Terms of
Reference
Country Report
Indonesia and Regional Organization Report ASEAN regarding Data Protection
Regulation
Background
I.
Background information
Deutsche Gesellschaft
für Internationale Zusammenarbeit (GIZ) GmbH is a federal enterprise that
implements German development policy around the globe. As a provider of
international cooperation services for sustainable development and
international education work, we are dedicated to building a future worth
living around the world. GIZ has over 50 years of experience in a wide variety
of areas, including economic development and employment, energy and the
environment, and peace and security.
Privacy is a
fundamental human right recognized in the UN Declaration of Human Rights, the
International Covenant on Civil and Political Rights and in many other
international and regional treaties. The right to privacy underpins human
dignity, autonomy and is a foundation essential for many other human rights
such as freedom of expression and freedom of association. This applies offline
as well as online. Data protection regulation is thus essential to protect the
privacy of GIZ’s target groups and to avoid or reduce unintended consequences
stemming from data-driven and digital projects.
As a Federal
enterprise with two registered offices in Germany, GIZ adheres to the German
and European Data Protection Regulation whenever GIZ is the legally responsible
implementing party. In the majority of projects, the implementing partners such
as partner ministries are legally responsible though. In these cases, national
data privacy law of the partner country applies. These legal frameworks differ
greatly from country to country and in many settings, program activities may
take place across different jurisdictions.
In order to allow GIZ
employees a good start in dealing with data privacy issues during the design
and implementing phase of a project, GIZ compiles an overview of national data privacy
laws of the countries it is working in. In addition, GIZ developed Responsible
Data Guidelines (RDG) in order to provide guidance to its staff and experts on
how to deal with data privacy in countries with low or non-existing data
protection standards.
This assignment aims
at developing in-depths studies of the current data privacy regulation in
selected partner countries and regional institutions. The countries selected
stand for increasing digital and data-driven country portfolios of GIZ. Among
the selected cases is Indonesia and
the regional organization Association of
Southeast Asian Nations (ASEAN).
The in-depth studies
shall deepen the understanding and help to come to terms with data privacy
regulation against the background of questions like legal liabilities in the
respective country/territorial areas of application.
II.
Assignment
1 study for Indonesia including
one chapter on ASEAN is to be conducted and compiled in a report. The following
information is to be provided (compiled by desk studies and, if possible, local
expert interviews):
·
Presentation
of national legal data privacy framework(s) (scope of the framework; when was
the law passed etc.)
·
Timeliness
of the legal framework: is it applicable to digital data and the digital age
(e.g. does it also cover aspects such as personally identifiable information
such as cookies, IP-addresses and alike)
·
Formally
involved institutions – overview of authorities, their mandate and interaction
·
Law
enforcement mechanisms and living practice
·
Precedents
of the last 5 years
·
Civil
society organizations lobbying for data privacy and digital rights
·
Awareness
and public discourse around data privacy issues
·
Any additional
information regarding social and political contexts, which is deemed useful
·
Key
differences to the EU General Data Protection Regulation (GDPR), with a focus on
cross-border flow of data and data localization requirements
·
Role of
standards and conformity assessment for demonstrating compliance with
respective data protection regulations
·
Key challenges
of international industry with regards to data protection, legal data privacy framework,
technical market access
Furthermore, the
following issues shall be addressed specifically:
·
Implementation
and understanding of data privacy with relation to Sharia law / Islamic legal
systems
·
Data
privacy with relation to the sectors of governance, social assistance,
environment, economic growth, technical education and training, energy.
The Indonesia country report
shall also contain an executive summary, an additional chapter on ASEAN, and an
appendix containing additional technical information, a list of resource
persons, and secondary literature.
Structure of the
assignment
The assignment
requires specific knowledge on data privacy regulation in Indonesia and ASEAN, which
is not necessarily to find in one person / one consultant. Therefore, the
tender offers flexibility how to compile a team of experts. The study can be
conducted by a single expert or a team of individual experts respectively a
consortium of consultants covering the regional and technical requirements. In
the latter case, one expert/consultant would take on the role as lead
consultant towards GIZ. Another possibility is that one institution / one
consultant can provide or organize the knowledge required within its own
network.
The assignment is a desktop
study comprising up to 20 working days. There are no travels planned.
Qualification of requested expertise:
Lead
expert / lead consultant:
General qualification:
·
Expert with a minimum of 7-10 years of experience working on data
protection regulations
·
Research experience
·
Project management
Specific qualification:
·
Special field: Law or politics
·
Extensive experience working with legal frameworks (GDPR etc.) and
international data protection standards (FIP etc.)
Regional experience:
·
Working/research experience in Indonesia and/or ASEAN is an advantage
Language skills:
·
Fluency in spoken and written Bahasa Indonesia and English is mandatory;
German is an asset
Team
members / if relevant, members in consortium:
General qualification:
·
expert with a minimum of 5 years’ experience working on data protection
regulations
·
Research experience
Specific qualification:
·
Special field: Law or politics
·
Experience working with legal frameworks (GDPR etc.) and international
data protection standards (FIP etc.)
Regional experience:
·
Indonesia and ASEAN context
Language skills:
·
Fluency in spoken and written Bahasa Indonesia and English is mandatory;
German is an asset
Timetable
Deliverable
|
Estimated Due Date
|
First draft of report by
|
28.02.2019
|
Final drafts of report by
|
30.03.2019
|
III. Contract Duration
04.2.2019 – 30.03.2019
How to Apply:
Please send your recent CV's and Offering Letter to muhamad.balfas@giz.de
No comments:
Post a Comment