Indonesia Faces Data Breach Emergency: PERMIKOMNAS Questions Komdigi’s Role

Jakarta, October 24, 2025 – The National Association of Informatics and Computer Students (PERMIKOMNAS) has criticized the performance of the Ministry of Communication and Digital Affairs (Komdigi) following a series of personal data breaches, particularly the recent e-SIM data leak that has shaken public trust.

In its official statement today, PERMIKOMNAS emphasized that Komdigi holds a strategic responsibility in protecting citizens’ personal data and ensuring national cybersecurity. “As the institution mandated by the state to manage digital transformation, Komdigi should be at the forefront of preventing and responding to data breaches,” said Fadli, Chairperson of PERMIKOMNAS.

PERMIKOMNAS assessed that Komdigi’s response to the e-SIM data breach was slow and lacked transparency. The organization therefore urged Komdigi to take immediate, concrete actions — including system security audits, evaluation of digital service providers, and the implementation of stricter data protection policies.

“We call on Komdigi to enhance transparency and accountability in managing national data. Otherwise, public trust in Indonesia’s digital transformation will continue to erode,” Fadli asserted.

PERMIKOMNAS also urged the government to strengthen oversight of Komdigi’s performance, particularly in enforcing Law No. 27 of 2022 on Personal Data Protection (PDP), which explicitly designates Komdigi as one of the key supervisory authorities in data protection.

According to Article 59(1) of the 2022 PDP Law, the Minister of Communication and Digital Affairs is authorized to “oversee the implementation of personal data protection, including receiving reports of alleged violations, conducting investigations, and imposing administrative sanctions on violators.”

In addition, Presidential Regulation No. 106 of 2024 concerning the Ministry of Communication and Digital Affairs explicitly mandates Komdigi to “administer government affairs in communication, informatics, and digital transformation, including cybersecurity management and personal data protection.” (Article 3 paragraph 2, point d)

PERMIKOMNAS stressed that such authority must not remain a mere legal formality, but must be realized through concrete actions to safeguard citizens’ rights to privacy and data security.

“We will continue to monitor how this case is handled. If no significant improvements are made, PERMIKOMNAS does not rule out the possibility of organizing further actions to demand institutional accountability,” Fadli concluded.