The development of information and communication technology has influenced the concept of identity, particularly because of innovative developments around digital identity.
The identity - initially understood as the foundation of an individual’s existence - now develops within the framework of digital information technology, reflecting the micro-scale characteristics, such as biometric data or behavior.
These developments have enabled many countries to modernize their identity systems - including India, which has developed Aadhaar, the largest biometric identity program, and a number of other countries, namely Kenya, Jamaica, the UK, and Indonesia.
In Indonesia, the policy regarding the national identity system was established in Law No 23/2006 on Population Administration, amended by Law No 24/2013 approving the establishment of an electronic identity card (E-KTP) system.
This legislation has been the main reference for the development of a national single identity system, applied within e-KTP, based on a specific population identity number (NIK).
NIK has become a key instrument, containing at least 31 items of personal data. It is requited to access social and political services, such as health insurance, electoral participation, and public services.
In the context of public service, the Indonesian government has conducted a partnership with more than 1,200 institutions, both public and private, regarding the e-KTP data access granting, specifically for the purpose of e-KYC (Know Your Customer).
This partnership aims to accelerate the process of identity verification, so as to reduce the security risks inherent in providing services like banking and other financial transactions. The partnership also includes the provision of feedback data from institutions which obtain e-KTP data access.
The challenges of identity protection are exacerbated in the context of specific sectors, for example, telecommunications, finance, and banking.
Accuracy of identity verification is of paramount importance in these fields - not only for security reasons. But also because fair access to these services can have a significant effect for a person. Those who are shut out of such services face potential stigmatization, exclusion, and discrimination.
The risk of being shut out of services in this way is worse for people from vulnerable groups, such as middle and working class women, children, indigenous people, minority religious belief groups, LGBTQ people, or groups who live in specific geographical areas.
Thus, in addition to emphasizing the human-centric approach, the development of digital identity must also specifically consider the needs and characteristics of vulnerable groups to ensure that there is no discrimination in identity development and verification.
Indonesia has faced prolonged problems around identity, leading to exclusion and discrimination against some parts of society - particularly people from minority religious groups, indigenous people, ethnic minority groups, and those with different political views from the ruling regime.
Therefore, developing systems that protect people's identity - including their digital identity - is a core part of the work of Institute for Policy Research and Advocacy (ELSAM), ensuring that malicious practices from the past will not reoccur.
Therefore, protecting privacy and security is an important measure to maintain a person’s dignity so that they will be able to enjoy their rights.
As explained by Clare Sullivan (2011), in the context of developing national identity systems, right of identity relates to right to privacy, so that the fulfilment of the said right cannot be an excuse to limit the right to privacy.
We, ELSAM, believe that identity security and privacy should be defined as the creation of a tough identity system for identity governance - in which the user can control each aspect of the identity attached to them.
It means that the right to identity is the right to self-determine and be acknowledged as a unique persona; while the right to privacy gives control and protection to the individual over their choice as a unique persona.
The connection between the two – identity and privacy - implies that identity systems must be built on respect and personal protection as an autonomous individual against all forms of exploitation and illegal use of one’s personal information.
Identity systems should not ignore user’s autonomy and fundamental freedom to determine their own self.
Thus, all decisions related to identity system development - including digital identity - should ensure the presence of consent and guarantee the availability of participation or intervention of the person.
If an error occurs in the formation of an identity or in decision-making related to that identity, it is a person who is a victim - not a system or device.