In practice, this means Indonesia's recognition of the US cannot be a blanket waiver. Each data controller must evaluate case-by-case compliance to ensure that the citizens' rights are not diluted in the name of trade diplomacy.

Global frameworks offer valuable lessons. The European Union's General Data Protection Regulation (GDPR) ensures that protections“travel” with the data. Transfers to non-EU countries require either“Adequacy Decision” or“Appropriate Safeguards.”

Lacking both, derogations like explicit consent can be used, but only with clear communication of the risk involved. This also applies when data is transferred to non-EU countries (hereinafter referred to as“third country”).

China takes a more centralized approach. Under the Personal Information Protection Law (PIPL), companies must conduct a Personal Information Impact Assessment (PIIA) and use approved mechanisms, such as Cybersecurity Administration of China (CAC) contracts, certification or legal exemptions. Recipients must meet China's standards, with continuous oversight and separate, explicit consent from the data subject.

Regulations on international data transfers have a major influence on the global economy. If data becomes fully fragmented, global GDP could shrink by 4.5% and exports by 8.5%. On the other hand, having no regulations might reduce trade costs but also erode trust.

The most effective approach appears to be open data systems with proper safeguards, which could increase global GDP by 1.77% and exports by 3.6%, especially benefitting low-income nations.

While geoeconomic fragmentation still has negative effects, they are less severe than total fragmentation. International collaboration that supports both data flow and trust can lead to stronger economic performance worldwide.

The recent Indonesia-US Trade Agreement provisions on CBDT may benefit both existing and future data transfer arrangements by businesses.

For businesses already transferring data to the US, the agreement's potential adequacy recognition could provide greater legal certainty and clarity, establishing justification that their existing data transfer practices are in line with applicable regulations.

However, risks to data transfer and use remain, and it is therefore necessary to adhere to the existing regulatory framework while considering the interests of data owners on a case-by-case basis.

The private sector must assess data types, understand limitations and monitor the implementation of new US data transfer agreements. Relying on CBDT provisions without clear guidance risks non-compliance. To mitigate this, companies should conduct due diligence, ensure safeguards with data recipients and track regulatory updates.

Sign up for one of our free newsletters

• The Daily Report Start your day right with Asia Times' top stories
• AT Weekly Report A weekly roundup of Asia Times' most-read stories

The government must offer clear rules to ensure compliance with the PDP Law and build public trust. Legal certainty is essential for attracting investment, especially in uncertain times. While US relations matter, adherence to the rule of law will shape global trust.

The government must avoid the trap of treating data as mere numbers to exchange at will. As mathematician Clive Humby famously said,“data is the new oil,” and just like oil, if mishandled, it can pollute institutions, economies and democracies.

Indonesia must move beyond symbolic recognition to a rule-based, rights-centric digital trade policy. This means insisting on adequate protections, transparency in government negotiations and accountability in private sector implementation.

Amid intensifying global competition and fragmentation, a consistent and coherent approach to data governance will anchor Indonesia's credibility and sovereignty in the digital age.

Randy Taufik (LL.M.,MPP) is legal counsel and University of Oxford alumni specializing in corporate and tech law.

Ahmad Novindri Aji Sukma,M) is a regulatory compliance lawyer based in London and PhD researcher at the University of Cambridge.

Sign up here to comment on Asia Times stories Or Sign in to an existing accoun

Thank you for registering!

An account was already registered with this email. Please check your inbox for an authentication link.

• Click to share on X (Opens in new window)
• Click to share on LinkedIn (Opens in new window) LinkedI
• Click to share on Facebook (Opens in new window) Faceboo
• Click to share on WhatsApp (Opens in new window) WhatsAp
• Click to share on Reddit (Opens in new window) Reddi
• Click to email a link to a friend (Opens in new window) Emai
• Click to print (Opens in new window) Prin