Indonesia

Summary

Indonesia presents moderate-to-high risk driven by broad criminal provisions and a newly enforced personal-data law. ITE Law (Law 11/2008, as amended by Law 1/2024) Art. 30 prohibits intentional unauthorised access to computer systems; access to systems "with security devices" or to obtain information carries harsher penalties (6–8 years). Public pages likely fall below this threshold, but no authoritative guidance exists. Copyright Law 28/2014 allows limited fair use (education, research, security) but has no TDM exception; scraping copyrighted content for AI training is infringement. No sui generis database right. The PDP Law (Law 27/2022) became fully enforceable October 2024 after a two-year transition; enforcement is ramping up, the implementing Presidential Regulation and national DPA are expected in 2026, making this field fast-moving. No unfair-competition data-doctrine enforcement has been observed. Overall — crawling public, non-personal, non-copyrighted data is tolerable; personal data requires consent or a lawful basis; copyright in content must be respected.