this case are qualitative descriptive with a juridical-normative approach.In this study, the authors analyzed the existing rules and collected data conducted through literature studies to find secondary data using primary, secondary, and tertiary legal materials.

How the Impact of Peduli Lindungi Electronic Systems Protects Against Personal Data Protection
Theories of privacy suggest that privacy is viewed in three aspects, which include non-intrusion into a person's space, non-interference with one's decisions, and having control over personal information [13].
In the modern era where mobile phone and internet users are experiencing growth people's lives today are so closely dependent on these two things in their daily lives.Information technology activities that are often used by people also often use their data in their activities.As explained in Law No. 23 of 2006 concerning Population Administration Personal Data is certain individual data that is stored, maintained, and kept true and protected by confidentiality.Referring to Law No. 19 Year 2016 concerning Electronic Information and Transactions Law, protection of personal data is part of a personal right that includes enjoying a private life and being free from all sorts of distractions, the right to communicate with others without intending to be spied on, and the right to supervise access to information about a person's personal life and data.
As an app used to help the government track, track and monitor the public to help to reduce the growth rate of Covid-19, Peduli Lindungi (just like other applications in general) depends on participation and personal data provided by users.When a user downloads and registers the Peduli Lindungi application, the user is required to enter personal data such as email address, phone number, full name nationality, date of birth, and National Identity Number or NIK.This is very important personal data as almost all population activities also use NIK.Activities such as Personal Identity Card, Family Card, diplomas, bank data, and so on.In addition, to carry out search and tracking features, users are required to enable location features on their phones.So that users will be able to be given certain notifications if the user enters a certain zone such as the red zone (recorded there are recorded cases of Covid-19 in the area), the yellow zone (indicating that there has been a suspected Covid-19 in the area or the village), and the green zone shows that the area does not have confirmed, suspected, or close contact cases of .The application also relies on the public (as well as requiring) to scan the barcode [1][2][3] QR code available at the entrance gate before you access the public facility, the result of this scan will determine the eligibility of the user to enter the public facility or not [14].
With the implementation of the Peduli Lindungi application that closely relies on people's data, issues related to the guarantee of people's data are also increasingly discussed.Such as the vulnerability of such applications to data leakage, as well as the obligation to activate locations that are considered to violate privacy limits.Peduli Lindungi's manager claims that the application is safe due to the integration of the application with the domestic data center.As the stored data is; 1) MAC address of users recorded by other Peduli Lindungi users who both activate Bluetooth, 2) User ID of the user obtained during the registration, 3) User location of the user obtained at registration, 4) the time at the time of contact occurred, and 5) the duration during contact occurred.Despite such claims, in 2021, Peduli Lindungi data such as National Identity Number, and President Jokowi's vaccine certificate were leaked and circulated on the Internet.Executive Director of Southeast Asia Freedom of Expression Network or SafeNet Damar Juniarto assessed based on the case that from the beginning of the creation of the Peduli Lindungi application did not have privacy standards and designs.Good at maintaining the protection of users' data [15].This sparked a debate and concerns regarding the vulnerability of the app to data leaks.In digital forensic expert Ruby Alamsyah, explained that the error in the Peduli Lindungi feature is less secure due to its verification method which only uses 5 things where the information can be easily obtained by others, namely: name, National Identity Number, date of birth, date of vaccine, type of vaccine.He judged that the government needed to review and change the methods used to verify the data.He suggests changing the verification method to make it more secure by using verification using OTP to the user's mobile number that matches the data in the recipient vaccine database [16].
Regardless of the concerns regarding the apps privacy policy and its data protection, it is still debatable whether the gives actual threat of personal data misuse or whether the app has implemented the personal data protection principles and does help reduce the spread of Covid-19.Indonesia is currently drafting a Personal Data Protection (PDP) Draft that leans into the EU's General Data Protection Regulation or GDPR, including the use of personal data protection principles.A.M Pratama and U.K Pati [17] analyzed the app with the personal data protection principles stipulated in Article 5 of the GDPR (as the Indonesian PDP Draft was not yet passed), though the app was found to implement the Lawfulness, Fairness, and Accuracy, the app has not yet implemented the principle of Transparency.Pratama and Pati explained that the role between the Ministry of Communication and Informatics and PT.Telkom Indonesia Tbk. in the collection, processing, and storage of personal data and supporting the app.The app sends geolocation data along with device identifiers to two endpoints one of which is an analytics endpoint hosted by PT Telkom Tbk.The data items sent to Telkom including a user's geolocation, device identifier, full name, and phone number, serve no clear purpose in protecting users from Covid-19.It is unclear from the app's privacy policy that these data items are sent to Telkom, how they are used by Telkom, and whether they are used for digital advertising [18].

How the Impact of Peduli Lindungi Electronic Systems Protects Human Rights
Historically, privacy and personal data may not be new.Although the International Covenant on Civil and Political Rights (ICCPR) explicitly mentions the term 'personal data', substantially the protection of personal data is part of everyone's privacy or private life.Protection of personal data is not only regulated in the regional conventions of the European Union (General Data Protection Regulation/GDPR), but also other regions such as Africa (African Union Convention on Cyber Security and Personal Data Protection) and Asia.In the ASEAN Human Rights Declaration (2012) it is expressly stated that personal data is part of privacy although it is not described in more detail.
In Indonesia itself, philosophically respect for privacy should also be understood as the embodiment of the second principle of Pancasila, namely Just and Civilized Humanity.The terms privacy and personal data have also been known and included since Law no.39 of 1999 concerning Human Rights.Furthermore, 'personal data' is also mentioned and regulated in various subsequent laws and regulations, such as among others; UU no.23 of 2006 jo.UU no.24 of 2013 concerning Population Administration, Law no.36 of 2009 concerning Health, Law no.43 of 2009 concerning Archives, Law no.11 of 2008 concerning Information and Electronic Transactions (UU ITE) and its amendments.In other words, in the current national legal system there is protection of privacy and personal data, but the conditions are indeed spread out according to the characteristics of each sector.Even though there is no special law, it does not mean that there are no provisions at all (legal vacuum) against the theft or leak of personal data.Moreover, with the existence of Government Regulation No. 71 of 2019 and also Government Regulation@ No. 80 of 2019 which also regulates the aspect of protecting personal data, every electronic system operator should comply with the legal compliance with the protection of personal data as stipulated in these laws and regulations.The two Government Regulations describe the principles of personal data protection based on best practices which have been accommodated in Article 2 paragraph (5) of Government Regulation No. 71/2019 and Article 33 of Government Regulation No. 80/2019 as well as the threat of administrative sanctions for non-compliance with these regulations.So how does the Peduli Lindungi app impact human rights?Issues related to human rights violations in Peduli Lindungi are often a concern of the community due to their user obligations that are very attached to community activities.As mentioned earlier, this application has been used to make it easier for the government to track Covid- 19 cases which then become a condition for individuals who want to enter public facilities by scanning QR codes [19].
The implementation of Peduli Lindungi is still limited to six sectors, namely: trade, transportation, tourism, offices/factories, places of worship i.e church and mosque, and Education.Indonesia is also not the only country that uses the application as a tool to track Covid-19, Singapore developed an application to track its citizens identified with Covid-19 named TraceTogether.India with Arogya Setu and Australia with CovidSafe [20].The obligation to use this application also causes problems due to the uneven digital access of the community.Based on data from the Ministry of Health as of September 25, 2021, only 9 million people accessed Peduli Lindungi, downloaded it 48 million times, and have about 55 million users every month compared with the number of smartphone users in the country recorded as many as 160.23 million people.Uneven internet access is also increasingly an excuse.According to the Badan Statistics Center, only 41.38% of Indonesia's population has used the internet until 2019.Of these, internet adoption between regions has an uneven number, in Jakarta which has the highest position with 73.46%, followed by Riau Islands and Yogyakarta with 65.02% and 61.73%.Meanwhile, adoption in Papua is only 21.7%.East Nusa Tenggara and North Maluku provinces also have low internet adoption with percentages of 26.29% and 29.13% respectively.Not only by region, internet access and adoption gaps also occur in the income distribution group.According to a World Bank report titled Beyond Unicorns: Harnessing Digital Technologies for Inclusion in Indonesia, the proportion of internet access in the group of the highest 10% of income reached 71% in 2019.That percentage is five times greater than the lowest 10% income group which is only 14%.Where this sharp income gradient shows the potential constraints of affordability in internet access in Indonesia.The sharp gap also occurs in terms of generation, education, and gender [21].
An example of the explanation above is if there are people who want to enter public facilities such as shops or shopping centers that are required to scan barcodes before entering.the area.If connected with the data mentioned above, then there will be many Indonesians who are not allowed to do activities in the mall, either as visitors or as workers/employees.This will limit certain activities due to certain layers of society that are not allowed to enter.So that restrictions on segmented communities can violate existing human rights provisions as in Article 11 of Law No. 39 of 1999 on Human Rights.Man, states that "everyone is entitled to the fulfillment of his basic needs to grow and develop properly."As this is also related to the fulfillment of basic needs such as shopping center, and restaurants mentioned in Article 27 Paragraph 1 of the Law "Every Indonesian citizen has the right to freely move, move, and reside within the territory of the Republic of Indonesia."The statement relates to there will be certain community groups that are prohibited from activities and mobility to certain places because they cannot use the Peduli Lindungi application.In fact, the freedom to move and move places in order to carry out activities is regulated in the Article [22].

Conclusion
Based on the above explanation, the following are the conclusions: 1. that the features in the Peduli Lindungi application that lacks privacy standards and designs, as well as with the occurrence of data leaks, both public data and presidential data, indicate that the application design has the potential to violate the public's right to privacy as stated in Article 26 Paragraph 1 of Law No. 11 of 2008 on Electronic Information and Transactions, as amended by Law No. 19 of 2019 2. that with the unequal digital access of the community which can cause certain parts of society to be restricted in carrying out activities due to not being allowed to carry out activities in public facilities to meet their daily needs is contrary to Article 11 of Law Number 39 of 1999 on Human Rights.
, and through the Decree of the Minister of Communication and Informatics No. 171 of 2020 as amended by the Decree of the Minister of Communication and Informatics No. 253 of 2020 which was completed by the Decree of the Minister of Communication and Informatics No. 159 of 2019, to support health monitoring and detect deployment flows supported by the postal and informatics sectors.