Journal of Southeast Asian Human Rights, Vol. 4 Issue. 2 December 2020 pp. 449 – 474 doi: 10.19184/jseahr. v4i2.17289 © University of Jember & Indonesian Consortium for Human Rights Lecturers Biometric Data Sharing in addressing Irregular Migration and Security Issues within The Bali Process Framework for Indonesia and ASEAN Member States Masitoh Indriani Faculty of Law, Airlangga University Email: masitoh@fh.unair.ac.id Amira Paripurna Faculty of Law, Airlangga University Email: amira@fh.unair.ac.id Abstract The Bali Process Declaration on People Smuggling, Trafficking in Persons and Related Transnational Crime acknowledges the large scale and complexity of irregular migration challenges both within and outside the Asia Pacific region. As one of the efforts to decrease irregular migration in this region, the Regional Support Office of the Bali Process (RSO) was established in 2012 to support the implementation of the Bali Process. In this regard, the Bali Process led to an opportunity to develop the use of technology and biometrics data sharing in migration and border management. The purpose of this paper is to discuss the law and policy in addressing the issue of irregular migration in Indonesia. It also explores the development of the utilization of technology and biometrics in the area of migration, security and border management, as a measure in addressing the problem of irregular migration. The discussion focuses on the role and challenges of technology and biometrics data exchange in border management as one of the most important agreements on the Bali Process. This study finds that the gaps within the ASEAN member states in regulating privacy rights and data protection have caused the difficulties in sharing and exchange data/information particularly biometric data. The method used in this research is the doctrinal legal research, which is mainly referred to as library-based research. Keywords: ASEAN, Bali Process, Biometrics, Data-Sharing, Irregular Migration Biometric Data Sharing in Irregular Migration and Security within The Bali Process Framework 450 I. INTRODUCTION Irregular migration has increasingly become a major economic, social, humanitarian, political, and security concern for several countries across the continents. Irregular migration constitutes complex issues to countries of origin, transit, and destination, as well as to migrants themselves.1 The complexity of irregular migration makes it nearly impossible to manage on a unilateral basis by individual destination states. Instead, it requires meaningful cooperation between countries of origin, transit, and destination. Countries have responded to deal with the issue of irregular migration in many ways, for example by reforming their immigration laws, improving their border and management systems, and implementing regularization programmes.2 In terms of the improvement of border and management systems, the registration of irregular migrants and the collection of biometric data has become increasingly relevant for migration and border management in many countries.3 The European Union, for example, has built the Eurodac system to facilitate the exchange of data between national authorities in the European Union Member States. Under Eurodac regulation, it is mandatory for the Member States to comply with their obligation to collect and transmit biometric data of irregular migration.4 Another recent example of the collection biometric data for migration and border management is the biometric registration of Rohingya refugees from Myanmar in collaboration with Bangladeshi authorities.5 Under the biometric registration, the system6 records family relations as well as fingerprints and iris biometrics. The aim of the registration is to provide an accurate database on refugee movement. The data accuracy can support national authorities and humanitarian partners in assessing the need of the population and setting up program planning and aid targeting.7 There is a lack of legal framework within the ASEAN in dealing with the issue of irregular migration, for example, ‘the ASEAN Declaration on the Protection and Promotion of the Rights of Migrant Workers’ which was adopted in 2007 only concerns migrant workers. None of it addressed the issues of refugees or asylum seekers. Furthermore, among the ASEAN nations, only two (the Philippines and Cambodia) are parties the 1951 Convention, as well as the 1967 Protocol. The 1 2 3 4 5 6 7 UN ECOSOC, “Irregular migration, human trafficking and refugees” (2013) International Migration Policies (Statistical Papers - United Nations (Ser. A), Population and Vital Statistics Report) 91–99. Ibid. IOM, “Registration and identity management of irregular migrants in the EU” (2018) 12 Global Migration Data Analysis Center Data Briefing, online: . Ibid. Chris Burt, “More than half a million Rohingya refugees registered for biometric ID cards with UNHCR”, (2019), online: Biometric Update . Ibid. Ibid. Masitoh Indriani and Amira Paripurna 451 expectation to ASEAN to take on a more active role and formulate effective measure is high, and it has been argued that a significant response by ASEAN now would lend credence to its goal of becoming a caring community that maintains basic human rights, tolerance, inclusivity, and shared responsibility in dealing with transnational challenges.8 As one of the efforts to decrease irregular migration in the Asia Pacific region, the Regional Support Office of ‘the Bali Process’ (RSO) was established in 2012 to support the implementation of ‘the Bali Process’. The mounting migration crisis has led members of ‘the Bali Process’9 to recognize the necessity of a concerted reaction on this issue. The members of ‘the Bali Process’ have accepted to set up a mechanism of irregular migration.10 Further, in the year of 2016, The Bali Process Declaration on People Smuggling, Trafficking in Persons and Related Transnational Crime acknowledges the large scale and complexity of irregular migration challenges both within and outside the Asia Pacific region. ‘The Bali Process’ provides an essential sphere that allows the ASEAN member states to improve as well as to deal with the challenge of the standards and implementations around the human rights of irregular migrations.11 ‘The Bali Process’, more specifically, has led to the opportunity to develop the use of technology and biometrics data sharing in migration and border management. The emergence of biometric technology to deal with irregular migration issues by improving border management has several benefits, for example, during the biometric data collection will allow the country to speed up humanitarian aid distribution, reduce fraud, and overlap. However, from a human rights perspective, there is a critical issue with using biometric technology. In the absence of robust rights protections that are institutionally embedded to oversee the collection, storage, and use of such evidence, relevant practices are likely to infringe international human rights law standards specifically the rights to privacy and data protection. Employing a legal doctrinal methodology, this paper mainly discusses the critical questions related to processing biometric data in migration, border, and security management system from privacy rights and data protection perspective. This article consists of three parts. First, it discusses the existence of irregular migrations as the potential threat to national security, as well as the extent to which ‘the Bali Process’ has influenced Indonesia’s government policies in addressing the irregular migration issue. The second part traces the emergence of the utilization of technology and biometrics in Indonesian migration, border, and security management, as a measure in addressing the problem of irregular migration. The discussion focuses on the role of technology and biometrics data exchange in border management as one of the most important 8 9 10 11 Hoang Thi Ha & Ye Htut, “Rakhine Crisis Challenges ASEAN’s Non-Interference Principle” (2016) 2016:70 ISEAS (Perspective) . The Bali Process, “About the Bali Process”, online: Baliprocess.net . Richa Shivakoti, “ASEAN’s role in the Rohingya refugee crisis”, (2017), online: Global Is Asian . Khalid Koser, “Irregular Migration, State Security and Human Security” (2005) Global Comission on International Migration 33. Biometric Data Sharing in Irregular Migration and Security within The Bali Process Framework 452 agreements on ‘the Bali Process’. The third section identifies the challenges in implementing biometric data sharing based on the standards of ‘the Bali Process’ and the international human rights law framework. II. THE INDONESIAN GOVERNMENT APPROACH IN ADDRESSING IRREGULAR MIGRATION There is no clarity and universally accepted definition of irregular migration. Bastian Volmer referred to irregular migration as “the cross-border flow of people who enter a country without that country’s legal permission to do so”.12 Whilst other scholars such as Christa Straßmayr, C, et.al, outlined irregular migration as “a form of migration in which the rules of entry or residence have been disregarded at some point during the migration process”.13 Further, IOM has also provided a more diverse perspective on irregular migration, “Movement that takes place outside the regulatory norms of the sending, transit and receiving countries. From the perspective of destination countries, it is entry, stay or work in a country without the necessary authorization or documents required under immigration regulations. From the perspective of the sending country, the irregularity is for example seen in cases in which a person crosses an international boundary without a valid passport or travel document or does not fulfill the administrative requirements for leaving the country.”14 From these various definitions and perspectives, it can be said that irregular migration includes a variety of migrations, conditions, and status that conflict with the rules and regulations related to migration. Irregular migration status not only comes from refugees and rejected asylum seekers, yet it may emerge from lawful legal entry. Besides, involving in prohibited work unauthorized outstaying of temporary visas, such as outstaying of tourist and residence visa, may cause them to enter into irregular migration status. The issue of human trafficking and people smuggling can also be classified as an irregular migration issue.15 12 13 14 15 Bastian Vollmer, Irregular migration in the uk definitions pathways and scale (2011). Christa Straßmayr et al, “Mental health care for irregular migrants in Europe: Barriers and how they are overcome” (2012) 12:1 BMC Public Health 367. IOM, “Key Migration Terms”, (2015), online: International Organization for Migration . Ministry of Foreign Affairs of Republic Indonesia, “Transnational Crime”, online: Portal Kementerian Luar Negeri Republik Indonesia . Masitoh Indriani and Amira Paripurna 453 In regards to the influx of irregular migrations, the question then arises whether the migration dynamics are a threat to national security. Irregular migration remains a key issue all over the world. Rüland observed that the ambiguity of globalization has brought the increasing similarities of security challenges across the continents.16 In this context, for example, there is a convergence of security challenges in Southeast Asia and the OECD world, although differences in scope and approaches to tackle them remain.17 Adding to this, Rüland argued that Southeast Asia is also confronted with possibilities of inter-state wars, other conventional security risks, and non-conventional security risks. The conventional security threats such as territorial disputes and arms races have subsided in the last ten to fifteen years. While, the non-conventional security risks are emanating from international terrorism and organized crime, separatism and piracy, irregular migration, environmental issues, energy shortages, economic crises, and epidemics such as HIV/IADS and SARS.18 Koslowski identified that irregular migration may threaten the security of the state.19 The viewpoint that migration may bring internal security at a risk has emerged since the 1980s.20 In recent years this notion has heightened, particularly after the 9/11 terrorist attacks, immigration has been highlighted on the counter-terrorism agenda. Spencer noted that many countries have adjusted immigration policies to prevent terrorist activities by tightening their immigration policies,21 for example, the Schengen Agreement of 14 June 1985 and the Dublin Convention. The latter Convention has associated immigration with three issues; terrorism, international crime and border control.22 Besides terrorism, it is also necessary to place the issue of immigration and asylum under the security framework, as heightened incidents or human trafficking/smuggling.23 By placing and labelling immigration issues as a potential threat to internal or state security there are several consequences to rules and regulations, 16 17 18 19 20 21 22 23 Jürgen Rüland, “The Nature of Southeast Asian Security Challenges” (2005) 36:4 Security Dialogue 545–563. Ibid. Ibid. Rey Koslowski, Possible Steps towards an International Regime for Mobility and Security (Stockholm, 2004). Jef Huysmans, “The European Union and the Securitization of Migration” (2000) 38 Journal of Common Market Studies 751–777. Alexander Spencer, “Linking Immigrants and Terrorists: The Use of Immigration as an AntiTerror Policy” (2008) 8:1 The Online Journal of Peace and Conflict Resolution 1. Jef Huysmans, “Migrants as a security problem: Dangers of ‘securitizing’ societal issues” in Diethrich Thranhardt & Robert Miles, eds, Migration and European Integration: The Dynamics of Inclusion and Exclusion (London : Madison N.J.: Fairleigh Dickinson Univ Pr, 1995) 53. Jef Huysmans, The Politics of Insecurity: Fear, Migration and Asylum in the EU , New International Relations Series (London: Routledge, 2006). Biometric Data Sharing in Irregular Migration and Security within The Bali Process Framework 454 public policies, legal norms as well legal procedures in legitimizing responses and measures. The implication, for example, may legitimize the government to undertake measures in conducting larger surveillance and more restrictive procedures. In return, such measures and responses may affect the migrants involved. A policy to deny the access of asylum seekers to safe countries, for example, may push this asylum seeker to fall into the trap of human smugglers. However, there are some contentious arguments against the view that irregular migrations threaten state security.24 There are two common presumptions about irregular migrations that are considered over-generalizations. The common assumptions include the involvement of irregular migrants in unlawful actions as well as related to the escalation of deadly illnesses perceived to be carried by the irregular migrants, such as HIV/AIDS. Therefore, there are contentious arguments around the notion that irregular migration brings national security into risk and may threaten the security of the nations. It is argued that this notion is often a misperception and needs to be reviewed thoroughly.25 Irregular migrants are often subjected to negative objectives and lack of verification. As such further investigation and examination, careful accessible and verified data as shreds of evidence, coordinated communication of media, government, and community are needed before claiming irregular migration threatens national security. Irregular migration does feature in critical figures, but in most countries, it is a rather small ratio of the whole sum of migration. Previously, most of the states in the Southeast Asian region viewed irregular migrations under the ambit of national security.26 This common notion has been reflected through the ways many countries in the Southeast Asian region deal with the refugees from Indochina which occurred in the 1970s.27 During that time, three countries—Malaysia, Singapore, and Indonesia deployed their armed forces to block the refugees, so it would prevent the refugees from arriving and entering their territories.28 Furthermore, in many Southeast Asian countries, the transit camps that are available for the refugees are generally unpleasant. There has been a 24 25 26 27 28 See Julia Tallmeister, “Is Immigration a Threat to Security?”, (24 August 2013), online: EInternational Relations . Koser, supra note 11. Alan Dupont, “Refugees and illegal migrants in the Asia-Pacific region” in William Maley et al, eds, Refugees and the myth of the borderless world (Canberra: Department of International Relations, Research School of Pacific and Asian Studies, Australian National University, 2002) 'Keynotes’ (2): 9. Caroline Lavoie & Raymond B Knock, “The ASEAN and International Response to the Southeast Asian Refugee Crisis: A Canadian Perspective” (1990) 18:1 Southeast Asian Journal of Social Science 43–65. Antje Missbach, Troubled Transit: Asylum Seekers Stuck in Indonesia (Singapore: ISEAS–Yusof Ishak Institute, 2015) Google-Books-ID: QikcDgAAQBAJ. Masitoh Indriani and Amira Paripurna 455 critical upsurge to implement a policy of immigration detention.29 These conditions show the approach employed by the countries in this region. They tend to treat irregular migration as a security issue. They also intensively focus on policing borders.30 Unavoidably, the WTC bombings in the US and the Bali Bombing attacks have positioned terrorism as being of the greatest importance to Indonesia and more generally the ASEAN’s political agenda.31 Thus, it also becomes the driving factor for the securitization of migration into Indonesia. All forms of policy or cooperation mentioned above are related to the effort to deal with the irregular entry of immigrants and prevent national security hazards including terrorism. The securitization of migration in Indonesia32 lies in the policies and rhetoric that is disseminated to the public domain regarding the migration of foreign nationals into Indonesian territory.33 Some laws and regulations reflected the process of a security-based policy of migration in Indonesia for example, the Immigration Act No. 6 of the year 2011 (hereinafter Immigration Law 2011), the Directorate General of Immigration Regulation No. IMI1489-UM-08-05/2010 on Management of Illegal Immigrants (hereinafter ‘Management of Illegal Immigrants Regulation’). Under the Immigration Law, the Immigration authority has been extended. The additional authority consists of three different kinds of surveillance and intelligence function, they are data/information-based surveillance, field surveillance, and immigration intelligence. Further, based on the mandate of Immigration Law a new coordinated group named Foreigners Surveillance Team (Tim Pengawasan Orang Asing) has been established.34 Furthermore, based on ‘Management of Illegal Immigrants Regulation’ the issuance of this regulation considered the impact of an illegal immigrant to the state security.35 29 30 31 See UNHCR, “UNHCR Global Appeal 2015 Update - Populations of concern to UNHCR”, online: . Emma Larking, “Controlling Irregular Migration in the Asia-Pacific: Is Australia Acting against Its Own Interests?” (2017) 4:1 Asia & the Pacific Policy Studies 91. Rohan Gunaratna, “ASEAN’s Greatest Counter-Terrorism Challenge: The Shift from ‘Need to Know’ to Smart to Share” in Christian Echle, Megha Sarmah & Patrick Rueppel, eds, Combatting Violent Extremism and Terrorism in Asia and Europe: From Cooperation to Collaboration 32 33 34 35 (Singapore: KAS and RSIS, 2018) 127. For the process of securitization of migrations in Indonesia, read further Nurul Azizah Zayzda, Maiza Hazrina Ash-Shafikh & Ayusia Sabhita Kusuma, “Securitization and Desecuritization of Migration in Indonesia” (2019) 3:1 Journal of Southeast Asian Human Rights 87–90. Nurul Azizah Zayzda, “Sekuritisasi Migrasi Paksa Pengungsi Lintas- Batas di Indonesia” (2017) 3:1 Law Research Review 43. See Article 68-70 of the Immigration Act 2011. See Consideration part of the Regulation of Director General of Immigration No. IMI0352.gr.02.07 (2016) on the Handling of Illegal Migrant Claiming to be Asylum-seeker or Refugee, 2016. Biometric Data Sharing in Irregular Migration and Security within The Bali Process Framework 456 Even though, Indonesia is a destination country, a place of transit for migrants, and has experience with many irregular migration issues. Yet, for many decades the Indonesian government has neglected the country’s migration roles other than as an origin of migrants. In 2016 it was identified that there were 13,703 irregular migrants in Indonesia, mostly from Afghanistan, Myanmar, Somalia, Sri Lanka, Iran, Pakistan, and Iraq.36 Furthermore, IOM depicted Indonesia as “a key transit country for irregular migrant movements.”37 However, compared to another state, Indonesia receives less migrants and refugees than many other countries in Southeast Asia. Several classifications of infringements of the laws related to Immigration in Indonesia may bring the migrants into the status as irregular migrants, for example, the violation of requirements adhered to the visa and initial intention to enter/stay. Missbach and Palmer (2018) observed that ”the government has not given equal attention to protecting immigrants, including migrant workers with permits, asylum seekers, victims of trafficking, and others living and working in irregular situations.”38 Similarly, as noted by Herdiawan (2019) “the migration issue was never a priority agenda in Indonesia’s domestic and foreign policies, with a humanitarian emergency being the only exception.”39 In its development, there is an improvement and shifting approach in dealing with the issue of irregular migration. The government no longer solely employs a securitydriven policy approach. The Indonesian government brought various initiatives to enhance cooperation and bring together authorities, practitioners, and experts in the region to deal with irregular migration issues. Under the framework of ‘the Bali Process,’ the cooperation initiative is to create better border management, adopting a victim-centered approach, and promoting migration channels that are secure.40 In 2016, the government issued The Presidential Decree no. 125/2016 on the Treatment of Refugees from Overseas. The Presidential Decree provides legal certainty and standard 36 37 38 39 40 Hari Utomo, Yusnaldi Yusnaldi & Adya Satya Puspita, “Upaya Pemerintah Menangani Irregular Migrant dalam Perspektif Keamanan Maritim di Provinsi Daerah Istimewa Yogyakarta” (2018) 4:2 Jurnal Keamanan Maritim 96. Global Detention Project, “Indonesia: Overview”, (2020), online: . Wayne Palmer & Antje Missbach, “Indonesia: A Country Grappling with Migrant Protection at Home and Abroad”, (2018), online: Migration Policy Institute . Dio Herdiawan, “Indonesia Refugee Policy is on Right Track”, (2019), online: ASEAN Studies Center Universitas Gadjah Mada . Directorate of KIPS Ministry of Foreign Affairs of Indonesia, “Transnational Crime”, (2019), online: Portal Kementerian Luar Negeri Republik Indonesia . Masitoh Indriani and Amira Paripurna 457 procedures on coordination and effective collaboration among the mandated government agencies. The issuance of Presidential Decree no. 125/2016 has shown the Indonesian government's positive action on refugee issues. Since then the legal protection has improved gradually despite the absence of explicit rights-based provisions.41 As irregular migration is considered as a cross-country problem, it cannot be handled on the ground by particular destination states. To address this issue, it needs significant collaboration amongst the states of origin, transit and destination. Therefore, in addressing this issue, Indonesia attaches to the rule of sharing the burden, since no one country can resolve in isolation. Under this principle, every country, whether they be countries of origin, transit, and destination; these countries must share responsibilities to protect irregular migrants.42 Indonesia and the ASEAN member states initiated an international meeting forum that has resulted in a multilateral agreement through ‘the Bali Process’. It was formed in 2002, one of the most important goals was to promote sharing information in addressing the issues concerning people smuggling, human trafficking, transnational crime as well as irregular migration. ‘The Bali Process’ consists of 49 members, besides the ASEAN member states, ‘the Bali Process’ also includes several countries and international organizations as an observer, such as United Nations High Commissioner for Refugees (UNHCR), International Organization for Migration (IOM), United Nations Office on Drugs and Crime (UNODC), and International Labour Organization (ILO).43 Furthermore, the ‘Lombok Treaty’— an Agreement between the Republic of Indonesia and Australia concerning the Framework for Security Cooperation has been signed to support appropriate responses to these issues. ‘The Bali Process’ has influenced measures taken in addressing irregular migration. One of the most important features of ‘the Bali Process’ multilateral agreement was the introduction of the role of technology in border management. Previously, border management oversight was not sufficiently strict. This issue was addressed in ‘the Bali Process’. The initiation to use technology in border management was an advanced step for the ASEAN region. The following section discusses ‘the Bali Process’ framework particularly the utilization of (biometric) technology. The discussion focuses on the emergence of technology and its challenges in addressing the issue of security and border control management. 41 42 43 Global Detention Project, supra note 37. Koslowski, supra note 19. The Bali Process, supra note 9. Biometric Data Sharing in Irregular Migration and Security within The Bali Process Framework 458 III. THE EMERGENCE OF BIOMETRIC TECHNOLOGY IN SECURITY AND BORDER CONTROL MANAGEMENT The importance of effective border security has been the source of major discussions amongst ASEAN member states. The need to accelerate trade and economic growth in the region will inevitably be followed by new challenges in securing their borders in dealing with refugees, irregular migrants and against non-traditional threats of transnational crimes such as trafficking and smuggling. Thus, strengthening capacity, skills and cross-border cooperation in the region is essential to encounter such security risks. In 2013 the Special Conference of Irregular Movement of People has led the adoption of the Declaration on Addressing Irregular Movement of People. This declaration has been adopted by 13 countries. It was concerned specifically with border control.44 Another meeting was also held to discuss the issue of irregular migration in the region. Even though this meeting produced guidelines for formulating effective solutions to irregular migration, unfortunately, the guideline was too general, lacking in detail.45 However, one of the important results of the meeting was the recommendation to enhance the existing regulation and mechanisms such as ‘the Bali Process.’46 The Bali process does not support nor encourage the member states to provide safety and protect the migrants. Instead, ‘the Bali Process’ encourages enhancing the competency of countries to identify and prevent irregular immigration by securing borders. ‘The Bali Process’ introduced the role of technology in border management. Indonesian border management suffers from a lack of quality. In many cases, Indonesian immigration is failing to detect false documents. Integrity in compromised as bribery remains a common practice. In areas across Indonesia, many refugees and migrants have been discovered owning illegal local identity cards (Kartu Tanda Penduduk, KTP) or driving licenses (Surat Ijin Mengemudi, SIM).47 To overcome the lacking of border management, the Bali Process offers a policy framework on biometric data exchange through Regional Biometric Data Exchange Solution 44 45 46 47 Safitri Taylor, “Refugee Protection in the Asia Pacific Region | Rights in Exile Programme”, online: . Larking, “Controlling Irregular Migration in the Asia-Pacific”, supra note 30. Read also, MFA Thailand (Ministry of Foreign Affairs of the Kingdom of Thailand), Summary: Special Meeting on Irregular Migration in the Indian Ocean (Bangkok, Thailand, 2015). Satrio Dwicahyo, “Indonesia, Immigration and Returning Foreign Fighters”, (2017), online: East Asia Forum . Masitoh Indriani and Amira Paripurna 459 (RBDES). Biometrics data types are varied. These are including facial, iris and voice recognition, fingerprint, hand geometry, thermos-gram, ear shape, body odor, or behavior characteristics like signature, handwriting, and gait.48 RBDES and the Bali Resolution are the major instruments in the context of biometric data sharing in the region. The purpose of RBDES is part of preparedness to counter irregular migration that may include human trafficking, people smuggling, and another type of transnational crime. Through its implementation, RBDES enables law enforcement agencies to rapidly and securely exchange biometrics data to verify the identities of travellers at borders.49 Meanwhile, Bali Resolution (No.4/2016 of the ICP-INTERPOL) is aimed at dealing with terrorism and transnational crimes. It is implemented through identification and early detection to prevent potential threats of terrorism and other forms of transnational crimes. As a multinational tool, RBDES allows Bali Process members to share data with any other country that they have implemented the necessary bilateral agreements with. There are some concerns since the RBDES framework only accommodates fingerprint sharing only even though the system has the potential to be upgraded in any data sharing. As a result, there will be technically inefficient in terms of technical redundancy on the existing system and the RBDES system. The RBDES systems will not replace existing systems owned by countries. Also, RBDES will not connect the national database or information system to the RBDES system. Yet, not all of the member countries have sufficient or suitable equipment to collect biometric data. In the context of Indonesia, in tightening its border management security, in 2011 the Indonesian Government introduced a biometrics passport. In the same year, Indonesia also applied the SITA BioThenticate tighten border security. With the help of this system, there are around 20 million different biometric identities which will be managed and matched. This system can support matching the biometric monitoring list in real time.50 In Indonesia, the use of biometric technology plays a role in securing national interest and security. In early 2009, the Indonesian Government rolled out the biometric-based national identity cards for its citizens. In the future this biometricbased national identity card will be used for a larger range of functions, amongst others, for elector registration, driving license, issuing a passport, taxation and finance issues, 48 49 50 Patrizio Campisi, ed, Security and Privacy in Biometrics (London: Springer, 2013). The Bali Process, Policy Framework for the the Regional Biometric Data Exchange Solution (RBDES) (2015); See also Burt, supra note 5. Specialists in Air Transport Communications and IT Solutions (SITA) Press Release, “Indonesia Tightens Border Control with SITA’s Extensive Biometric System”, (26 October 2011), online: Airport Technology . Biometric Data Sharing in Irregular Migration and Security within The Bali Process Framework 460 and so forth.51 It is also used in handling future threats of terrorist attacks and financial issue.52 The increasing use of technology and its connectivity has opened the possibility of national security threats like border intrusion. However, the capability of the technology to collect and process certain data could be misused by a cybercriminal who is able to exploit such data. In 2019, the US Customs and Border Protection (CBP) reported a malicious cyberattack exposed traveller’s personal information.53 The breach made the authority more alert in preserving its vast database including the sharing of biometrics data that stores sensitive information.54 On the other hand, it shows law enforcement agencies and border management should keep pace with those technologies to fight cybercrimes by identifying the real actor behind the attacks. In contrast, biometrics technology has knowingly played a role in identifying people’s movement and in border control management. The benefit of biometric technology is that it is accurate, secure, comfortable and already applied by many countries to identify a person. One of the dark sides of biometric technology relates to the issue of privacy which leads to the anxiety and concern of harm.55 With the help of biometric technology, the government can collect enormous amounts of personal data. As a result, the need for collecting data may get out of control. The issue of data protection and privacy is on the rise. 51 52 53 54 55 Ellen Messmer, “Indonesia advances world’s most ambitious biometric-based national identity card project | Network World”, online: Networked World . Ibid. Sam Levin, “‘Malicious cyber-attack’ exposes travelers’ photos, says US customs agency: Breach to a US Customs and Border Protection subcontractor has renewed concerns about facial recognition technology”, the Guardian (2019), online: . Ibid. Cristian Morosan, “Opportunities and Challenges for Biometric Systems in Travel: a Review” (2016) 61 Travel and Tourism Research Association: Advancing Tourism Research Globally, online: . Masitoh Indriani and Amira Paripurna 461 IV. DATA PROTECTION WITHIN ASEAN MEMBER STATES AND ITS CHALLENGES OF IMPLEMENTING BIOMETRIC DATA SHARING Since its birth, ASEAN is a security community. ASEAN's formation was driven by political interests to create security stability in Southeast Asia through economic, sociocultural, and technological cooperation. In the framework of creating regional stability in Southeast Asia, ASEAN spawned various treaties such as Southeast Asia as a zone of peace, freedom and neutrality, a nuclear-weapons-free zone, a treaty of amity and cooperation (TAC), and various other cooperative agreements. To create a community of people who care about each other, ASEAN builds three pillars of cooperation: first, the ASEAN Political and Security Community (APSC); second, the ASEAN Economic Community (AEC); third, ASEAN Socio-Cultural Community (ASCC). To expand on what has been built throughout the years in the field of political and security participation, the ASEAN Leaders have consented to set up the ASEAN Political-Security Community (APSC). The APSC guarantees that nations in the locale live content with each other and with the world in a simple, law based and agreeable condition. The ASEAN member countries depend solely on quiet procedures in the settlement of intra-territorial differences and view their security on a very basic level; connected and bound by a geographical area, common vision and goals. The accompanying segments include: political advancement, shaping and sharing of standards, conflict resolution, conflict prevention, post-conflict peacebuilding and implementing mechanisms.56 Therefore, in the context of the RBDES scheme, cooperation amongst countries in the region ought to contribute toward maintaining political and security issues. The APSC Blueprint at first concurred as a guideline based Community of shared qualities and standards; a firm, serene, steady, and strong area with shared duties regarding complete security; just as a dynamic and outward-glancing district in an undeniably coordinated and associated world. This Blueprint is guided by the ASEAN Charter and the standards and purposes contained in that. It gives a guide and timetable to build up the APSC by 2015. It additionally leaves space for adaptability to proceed with projects or exercises past 2015 to hold its essentialness and have an enduring quality.57 56 57 ASEAN, ASEAN political-security community blueprint, 2025. (2016). Mely Caballero–Anthony, “From Comprehensive Security to Regional Resilience: Coping with Nontraditional Security Challenges” (2010) Centre for Non-Traditional Security Studies, Biometric Data Sharing in Irregular Migration and Security within The Bali Process Framework 462 However, in its implementation, there are several obstacles in forming the APSC and some other agreements under TAC inter alia:58 a. The principle of burden-sharing and also shared responsibility still cannot be fully carried out by other ASEAN member countries; b. The process of determining refugee status and placement of a third country takes a long period of time; c. Lack of coordination between countries in emergencies for immigrants, which is believed that it is caused by a lack of a specific framework. Despite the challenges among ASEAN member countries under APSC Forum, recent developments demonstrate that the Bali Process initiative led by Indonesia and Australia has been referred to as one of the good practice in tackling the issue of human trafficking, particularly in fostering cooperation between the state, the private sector and other stakeholders as mentioned in the Special Rapporteur Report on trafficking in persons, especially women and children No. A /74/189.59 The report includes various good practices by the government and the private sector in establishing mechanisms that respond to problems related to human trafficking. The Bali Process encourages cooperation between the private sector and the government through the Acknowledge, Act, and Advance Recommendations (AAA Recommendations) initiative. The private sector can contribute through increasing understanding of the issue in question and ensuring protection for victims.60 Furthermore, in tracing ASEAN member states' readiness in using technology and its relation with RBDES Policy, we have to look further at each Data Protection and Privacy Law. These laws will indicate whether states have adequate policies concerning trans-border data flows. Data Protection and Privacy laws of the ASEAN member states are as follows 61 58 59 60 61 SRajaratnam School of International Studies, Nanyang Technological University, Singapore (Working Paper No.7) 23. LIPI News, “Indonesia dan ASEAN Political and Security Community”, (March 2011), online: . Ministry of Foreign Affairs of Republic Indonesia, “Inisiatif Bali Process Menjadi Salah Satu Good Practice Pbb Dalam Menanggulangi Isu Perdagangan Manusia”, (2019), online: Portal Kementerian Luar Negeri Republik Indonesia . Ibid. Personal Data Protection in ASEAN, by Zico Law Group, ASEAN Insiders Series (2019); Data and Privacy Protection in ASEAN: What does it mean for business in the region? , by Deloitte Touche Tohmatsu Limited (DTTL) (2018). Masitoh Indriani and Amira Paripurna Country Brunei Darussalam Data Protection Law No specific law Cambodia No specific law Indonesia No Specific law Lao PDR No specific law Malaysia The Personal Data Protection Act 2010 (PDPA) Myanmar No specific law Singapore The Personal Data Protection Act 2012 (PDPA) 463 Additional Information Data Protection guided by Data Protection Policy 2014, upheld educational institutions and by government agencies The most relevant regulation is the Ministry of Post & Telecommunications ICT License as stated in Article 27: “all ICT & Telecommunication operators and all relevant person must protect personal information, security, and safety of using their ICT & Telecommunication System ” The most relevant regulations are: 1) Law No. 11 of 2008 on Information and Electronic Transaction 2) Government Regulation No. 82 of 2012 on the Implementation of Electronic Transaction System as amended by Government Regulation No.71 of 2019 3) The Ministry of Information and Communication Regulation No.20/2016 on Personal Data Protection in the Electronic System. The most relevant law to the protection of personal information are: 1. Law on Prevention and Combating Cyber Crime (2015) 2. Law on Protection of Electronic Data (2017) A data user cannot transfer personal data to a place outside Malaysia except if : • it is on a whitelist specified by the Minister, or where the exceptions apply The most relevant law is the Union Parliament Law 5/2017 on the Protecting the Privacy and Security of Citizens An organization or association may transfer personal data abroad if: an) it consents to the PDPA while the transferred personal data stays in its Biometric Data Sharing in Irregular Migration and Security within The Bali Process Framework Thailand Vietnam Philippines 464 ownership; and b) the recipient is bound by legitimately enforceable commitments to give provide protection comparable to that under the PDPA. The Personal Data Personal data can be transferred to Protection Act other countries or international (PDPA) organizations or associations that have adequate personal data protection standards unless exemptions apply No specific law The most relevant law is Law No. 86/2015/QH13 (Law on Cyber Information Security/LCIS) The Data Privacy The Data Protection Authority does not 2012 restrict the transfer of personal data abroad Although the list of regulations above does not specifically address the issue of irregular migrants, in the context of the use of technology and RBDES, these regulations have become the standards for measuring the readiness of legal frameworks regarding personal data management. The personal data management includes management of Biometric data processing which started from the collection stage, data processing up to the policy on data flows. The existence of these regulations enables the portrayal of legal measures of each ASEAN member state in providing a minimum legal standard for protecting and respecting human rights. However, based on the table above it can be inferred that there are gaps from one state to another state in regulating Data Protection. For example, Indonesia does not have sufficient Data Protection Laws. In responding to this issue, in 2016 the Ministry of Communication and Informatics issued a Regulation on Personal Data Protection in Electronic Systems. It is implementing regulations for the Information and Electronic Transaction (IET) Law and Government Regulation on the Operation of Electronic System and Transactions. The regulation gives a point by point directions on the most proficient method to adequately and suitably collect, process, analyze, store, show, report, transmit, disperse and/or additionally give access to, and additionally erase individual information. The Regulation also accommodates for sanctions for corporations failing to comply.62 However, there is no specific accountability mechanism to which data protection breaches can be referred. Moreover, the IET law states that complaints on criminal allegations on personal data should be submitted to 62 Privacy International, “State of Privacy Indonesia”, online: Privacy . International Masitoh Indriani and Amira Paripurna 465 officers from the Ministry of Communication and Information. The problem with this regulation is that the Ministry of Regulation is intended to regulate the ministry internally, as a result, the regulation may cause a technical problem in terms of bureaucracy since it is not integrated amongst other governmental institutions.63 Not only at the national level, but within the regional level the policy challenge on data protection faced by most ASEAN states. In the context of online privacy, the ASEAN member countries have been lagging behind in protecting the privacy of citizens online. From 10 ASEAN member countries, Singapore, Malaysia, Thailand, and the Philippines have committed data protection and online privacy laws. Indonesia, Myanmar and Vietnam are less concerned with information privacy requirements since it is only part of their respective electronic transaction only.64 Such gaps may trigger obstacles at the national level of each ASEAN member state. These challenges arise since the work scheme in the context of the RBDES is under the scheme of data exchange. For instance when there is a problem during the transfer process of (biometric) data. What legal rules will be applied to resolve the problem? This is a key challenge concerning biometric data-sharing initiatives. To tackle such issues, in November 2016, ASEAN adopted the ASEAN Framework on Personal Data Protection.65 This framework provides a set of principles to guide the implementation of the measure at national and regional levels to promote and strengthen personal data protection in the region. The problem with this framework is that the approach taken is considered weak. The ASEAN values are emphasizing consensus and sovereignty. ASEAN is continually evolving. However, many experts consider their efforts to reform the organization and make it more effective and its members more accountable to each other doomed to failure.66 This is due to countries struggling to deal with the international system as a part of the ASEAN development strategy.67 As highlighted by Greenleaf, their national laws are at the foreground, whilst international or regional treaties are relegated to the background. This differs from the 63 64 65 66 67 Norman Edwin Elnizar, “Salah Urus Peraturan Menteri Jadi Sumber Masalah Persoalan Regulasi di Indonesia”, (2017), online: hukumonline.com . Kin Wah Chow & Nick Redfearn, “Data protection in ASEAN”, (2016), online: ROUSE . See detail at ASEAN, The 16th ASEAN Telecommunication Technology Ministers Meeting and Related Meetings (2016). Ibid. Ibid. Biometric Data Sharing in Irregular Migration and Security within The Bali Process Framework 466 European model of a top-down approach.68 Hence, ASEAN will continue to face an unsuccessful harmonization of laws.69 The ASEAN Charter is an example of the failure of such harmonization. There were many factors involved such levels of democracy of each country. According to Jones, most of the countries in the region are not considered democracies or at least possess questionable democratic credentials.70 This led to selective behavior in terms of following international human rights standards.71 The ASEAN Charter encompasses purposes and principles that in practice contradict each other.72 This is also argued by Roberts that if all of the countries in the region are to agree on the protection of human rights, there would be no difficulty in enforcing such a legal mechanism.73 Furthermore, it is conceivable that ASEAN could make a commitment to these values but then define them in a way so as to accommodate its more traditional norms and practices.74 Moreover, the challenge in this field is including human rights and privacy violations committed by the member countries, differences in operational capacity among member countries to the relevant government agencies, insufficient funding that could hinder the complete implementation of the related measures in ASEAN countries.75 As argued by Michalak, ASEAN needs to take lessons from other regions such as the European Union (EU) with its General Data Protection Regulation (GDPR)76 to protect their citizens’ rights by creating a proper and comprehensive 68 69 70 71 72 73 74 75 76 Graham Greenleaf, Asian Data Privacy Laws: Trade & Human Rights Perspectives, illustrated edition ed (Oxford University Press, 2014). Ibid. David Martin Jones, “Security and Democracy: The ASEAN Charter and the Dilemmas of Regionalism in South-East Asia” (2008) 84:4 International Affairs 735–756. Ibid. Greenleaf, supra note 68. Christopher Roberts, “Affinity and Trust in Southeast Asia: A Regional Survey in Hiro Katsumata”, online: ; and See Tan See Seng, People’s ASEAN and Governments’ ASEAN, ASEAN RSIS Monograph 11 (Singapore: S Rajaratnam School of International Studies, 2007). Ibid. Arianne Vanessa Tanopo Jimenez, “Towards A Data Protection Soft Law Framework for the ASEAN Region” (2016) Dissertation, University of California Berkeley 185. General Data Protection Regulation (GDPR) is a European Union law that was implemented May 25, 2018, and requires organizations to safeguard personal data and uphold the privacy rights of anyone in EU territory. The regulation includes seven principles of data protection that must be implemented and eight privacy rights that must be facilitated. It also empowers member state-level data protection authorities to enforce the GDPR with sanctions and fines. The GDPR replaced the 1995 Data Protection Directive, which created a country-by-country patchwork of data protection laws. The GDPR, passed in European Parliament by overwhelming majority, unifies the EU under a single data protection regime. See detail at General Data Protection Regulation (GDPR), “Complete guide to GDPR compliance”, online: GDPR.eu . Masitoh Indriani and Amira Paripurna 467 framework. The Organization for Economic Cooperation and Development (OECD) Privacy Framework77 and the Asia-Pacific Economic Cooperation (APEC) CrossBorder Privacy Rules (CBPR)78 are both can be a reference to protect the right of personal data and to avoid conflict between privacy and security issue.79 In addition to regulations in the field of Data Protection and Privacy, the development of regional cooperation frameworks in the field of security and information systems in ASEAN is very diverse. The regional cooperation frameworks in the field of security and information systems include among others, ASEAN Security Community (2010), ASEAN Convention on Counter Terrorism (2011), ASEAN Working Group on Cybercrime (2014), ASEAN Cyber Capacity Development Project /ACCDP – INTERPOL (2016), ASEAN Ministerial Conference on Cybersecurity (AMCC), ASEAN +3 jointly Curbing Cybercrime, Extremism and Misinformation (2019), The ASEAN Regional Forum (ARF), The ASEAN Network Security Action Council (ANSAC). These frameworks remain relevant even though they do not directly address irregular migration. Because the measures to handle irregular migrations are aligned with the measures to deal with other trans-national crimes such as human trafficking, cybercrimes and terrorism. These regional cooperation mechanisms provide guidelines and frameworks for enhancing border management, increasing the capacity to deal with non-traditional security threats. Under these frameworks, the urge to collaborate is intended to coordinate ASEAN Sectoral Agencies in dealing with a transnational crime that includes the exchange of information and intelligence data, experiences, training and related activities.80 V. CONCLUSION Under ‘the Bali Process,' Indonesia and ASEAN member states initiated cooperation to enhance border management, adopt a victim-centered approach and promote secure 77 78 79 80 OECD, The OECD Privacy Framework (2013). APEC CBPR is developed by the 21 economies of the Asia-Pacific Economic Cooperation (APEC) forum, the CBPR system is a voluntary, enforceable, accountability-based certification that allows for the responsible transfer of personal data across borders and between participating economies. The CBPR provides governments and organizations a ready-built, internationallyrecognized framework to ensure adequate protection of personal information while enabling the secure flow of data—and thus providing the full benefits of today’s global digital economy. See detail at APEC CBPR, Benefits of APEC Cross-Border Privacy Rules (2018). Michael Michalak, “How ASEAN Can Effectively Address the Data Privacy Conundrum”, The Business Times (April 2009), online: . ASEAN, supra note 56. Biometric Data Sharing in Irregular Migration and Security within The Bali Process Framework 468 migration channels. It shows that ASEAN member states have initiated and formulated different kinds of mechanisms of cooperation for dealing with the threats to regional security. These mechanisms have also been adopted by most of the ASEAN member states for implementing cooperation including action plans for related sectors. Ideally, after introducing such technology, the regional cooperation on biometric data sharing will help in improve national security by allowing states to agree on common principles of data sharing. Biometric data sharing may improve national security and tackle the issue of irregular migration. This study found there are gaps within the ASEAN member states in regulating data protection. From 10 ASEAN member countries, Singapore, Malaysia, Thailand, and the Philippines boast data protection and online privacy laws. Meanwhile, Indonesia, Myanmar and Vietnam are less concerned with information privacy requirements since it is merely part of their respective electronic transaction only. It is crucial such gaps are filled via the legal systems of ASEAN member states, leading to better cooperation and collaboration. However, expectations for data sharing is an ambitious one. Furthermore, contentions remain between members of 'the Bali Process’ concerning regional disapproval and sharing humanitarian responsibility. In the context of Indonesia, the enhanced use of technology is beneficial for Indonesian border management. However, it has flaws. Most of the study on privacy rights and the use of surveillance technology including biometric data systems in Indonesia indicate there are many privacy violations.81 The law to protect privacy rights is considered insufficient. This deficiency rating is based on the OECD’s privacy framework. Previous studies demonstrate the challenge to develop a balanced system for the effective use of technical surveillance and the protection of citizens’ rights.82 Data privacy protection remains a central problem in encouraging the use of technology for security and border management Indonesia. BIBLIOGRAPHY APEC CBPR, Benefits of APEC Cross-Border Privacy Rules (2018). 81 82 ELSAM, Privasi 101: Panduan Memahami Privasi, Perlindungan Data dan Surveilans Komunikasi (Jakarta: ELSAM, 2015); see also Amira Paripurna, Masitoh Indriani & Ekawestri Prajwalita Widiati, “Implementation of Resolution No. 4/2016 of the ICPO-INTERPOL Concerning Biometric Data Sharing: Between Countermeasures against Terrorist Foreign Fighters (FTFS) and Protection of the Privacy of Indonesian Citizens” (2018) 5:1 Brawijaya Law Journal 117–142. Wahyudi Djafar, Benhard Ruben Fritz Sumigar & Blandina Lintang Setianti, Perlindungan Data Pribadi di Indonesia: Usulan Pelembagaan Kebijakan dari Perspektif Hak Asasi Manusia (Jakarta: ELSAM). Masitoh Indriani and Amira Paripurna 469 Article 68-70 of the Immigration Act 2011. ASEAN, ASEAN political-security community blueprint, 2025. (2016). ASEAN, The 16th ASEAN Telecommunication Technology Ministers Meeting and Related Meetings (2016). Burt, Chris, “More than half a million Rohingya refugees registered for biometric ID cards with UNHCR”, (2019), online: Biometric Update . Caballero–Anthony, Mely, “From Comprehensive Security to Regional Resilience: Coping with Nontraditional Security Challenges” (2010) Centre for NonTraditional Security Studies, SRajaratnam School of International Studies, Nanyang Technological University, Singapore (Working Paper No.7) 23. Campisi, Patrizio, ed, Security and Privacy in Biometrics (London: Springer, 2013). Chow, Kin Wah & Nick Redfearn, “Data protection in ASEAN”, (2016), online: ROUSE . Deloitte Touche Tohmatsu Limited (DTTL), Data and Privacy Protection in ASEAN: What does it mean for business in the region?, by Deloitte Touche Tohmatsu Limited (DTTL) (2018). Directorate of KIPS Ministry of Foreign Affairs of Indonesia, “Transnational Crime”, (2019), online: Portal Kementerian Luar Negeri Republik Indonesia . Djafar, Wahyudi, Benhard Ruben Fritz Sumigar & Blandina Lintang Setianti, Perlindungan Data Pribadi di Indonesia: Usulan Pelembagaan Kebijakan dari Perspektif Hak Asasi Manusia (Jakarta: ELSAM). Dupont, Alan, “Refugees and illegal migrants in the Asia-Pacific region” in William Maley et al, eds, Refugees and the myth of the borderless world (Canberra: Department of International Relations, Research School of Pacific and Asian Studies, Australian National University, 2002) 'Keynotes’ (2): 9. Dwicahyo, Satrio, “Indonesia, Immigration and Returning Foreign Fighters”, (2017), online: East Asia Forum . Elnizar, Norman Edwin, “Salah Urus Peraturan Menteri Jadi Sumber Masalah Persoalan Regulasi di Indonesia”, (2017), online: hukumonline.com . ELSAM, Privasi 101: Panduan Memahami Privasi, Perlindungan Data dan Surveilans Komunikasi (Jakarta: ELSAM, 2015). Biometric Data Sharing in Irregular Migration and Security within The Bali Process Framework 470 General Data Protection Regulation (GDPR), “Complete guide to GDPR compliance”, online: GDPR.eu . Global Detention Project, “Indonesia: Overview”, (2020), online: . Greenleaf, Graham, Asian Data Privacy Laws: Trade & Human Rights Perspectives, illustrated edition ed (Oxford University Press, 2014). Gunaratna, Rohan, “ASEAN’s Greatest Counter-Terrorism Challenge: The Shift from ‘Need to Know’ to Smart to Share” in Christian Echle, Megha Sarmah & Patrick Rueppel, eds, Combatting Violent Extremism and Terrorism in Asia and Europe: From Cooperation to Collaboration (Singapore: KAS and RSIS, 2018) 127. Ha, Hoang Thi & Ye Htut, “Rakhine Crisis Challenges ASEAN’s Non-Interference Principle” (2016) 2016:70 ISEAS (Perspective) . Herdiawan, Dio, “Indonesia Refugee Policy is on Right Track”, (2019), online: ASEAN Studies Center Universitas Gadjah Mada . Huysmans, Jef, “Migrants as a security problem: Dangers of ‘securitizing’ societal issues” in Diethrich Thranhardt & Robert Miles, eds, Migration and European Integration: The Dynamics of Inclusion and Exclusion (London : Madison N.J.: Fairleigh Dickinson Univ Pr, 1995) 53. ———, “The European Union and the Securitization of Migration” (2000) 38 Journal of Common Market Studies 751–777. ———, The Politics of Insecurity: Fear, Migration and Asylum in the EU, New International Relations Series (London: Routledge, 2006). IOM, “Key Migration Terms”, (2015), online: International Organization for Migration . ———, “Registration and identity management of irregular migrants in the EU” (2018) 12 Global Migration Data Analysis Center Data Briefing, online: . Jimenez, Arianne Vanessa Tanopo, “Towards A Data Protection Soft Law Framework for the ASEAN Region” (2016) Dissertation, University of California Berkeley 185. Jones, David Martin, “Security and Democracy: The ASEAN Charter and the Dilemmas of Regionalism in South-East Asia” (2008) 84:4 International Affairs 735–756. Koser, Khalid, “Irregular Migration, State Security and Human Security” (2005) Global Comission on International Migration 33. Masitoh Indriani and Amira Paripurna 471 Koslowski, Rey, Possible Steps Towards an International Regime for Mobility and Security (Stockholm, 2004). Larking, Emma, “Controlling Irregular Migration in the Asia-Pacific: Is Australia Acting against Its Own Interests?” (2017) 4:1 Asia & the Pacific Policy Studies 91. Lavoie, Caroline & Raymond B Knock, “The ASEAN and International Response to the Southeast Asian Refugee Crisis: A Canadian Perspective” (1990) 18:1 Southeast Asian Journal of Social Science 43–65. Levin, Sam, “‘Malicious cyber-attack’ exposes travelers’ photos, says US customs agency: Breach to a US Customs and Border Protection subcontractor has renewed concerns about facial recognition technology”, the Guardian (2019), online: . LIPI News, “Indonesia dan ASEAN Political and Security Community”, (March 2011), online: . Messmer, Ellen, “Indonesia advances world’s most ambitious biometric-based national identity card project | Network World”, online: Networked World . MFA Thailand (Ministry of Foreign Affairs of the Kingdom of Thailand), Summary: Special Meeting on Irregular Migration in the Indian Ocean (Bangkok, Thailand, 2015). Michalak, Michael, “How ASEAN Can Effectively Address the Data Privacy Conundrum”, The Business Times (April 2009), online: . Ministry of Foreign Affairs of Republic Indonesia, “Inisiatif Bali Process Menjadi Salah Satu Good Practice Pbb Dalam Menanggulangi Isu Perdagangan Manusia”, (2019), online: Portal Kementerian Luar Negeri Republik Indonesia . ———, “Transnational Crime”, online: Portal Kementerian Luar Negeri Republik Indonesia . Missbach, Antje, Troubled Transit: Asylum Seekers Stuck in Indonesia (Singapore: ISEAS–Yusof Ishak Institute, 2015). Biometric Data Sharing in Irregular Migration and Security within The Bali Process Framework 472 Morosan, Cristian, “Opportunities and Challenges for Biometric Systems in Travel: a Review” (2016) 61 Travel and Tourism Research Association: Advancing Tourism Research Globally, online: . OECD, The OECD Privacy Framework (2013). Palmer, Wayne & Antje Missbach, “Indonesia: A Country Grappling with Migrant Protection at Home and Abroad”, (2018), online: Migration Policy Institute . Paripurna, Amira, Masitoh Indriani & Ekawestri Prajwalita Widiati, “Implementation of Resolution No. 4/2016 of the ICPO-INTERPOL Concerning Biometric Data Sharing: Between Countermeasures Against Terrorist Foreign Fighters (FTFS) and Protection of the Privacy of Indonesian Citizens” (2018) 5:1 Brawijaya Law Journal 117–142. Privacy International, “State of Privacy Indonesia”, online: Privacy International . Regulation of Director General of Immigration No. IMI-0352.gr.02.07 (2016) on the Handling of Illegal Migrant Claiming to be Asylum-seeker or Refugee, 2016. Roberts, Christopher, “Affinity and Trust in Southeast Asia: A Regional Survey in Hiro Katsumata”, online: . Rüland, Jürgen, “The Nature of Southeast Asian Security Challenges” (2005) 36:4 Security Dialogue 545–563. Seng, Tan See, People’s ASEAN and Governments’ ASEAN, ASEAN RSIS Monograph 11 (Singapore: S Rajaratnam School of International Studies, 2007). Shivakoti, Richa, “ASEAN’s role in the Rohingya refugee crisis”, (2017), online: Global Is Asian . Specialists in Air Transport Communications and IT Solutions (SITA) Press Release, “Indonesia Tightens Border Control with SITA’s Extensive Biometric System”, (26 October 2011), online: Airport Technology . Spencer, Alexander, “Linking Immigrants and Terrorists: The Use of Immigration as an Anti-Terror Policy” (2008) 8:1 The Online Journal of Peace and Conflict Resolution 1. Straßmayr, Christa et al, “Mental health care for irregular migrants in Europe: Barriers and how they are overcome” (2012) 12:1 BMC Public Health 367. Masitoh Indriani and Amira Paripurna 473 Tallmeister, Julia, “Is Immigration a Threat to Security?”, (24 August 2013), online: EInternational Relations . Taylor, Safitri, “Refugee Protection in the Asia Pacific Region | Rights in Exile Programme”, online: . The Bali Process, “About the . Bali Process”, online: Baliprocess.net ———, Policy Framework for the the Regional Biometric Data Exchange Solution (RBDES) (2015). UN ECOSOC. “Irregular Migration, Human Trafficking and Refugees.” International Migration Policies, Statistical Papers - United Nations (Ser. A), Population and Vital Statistics Report, December 31, 2013, 91–99. UNHCR, “UNHCR Global Appeal 2015 Update - Populations of concern to UNHCR”, online: . Utomo, Hari, Yusnaldi Yusnaldi & Adya Satya Puspita, “Upaya Pemerintah Menangani Irregular Migrant dalam Perspektif Keamanan Maritim di Provinsi Daerah Istimewa Yogyakarta” (2018) 4:2 Jurnal Keamanan Maritim 96. Vollmer, Bastian, Irregular migration in the uk definitions pathways and scale (2011). Zayzda, Nurul Azizah, “Sekuritisasi Migrasi Paksa Pengungsi Lintas- Batas di Indonesia” (2017) 3:1 Law Research Review 43. Zayzda, Nurul Azizah, Maiza Hazrina Ash-Shafikh & Ayusia Sabhita Kusuma, “Securitization and Desecuritization of Migration in Indonesia” (2019) 3:1 Journal of Southeast Asian Human Rights 87–90. Zico Law Group, Personal Data Protection in ASEAN, by Zico Law Group, ASEAN Insiders Series (2019). Masitoh Indriani holds a Bachelor of Laws from Faculty of Law Universitas Airlangga, Indonesia and Master of Laws (LL.M) from School of Law, University of Leeds, UK. Currently, she works as a lecturer at International Law Department, Faculty of Law, Universitas Airlangga and a fulltime researcher at Center of Human Rights Law Studies (HRLS) Faculty of Law Universitas Airlangga. Her research interest includes Cyberlaw, Internet Governance, Surveillance, Data Protection, and Privacy. She has contributed on a book chapter, entitled ‘Freedom of Expression in Indonesia: The Laws, Dynamics, Issues and Challenges’ (2015), the collaboration works between the Academic Network of Freedom of Expression (FoE) and various public Uuniversities in Indonesia. Biometric Data Sharing in Irregular Migration and Security within The Bali Process Framework 474 Amira Paripurna is a faculty member of faculty of law, Universitas Airlangga, Surabaya, Indonesia, as well as a researcher at Human Rights Law Studies (HRLS) Faculty of Law, Universitas Airlangga. Before joining as a faculty member, she served the community at Women and Children Crisis Center in Jember, Indonesia (2003-2006). She holds a Ph.D. from School of Law, University of Washington, USA (2017). Part of her educational background included completing an LLM at Utrecht University, in the Netherlands (2008), specializing in International Criminal Justice and Human Rights Law; a Bachelor of Laws degree (LLB) at the Universitas Airlangga (2003) specializing in Criminal Law. She teaches for Bachelor of law program, Master of law program at faculty of law, as well as Master of Police Science at Postgraduate School, Universitas Airlangga. Her subjects and major research interest include criminal law and criminology, policing terrorism, international human rights law, as well as juvenile justice system.