Cookie Consent

Cookies are small text files that are stored on a user’s device (such as a computer or mobile device) by websites they visit. They serve various purposes and are commonly used in web browsing. Cookies enable websites to remember specific user preferences, such as language settings, login information, or items in a shopping cart. They also help track user behavior and provide personalised experiences by collecting data on website usage, pages visited, and interactions. These insights allow businesses to improve their websites, offer targeted advertising, and enhance user experiences. Cookies can be session-based, which are temporary and expire once the browsing session ends, or persistent, which remain on the device for a longer period. While cookies generally enhance user experiences, their use has raised privacy concerns, prompting regulations and policies to protect user data and ensure transparency in cookie usage.

The legal basis for requiring cookie consent in Indonesia is primarily established under Law No. 27 of 2022 on Personal Data Protection (PDP Law). This law mandates that valid consent must be obtained for any processing of personal data, which includes the use of cookies on websites. The consent must be in writing, whether manually or electronically, and in Bahasa Indonesia, although bilingual formats are allowed as long as Indonesian is one of the languages. This requirement ensures that users are informed about the use of cookies and have the option to consent to or refuse the collection and use of their personal data through such means

Provide a clear and easily understandable explanation of what cookies are, how they work, and their purpose in relation to the website or service.

Describe the different types of cookies used on the website, such as essential cookies, functional cookies, analytical cookies, and third-party cookies. Explain the specific functionality and purpose of each type.

Clearly state the types of data that cookies may collect, such as IP addresses, browsing history, or preferences. Explain how this data is used, whether for website analytics, personalization, or targeted advertising.

If third-party cookies are used, disclose the names of the third-party providers and explain their purpose. Inform users about any tracking technologies, such as pixel tags or web beacons, and their implications.

Provide information on how users can manage and control cookies. Explain how to opt-out of non-essential cookies or change cookie settings through browser preferences or cookie consent tools.

Explain how users can provide consent for cookie usage, such as through a pop-up banner, checkbox, or settings panel. Make it clear that continued use of the website implies consent to the use of cookies.

Inform users about their right to withdraw or revoke cookie consent at any time and provide instructions on how to do so.

Specify the duration for which cookies are stored on the user’s device and when they will expire.

Refer to the organization’s Privacy Policy for more detailed information on data protection, user rights, and data sharing practices.

State that the cookie consent document may be updated or revised periodically, and provide a date indicating the last update.

The cookie consent informs users about the use of cookies by providing clear and comprehensive information. It explains what cookies are and how they work, ensuring users understand their purpose and functionality. The document describes the different types of cookies used, such as essential, functional, analytical, and third-party cookies, and provides details on the specific data they collect and how it is used. It also discloses any tracking technologies and the implications they may have for user privacy. The document explains how users can manage and control cookies, including options to opt-out or change cookie settings. It outlines the consent mechanism, clarifying that continued use of the website implies consent to the use of cookies. Additionally, the document highlights the user’s right to revoke consent at any time. By presenting this information in a clear and accessible manner, the document empowers users to make informed choices regarding their cookie preferences and ensures transparency in the use of cookies on the website or service.

In Indonesia, the retention period for personal data, including data collected through cookies, should be clearly stated by the data controller prior to obtaining consent from the personal data owner. The data controller is also required to cease all processing of personal data once the retention period has lapsed. However, the specific duration of the retention period is not explicitly defined in the PDP Law and may vary depending on the nature of the data, the purpose of the data processing, and other relevant laws and regulations. It’s important for website owners to establish a retention period that complies with the PDP Law and to inform users accordingly in their privacy policy or cookie consent document.

In Indonesia, penalties for non-compliance with data protection regulations are outlined in Law No. 27 of 2022 on Personal Data Protection (PDP Law). The PDP Law empowers authorities to investigate and enforce actions against entities that violate data protection rules. Non-compliance can lead to administrative sanctions such as warning letters, suspension of data processing activities, deletion of personal data, and administrative fines up to 2% of the annual revenue. Additionally, criminal penalties include imprisonment for four to six years and monetary fines ranging from IDR 4 to 6 billion (approximately USD 285,000 to USD 430,000). For corporations, the monetary penalty can be ten times the maximum amount imposed on individuals. It’s crucial for organizations in Indonesia to adhere to the PDP Law to avoid these significant penalties.

If you don’t have a cookie consent notice on your website in Indonesia, you may be in non-compliance with the Law No. 27 of 2022 on Personal Data Protection (PDP Law). While the use of cookies is not specifically regulated, to the extent that cookies contain personal data, the provisions applicable to personal data will also apply. This means that valid consent must be obtained for any processing of personal data, which includes the use of cookies on websites.

Failure to comply with these regulations can result in administrative sanctions, such as warning letters, suspension of data processing activities, deletion of personal data, and administrative fines. In severe cases, non-compliance can lead to criminal penalties, including imprisonment and substantial monetary fines. It’s essential to ensure that your website’s use of cookies aligns with the PDP Law to avoid these potential consequences.