Facebook was slapped on Tuesday with a second warning letter by Indonesia’s Ministry of Communications and Information Technology for having improperly shared Indonesian data users with political consultant Cambridge Analytica.
In a statement posted on its website, the ministry said it warned Facebook again in the letter, which was signed by the ministry’s Information Applications Director General Semuel Pangerapan, to explain the ministry how personal information from over a million Indonesian users have been used by a third-party application on Facebook.
The ministry gave Facebook the first warning letter during a meeting on Thursday, when Indonesia’s Minister of Communications and Information Technology Rudiantara summoned the company’s representatives to his office, after Facebook disclosed in a blog post on Wednesday that a large number of Indonesian users’ data had been shared with Cambridge Analytica.
In the meeting, Rudiantara said he asked them to provide the ministry with their audit results to see how personal information of Indonesian users have been used and asked Facebook to block third-party applications from accessing Indonesian users’ personal data.
Rudiantara said he already got in touch with Facebook representatives in Indonesia when initial reports of Cambridge Analytica scandal emerged and gave them verbal warning over possible data breach of Indonesian users.
He called for Indonesian users to “temporarily fast from using social media. If they really have to use it, please be really careful when sharing personal data.”
According to the chart in the post, written by Facebook Chief Technology Officer Mike Schroepfer, Indonesia and two other Southeast Asian countries the Philippines and Vietnam are among the top ten countries whose citizens’ personal data may have been harvested for Cambridge Analytica’s inappropriate use.
The chart shows data of 1.75 million users in the Philippines, which is second to US users, could have been leaked, followed by Indonesia as third most-affected with more than a million users. Vietnam’s some 427,000 users, which ranked ninth in the chart, are believed to have also been affected.
Rudiantara said he has asked police to probe alleged violations of electronic information and transactions law on the misuse of Indonesia users’ data. If Facebook is found guilty of violations, its representatives in Indonesia could face a maximum 12 years in prison and a fine of up to 12 billion Indonesian rupiah.
A Facebook spokesperson said they are strongly committed to protecting people’s information, and intend to make all the same privacy controls and settings available everywhere. They also said it has recently taken significant steps to make their privacy tools easier to find, restrict data access on Facebook, and make their terms and data policy clearer.
The spokesperson said the company believes these changes will better protect people’s information and they will keep the community updated as they make more change, and continue to work with privacy and information commissioners, and authorities, in Indonesia.
Indonesians are among the world’s most active social media users, consistently remain among the top five countries with the largest number Facebook users.
A survey conducted from Oct. to Nov. 2017 by the Indonesian Internet Service Providers Association and the Indonesian Telecommunications Society showed Facebook is the second most popular social media applications on smartphones, according to 66.5 percent respondents, after Instagram which is owned by Facebook, with 82.6 percent respondents.
The survey was conducted across the country, involving 1,020 respondents, more than half were high school and university students, followed by professionals and entrepreneurs.
The survey also showed 79 percent respondents object to having their personal data being transferred to another party without their consent. Almost all respondents, or 98 percent, said they acknowledged personal data shared online should be protected and that the government should issue a legislation regulating protection of personal data shared online.
Rudiantara said this data leak case calls for a momentum for lawmakers to start deliberating a government-sponsored personal data protection bill and pass it into law. In the absence of such a law, data protection is currently guaranteed by a 2016 ministerial decree.
He added despite the importance of having personal data protection law, the bill had failed to be listed in the House of Representatives’ 2018 National Legislation Program.
“I hope this users’ data breach case could push for the bill to be eventually included in this year’s national legislation program,” he said.
This story has been updated from its original version in Arab News