LAW COMPARISON ABOUT THE ONLINE PAYMENT GATEWAY IN INDONESIA AND INDIA

The world economic system now is growing very rapidly and makes a lot of changes in transactions. Along with the development of the world economic system and the rapid development of technology, the payment system in the world is also growing. Joel Kurtzman, in his book The Death of Money, 1993 he wrote “Money – in the traditional sense – no longer exists. It died two decades ago when Richard Nixon forever abolished the gold standard. Since then, money as we once knew, has been replaced by an unstable new global medium exchange that is called ‘megabyte-money’... megabyte money is a threat not only to our country's long-term growth and prosperity but to the individual as well.” The development of information technology provides convenience to money transfer via internet. 

There are currently so many electronic payments via the internet; for example, one online payment provider is PayPal. PayPal is a global online payment business allowing users to make payments and money transfer online. In the second quarter of 2020, there were 346 million active PayPal accounts worldwide, representing a 21 per cent year growth1. 

PayPal is available in more than 200 countries/regions and support 25 currencies2. This technology development also has the potential for violations of transactions or electronic payment, making it disadvantages for the payment gateway user. A Payment gateway is the access point to the national banking network. All online transactions must pass through a Payment gateway to be processed. In effect, Payment gateways act as a bridge between the merchant’s website and the financial institutions that process the transaction3. The payment gateway makes the transactions even from different bank accounts easily. This is one of the payment gateway advantages. An online payment gateway is a payment provider through the third parties. The online payment gateway process occurs after a payment order from the seller has been accepted by the payment gateway provider. There are some important points in payment through online payment gateway, such as there are buyer, seller, payment  gateway providers and acquiring bank as four main parties that are directly involved in the transaction; digital certification form guarantee as transaction security for the buyer when making a payment and it becomes the basis for forwarding payment instructions that the payment provider gateway will authenticate; credit cards, debit cards and electronic money are the main instruments used in payments through online payment gateway; the payment method between buyer and seller by money transfer with payment gateway.  

Until now, there is no regulation regarding data protection in Indonesia. Even though, there are certain regulations concerning the use of electronic data and payment gateway such  as Law No. 11 of 2008 concerning Electronic Information and Transactions has arranged some definitions relating to electronic information and transactions, principles and  objectives about electronic information and transactions and also about electronic  information, documents and signatures, operation of electronic certification and electronic systems, etc.; Law No. 11 of 2008 on Electronic Information and Transactions was amended to Law No. 19 of 2016 and has made several changes in Law No. 11 of 2008, i.e. on articles such as reducing the criminal threat, synchronizing the procedural law provisions in Article 43  paragraph (5) and paragraph (6) with the procedural law provisions in Code of Criminal  Procedure (KUHAP), adding provisions regarding “Right to be forgotten” in the provisions of Article 26, strengthening the role of Civil Servant Investigators (PPNS) in the Electronic Information and Transactions Law in the provisions of Article 43 paragraph (5) and also strengthening the role of Government in providing protection from all types of disturbances due to misuse of information and electronic transactions by inserting additional powers in the provisions of Article 40 etc.; Government Regulations No. 71 of 2019 concerning the Provisions of Electronic Systems and Transactions and its implementing regulation and also the Bank Indonesia Regulation No. 18/40/PBI/2016 concerning Operation of Payment Transaction  Processing.  

Different from Indonesia, India through The Reserve Bank of India, which is India’s central bank has arranged the implementation of PayPal in India. India has the Information Technology Act, 2000 which has been amended by The Information’s Technology (Amendment) Act, 2008 to arrange regarding electronic transactions. The Reserve Bank of India had issued a circular letter No. RBI/2010-11/281, Circular No. 17 on November 16, 2010, regarding the Processing and Settlement of Export related receipts facilitated by Online Payment Gateways. This circular letter allows the Authorized Dealer Category-I banks to offer the facility of repatriation of export-related remittances by entering into standing agreements with Online Payment Gateway Service Providers. On October 14, 2011, The Reserve Bank of India had issued a circular letter No. RBI/2011-12/221 which has arranged regarding the value per transactions that has been increased from USD 500 to USD 3000 for export-related remittances received through Online Payment Gateway Service Providers. The Reserve Bank of India also had issued a circular letter No. RBI/2012-13/528, Circular No. 109 on June 11, 2013, regarding the enhancement of the value per transactions from USD 3000 to USD 10,000. The Reserve Bank of India had issued a circular letter No. RBI/2015-16/185 on September 24, 2015, regarding the Processing and Settlement of Import and Export related payments facilitated by Online Payment Gateways Service Providers. Based on some India regulations above, it can be concluded that India has been specifically arranged the online payment gateway more than Indonesia. 

As mentioned above, as of 16 October 2020, Indonesia does not have personal data protection in a specific law, the regulation is still in Personal Data Protection Bill 2020.  

Meanwhile, the current regulations regarding data protection is still separate and scattered in several laws such as, Act No. 7 of 1992 as amended to Act No. 10 of 1998 concerning Banking law, Law No. 8 of 1997 concerning Company’s Document, Law No. 36 of 1999 concerning Telecommunications, Law No. 23 of 2006 as amended to Law No. 24 of 2013 concerning Population Administration, Law No. 11 of 2008 as amended to Law No. 19 of 2016 concerning Electronic Information and Transactions, Law No. 36 of 2009 concerning Health and Law No. 43 of 2009 concerning Archives and it only reflects the data protection in general.  

However, Minister of Communications and Informatics had issued Minister of Communications and Informatics Regulations No. 20 of 2016 concerning the Protection of Personal Data in an Electronic System4. Based on Article 26 paragraph (1) of Law No. 19 of 2016 and its elucidation, it can be concluded that the use of any information via electronic media relating to a person’s personal data must be made with the consent of the person concerned and in the use of information Technology, protection of personal data is one part of personal rights (privacy rights). Personal rights contain the following meaning such as personal rights are the  right to enjoy personal life and is free from all kinds of disturbances, personal rights is the right to communicate with other people without spying and personal right is the right to monitor access to information about a person’s personal life and data. In the Information Technology (Amendment) Act, 2008, the Government has notified the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011. The Rules only deals with protection of "Sensitive personal data or information of a person", which includes such personal  information which consists of information relating to: Passwords; Financial information such as bank account, credit card, debit card or other payment instrument details; Physical, physiological and mental health conditions; sexual orientation; medical records and history; biometric information5. Thus India’s law is much more specific than Indonesian’s law, India’s IT Act mentioned specifically and clearly about personal data protected in electronic transactions.