No, sharing passwords in Indonesia violates multiple laws, including the 2016 Law on Information and Electronic Transactions (UU ITE) and the 2022 Personal Data Protection Law (PDP Law), which prohibit unauthorized access to digital systems. Penalties range from fines to imprisonment under Article 30 of UU ITE and Article 66 of the PDP Law.
Key Regulations for Sharing Passwords in Indonesia
- UU ITE (Law No. 19/2016): Criminalizes unauthorized access to electronic systems under Article 30, with penalties up to 10 years’ imprisonment and IDR 10 billion fines. Password sharing may constitute “access without consent.”
- PDP Law (Law No. 27/2022): Mandates strict data protection, requiring explicit consent for data sharing. Unauthorized password disclosure breaches Article 66, risking fines up to IDR 6 billion or 5 years’ imprisonment.
- Bank Indonesia Regulations: Financial institutions prohibit password sharing under POJK No. 38/POJK.03/2016, classifying it as a breach of electronic banking security protocols.
Enforcement has intensified with the 2026 establishment of the Personal Data Protection Authority (OPDP), which will audit compliance. Corporate entities face vicarious liability for employee password-sharing incidents under Article 58 of the PDP Law.