Should Indonesia Block ChatGPT?

. The development of ChatGPT has raised so many concerns that several countries have banned it in their respective countries. Italy was the first Western country to deny it, albeit temporarily. Italy's action has prompted OpenAI to improve the ChatGPT technology to ensure that it meets the standards of consumer protection, data protection, privacy, and public security standards, as set out in the General Data Protection Regulation for European Union countries. This move by Italy raises the question of whether Indonesia should also block ChatGPT. The authors answer this question by examining data on Internet usage, its penetration of Indonesian citizens, and recent developments in regulatory provision and implementation. From the bibliographic research, the authors state that Indonesia is in a different bargaining position than Italy, even though the number of Internet users in Indonesia is far greater. The authors conclude that Indonesia will only benefit from blocking ChatGPT by first improving digital literacy levels and building regional cooperation


Introduction
ChatGPT stands for Chat Generative Pre-training Transformer.It is a software or model that uses humanlike language and writing styles, using the Internet as a database.This software was created by the American start-up OpenAI and supported by Microsoft and has been used by millions of people since its launch in November 2022 [1].In Indonesia, ChatGPT is still used on a limited basis, especially among academics.Practically, there has been no in-depth discussion of the disadvantages associated with its use [2].
Different developments occurred in Italy as the first European country to ban ChatGPT.The Italian regulator, known as the Garante, announced not only to ban the OpenAI chatbot but also to investigate their compliance with the General Data Protection Regulation (GDPR) which governs how people use, process, and store personal data [3].
But, on April 28, 2023, the San Fransisco-based ChatGPT's maker said that the AI chatbot has been available again in Italy after the company met the demands of regulators.OpenAI said it fulfilled a raft of conditions that the Italian data protection authority wanted satisfied by an April 30 deadline to have the ban on the AI software lifted [4], [5].
With a very low level of digital literacy, Indonesia faces challenges in using the cutting-edge technology of ChatGPT and other similar chatbots which is bigger than Italy.The problem is not only personal data protection that is of concern, but also the wider spread of misinformation, cybercrime, fraud, cheating on school assignments, as well as job threats.Because of these *Corresponding author: shidarta@binus.educoncerns, even luminaries such as Elon Musk have called for the suspension of these types of AI systems, fearing that the race to develop them will spiral out of control [6].
Based on this background, this article will answer the question of to what extent Indonesia should follow what Italia's Garante did by banning ChatGPT, at least temporarily until all these concerns can be overcome.It is reported that several countries have also blocked ChatGPT, including China, Iran, North Korea, and Russia [7].In his analysis, the author will look at Indonesia's bargaining position and whether it is necessary and able to follow Italy's steps.

Italian Case
The Italian Data Protection Authority (Garante per la protezione dei dati personali) is an independent administrative authority established in late 1996.This institution is also the supervisory authority responsible for overseeing the implementation of the General Data Protection Regulation (GDPR), which applies to all European Union countries [8], [9].
In March 2023, Garante announced that it discovered that some apps use ChatGPT but collect and store large amounts of personal data simultaneously.The activity aims to train the algorithms that are essential for the operation of the platform.The use of ChatGPT in the app immediately raised concerns when it showed minors' comments.It proves that the application did not select the age of its users.Garante then asked OpenAI to disable the ChatGPT.For this reason, OpenAI was given 20 days to resolve the issue.Otherwise, there will be a fine of €20 million ($21.7 million) or up to 4% of annual revenue [10], [11].
This step taken by Italy invited reactions from other European countries.For example, the Irish Data Protection Commission said it had also studied the basis for the action taken by Garante and would coordinate with all EU data protection authorities to consider similar action.Another reaction came from the Office of the Information Commission in the UK, which said it was ready to challenge OpenAI's non-compliance with data protection laws.However, it also emphasized that it would always support the development of artificial intelligence [12], [13].
Apart from the personal data protection authority, a substantial reaction to the note came from BEUC, an umbrella group for 46 independent consumer organizations from 32 countries.BEUC has asked European Union authorities to investigate ChatGPT and similar chatbots.Its reaction comes after a complaint was filed with the Federal Trade Commission and the Center for AI and Digital Policy over the impact of a version of Chatbot called GPT-4 on consumer protection, data protection and privacy, and public safety.According to BEUC, public authorities should control the AI system [14].BEUC's concerns are well-founded, as the European Union is still working on the world's first AI law, which is expected to take years to become effective.
After observing the strict actions taken by Italy and the reactions that emerged to support this attitude, OpenAI immediately expressed the organization's concern for protecting users' data.In its official announcement, OpenAI said that it had reduced the processing of personal data in training AI systems like ChatGPT because it wants its AI systems to learn more about the world, not about those private individuals.OpenAI supports the presence of AI regulations and is ready to work with Garante and will be open about the systems being built and used [15].

Lessig Theory
According to Lawrence Lessig, society in the digital era has four modalities and constraints that influence policymaking or regulation establishment.They are norms, laws, markets, and architecture (code).Lessig distinguishes between norms and laws.The norms he refers to are social conventions that are often found to be followed b----y members of society, while the law is a product of state authorities.He also mentions the architecture (code), which is the technical modality of an activity.Firewalls on the Internet, for example, provide an example of such an architecture.Lastly is the market, which is an economic force.The four modalities interact with each other to affect decision-making and regulation [16], [17].
By using Lessig's theory, the modality owned by Garante in Italy is the policy-making authority and law enforcement.Garante's decision to block ChatGPT is the positive law it produces.This positive law applies before the formation of patterns of community behavior.If Garante is late in reaching a decision, norms (as social conventions) will strengthen.Meanwhile, OpenAI is the nominal controller who decides whether to obey or disobey the decision.

Discussion
What was done by Italy was able to inspire OpenAI to improve the technology being developed immediately.The existence of Italy as one of the European Union countries proves that it has a more favorable bargaining position than if a complaint comes from similar authorities from non-EU countries.It should be noted that ChatGPT was previously blocked in several countries, such as China, Iran, North Korea, and Russia.It turned out that OpenAI did not react seriously enough to the blocking of these countries.
It means that if Indonesia does the same thing as China, Iran, North Korea, and Russia, it is inevitable that OpenAI will also need to provide an adequate response.Like Italy, Indonesia has a strong enough reason to temporarily block ChatGPT to protect its citizens from exploiting their personal data.However, is it true that Indonesia can take steps like those taken by Italy?
First, the threats to consumer protection, data protection, privacy, and public security are genuine when we look at Indonesia's large number of Internet users.These are the actual and potential users of ChatGPT.Internet users in Indonesia in 2023 have reached 233 million and are projected to reach 269 million people in the next five years [18].[20].
The use of ChatGPT is closely related to the needs of Internet users in study and work.It means that threats to consumer protection, data protection, privacy, and public security, which are of concern to many groups, will be closely related to users who are currently pursuing formal education and workers at a productive age.They are the ones who are vulnerable to danger.We can observe this from the data presented in Figure 2 regarding age-based Internet penetration in Indonesia.If we look at the above trends from the point of view of the age of Internet users, then the most excellent penetration occurs in the population aged 13 to 18 years, as much as 99.16% (see Figure 2).This age range belongs to residents who are at the junior high school and high school levels.Age under 18 years is included in the age of the child.The subsequent highest Internet penetration occurs in those aged 19 to 34, amounting to 98.64 percent.Only after that, penetration into the age range of 35 to 54 years was 87.30 percent [21].
The illustration above shows that the enthusiasm to use the Internet in Indonesia is indeed very massive, but the most significant percentage is under the age of 54 years.It means that the majority of Internet users are young or very young.The generation of population under the age of 35 is a group of digital society whose influence is getting stronger, bearing in mind that Indonesia is indeed facing a demographic bonus in the next ten years [22].
On the other hand, awareness of the importance of protecting personal data has not been taken seriously in this newly emerging democracy.When Indonesia enacted the Law on Electronic Information and Technology (Law No. 11 of 2008), the discussion on personal data protection had not become a concern for Internet users in Indonesia.Indonesia will take 14 years to enact the Law on Personal Data Protection (Law No. 27 of 2022).The Personal Data Protection Law has a message to form a Personal Data Protection Commission like Garante.Still, after waiting for more than half a year, there is no certainty regarding the commission's existence.
Before the commission's formation materializes, the responsibility for protecting personal data must remain in the hands of the Government of Indonesia through the Ministry of Communication and Informatics.This ministry plays a role in increasing the digital literacy of the community.Statistically, the digital literacy index in Indonesia has increased, even though it is still at the middle level [23].Figure 3 shows the situation is still quite worrying.Indonesia's digital literacy index score currently reaches 3.54 (on a scale of 1-5).This index is supported by four components, which consist of digital skills, digital ethics, digital safety, and digital culture.All details have increased in the last three years, except digital culture.Examining the data presented by the Ministry of Communication and Informatics is fascinating because most areas with a high level of digital literacy are off the island of Java, the most densely populated region.Yogyakarta is indeed in Java and has the highest index score, but the following provinces are West Kalimantan and West Papua.Only after that did the province of Central Java rank fourth [24].This kind of composition raises questions about the accuracy of the data, especially the correlation between the number of Internet users in an area and the literacy improvement strategies already running in that area.
Under these conditions, protecting personal data in Indonesia still requires a hard struggle to compete with the level of protection provided by the European Union countries.Business actors developing AI always use the GDPR applicable in the European Union as the primary reference, so Indonesia must also adjust its country's substance and application of personal data protection law to GDPR.What Japan has done by obtaining a resolution on the adequacy of personal data protection is a status that must be fought for.
There are many considerations for The European Parliament to adopt a resolution on the adequacy of the protection of personal data afforded by Japan.The most significant concern is that Japan is an important trading partner [25].It shows that the strength of Indonesia's bargaining position is not only based on similarities in substance standards and law implementation but also must be based on pragmatic trade interests.
Thus, we must understand Indonesia's concern about the negative impact of using ChatGPT broadly, namely not only in terms of maximizing consumer protection, data protection, and privacy, as well as public security for its citizens, but also providing similar protection for the community from its trading partners.
This protection must also include protection for all people who interact non-commercially, for example, for studies and research.Suppose OpenAI needs to pay more attention to the Indonesian people.In that case, it will also endanger any citizen interacting with Internet users from Indonesia at the inter-governmental and inter-citizen levels.
Indonesia may not have to follow the steps of Italy and countries such as China, Iran, North Korea, and Russia by blocking ChatGPT.Such a policy must be carried out with a well-thought-out strategy, namely by considering how long the blockage must be maintained.This means that Indonesia must have a high enough bargaining position to make OpenAI improve its AI system.On the other hand, the Government of Indonesia must also consider the people's enthusiasm for utilizing AI technology on the one hand and the level of legal protection, which is still very vulnerable on the other hand.If resolved later than possible, dilemmas like this will make Indonesia always only sit in the spectator seats.
The above description can be confirmed using the perspective of Lessig's theory.The Indonesian government cannot play the role of a policy-making and effective regulatory authority.In terms of norms, the situation is similar to in Italy, where social conventions still need to be well established.Many Internet users need help seeing how ChatGPT works so that make them not aware of the dangers.Because of this weak authority, technology owners still have rooms to create their technology architecture.In other words, they can then dictate laws and norms.This situation will worsen if the market then supports such kinds of architecture that secretly harms consumer rights in a digital society.
To strengthen Indonesia's bargaining position, the regional organization of Southeast Asian Countries (ASEAN) must be empowered.Legal harmonization among ASEAN countries today can start with protecting personal data for their citizens.It is already very urgent.This ChatGPT phenomenon should be a pressing new trigger to build the need to harmonize this law.

Conclusions
Indonesia should consider blocking ChatGPT and similar chatbots because it has a bargaining position that OpenAI and other AI technology developers think.As long as the Government and personal data protection authorities in Indonesia have yet to prepare adequate legal substance and implementation, the blocking will not provide much benefit to the Indonesian people.Indonesia's bargaining position in dealing with AI technology development is positively correlated with increased digital literacy and mutually reinforcing cooperation among regional countries, such as ASEAN.
Regarding law modality, the authors recommend the Government of Indonesia strengthen regional authorities in the ASEAN region to pay serious attention to the regulation of AI technology.ASEAN, which is claimed by many as the epicenter of global growth, will be an attraction for AI technology developers.Indonesia must ensure that the standards used by OpenAI in improving its users' data security protocols apply not only to many developed countries in Europe and North America but also to domestic Internet users.The duty to protect the data security of the Indonesian people is a non-negotiable priority.