New OTT regulations in Indonesia and Thailand: inching towards a level playing field?
May23

New OTT regulations in Indonesia and Thailand: inching towards a level playing field?

New regulations are on the way that will impact providers of “over-the-top” (OTT) services targeting Indonesia and Thailand. Rapid digitalisation of multiple sectors in Asia is marking the dawn of a new era for policy and regulatory frameworks. Due to the availability of wireless broadband and prolific smartphone usage, OTT services such as mobile VoIP mobile applications, mobile instant messaging, online video and TV, and online music services have experienced unprecedented growth. Traditional onshore broadcasters and telecommunications companies have suffered at the hands of the availability of domestic and foreign OTT services which have cannibalised advertising and viewing figures, often whilst increasing strain on bandwidth. A key challenge in this new era is how to regulate the growing number of onshore and offshore OTT services. Examples include online global video services like Netflix and digital TV channels in Thailand that are broadcasting their programmes on OTT platforms, such as Workpoint and channels 3, 7 and 8. Other OTT services include transportation services like Malaysia’s Grab and Indonesia’s GoJek; communication tools like Facebook, LinkedIn, WhatsApp, Snapchat and LINE; as well as e-commerce platforms like Indonesia’s Tokopedia. Historically, OTT services which reach users via telecommunication companies’ networks have not required a licence or been required to pay any licensing fee; and in the case of offshore OTT services, have not been subject to local taxation. Policy-makers in Indonesia and Thailand are the latest to try to tackle this issue. Both have recently announced plans to introduce regulations aimed at OTT services. In this post, we look at the proposed changes and what they might mean for OTT services in these countries. What has changed in Indonesia? Offshore OTT services targeting Indonesia could find themselves subject to the payment of domestic corporate income tax in the country. The Director General of Tax issued Circular Letter 4/2017, which builds on the guidance set by Circular Letter No. 3/2016. The 2016 Circular states that applications and/or content services delivered over the internet can be provided by a foreign individual or business entity if they have a “permanent establishment” (known in Indonesia as a Badan Usaha Tetap or “BUT”). The primary aim of Circular Letter 4/2017 is to establish criteria to ensure that the owners and operators of foreign OTT services (which make their services available in and generate revenues from Indonesia) will be subject to the payment of domestic corporate income tax set out under Article 17 of Income-Tax Law 2000, equal to a 25% rate of taxable income plus 20% branch profit tax, the latter being a levy payable only by foreign entities. Why is the shift happening in Indonesia? The key driver...

Read More
Indonesia moves towards comprehensive data law – how will it impact your business?
Mar30

Indonesia moves towards comprehensive data law – how will it impact your business?

The current data protection landscape in Indonesia Until recently, Indonesia has had a largely patchwork approach to personal data protection. There is not currently a singular comprehensive data protection law or regulation; nor, for example, are there any regulations specifically addressing cookies and location data. Overall, the scattered guidance is found in regulations relating to employees; banks; criminal procedures; human rights; health; financial services; and the more detailed Electronic Information and Transactions Law (Law No. 11 of 2008) (“EIT Law“) and its implementing regulations, among others. In 2012, Indonesia passed Government Regulation 82 (“GR82“), implementing various aspects of the EIT Law but with a key focus on ensuring that electronic system operators for “public services” use Indonesia-based data-centres. The scope of “public services” is still somewhat unclear but it has the potential to cover both government organisations and certain public-facing private sector businesses (which may include certain organisations in banking, insurance, health, security, industrial services and social activities) that are serving an Indonesian customer base through some digital means or housing Indonesian data.[1] Companies have until October 2017 to comply fully with GR82. However, there have been some ministerial statements about relaxing this requirement and some concern across sectors that a data localisation requirement would limit the ability for affected organisations to take advantage of new technologies, such as cloud computing, which typically require some transfer of data across borders. The recently enacted Minister of Communication and Informatics (“MOCI”) Regulation No. 20 of 2016 regarding Protection of Personal Data in Electronic Systems (“Data Protection Regulation“), which became effective on 1 December 2016, is an implementing regulation of the EIT Law and GR82. It seeks to define personal data and to lay down some requirements for protecting it. In terms of jurisdictional coverage, the Data Protection Regulation is silent on whether it applies to organisations outside of Indonesia. In practice, the enforcement risk will of course be lower but as an implementing regulation of the EIT Law, organisations should assume that it will have extraterritorial coverage. In addition, organisations will want to comply as a matter of good business practice because, with the passage of these new requirements, internet users in Indonesia will come to expect certain minimum privacy protections to be applied by the companies they engage with. What has changed? In the Data Protection Regulation, MOCI stipulates requirements on personal data collection and data subject consent, personal data storage, analysis, processing, display, delivery, distribution and removal, including where the intention is to transfer personal data outside of Indonesia. These requirements appear to be largely in line with those contained in the protection laws of many other countries – although,...

Read More