A Shift in The Principle of Bank Secrecy due to Advancement in Information Technology

Bank secrecy is a conditional legal agreement used by a bank to guarantee the confidentiality of customers' dealing and financial affairs. However, the advancement in information technology, especially in the implementation of electronic systems and transactions across banks, has introduced tremendous changes in the ability of financial institutions to efficiently secure customers’ data. This study provides a detailed explanation of the transformation process using the normative method. The result showed a shift in the principle of bank secrecy to data security in the event of a violation.


INTRODUCTION
The banking sector is devoted to the holding of financial assets for its customers. In addition, the core objective of banks, is to build trust with its customers, therefore, a variety of strict legal rules are put in place to ensure adequate implementation and adherence. The legal rules are made both by the government as well as between banks and their customers. According to Julapa Jagtiani, the relationship between banks and customers is bound by rules made to protect consumers' information and regulated by the government. 1 Muhammad Djumhana stated that bank secrecy is the security, confidentiality, and privacy of a client's foregoing financial activities. In this case, all data and information related to finance, and other commodities need to be kept confidential. 2 The prevailing principle of bank secrecy is currently undergoing a shift in meaning with different legal consequences, due to the expansion from conventional methods to electronic system-based patterns. Therefore, the laws guiding the protection of customer's 40 Varia Justicia Vol. 16 No. 1 (2020) personal data are amended. The Indonesian banking sector also practices this principle, as stated in Article 1, number 28 of Law No. 7 of 1992 andLaw No. 10 of 1998. According to these laws, bank secrecy is related to the various information regarding the deposits and withdrawal activities carried out by customers. This is further explained in Article 40 paragraph (1) and (2) of Law no. 7 of 1992 and Law No. 10 of 1998, which stated the following: (1). banks need to keep customers deposit information except in rare cases, as referred to in Article 41, 41A, 42, 44, and 44A. (2) The provisions referred to in paragraph (1) is also applicable to affiliated parties. This principle was also strengthened with the issuance of Financial Services Authority Regulation No. 1/POJK.07/2013 concerning Consumer Protection and Bank Indonesia Regulation No. 16/1/PBI/2014. In these two regulations, it is stated that banks need to apply the consumer protection with the principle of confidentiality and security of personal data.
The application of these rules liquefies the strict provisions on bank secrecy, which focuses on the principle with more attention to the confidentiality and security of customers' data. Furthermore, provisions that expand the principle of bank secrecy regarding the confidentiality and security of personal data have deviated from conventional to electronic systems bound by the provisions of Law No. 11 of 2008 concerning Electronic Information and Transactions. According to Article 26, paragraph (1) and (2) of Law no. 11 of 2008, (1) Unless determined by legislation, the use of any private related a customer's personal data need to be conducted with the approval of the person concerned, (2) Any person whose rights are violated as referred to in paragraph (1) has every right to file a claim for losses incurred under this Law. In addition, Article 26 paragraph (1) and (2) of Law no. 11 of 2008 emphasizes that approval need to be obtained from customers regarding the provision of their personal data to a third party. Therefore, in terms of violation of the confidentiality and security of personal data in relation to electronic system-based bank activities, the perpetrator is subject to sanctions as stipulated in Law No. 7, 10, and 11 of 1992No. 7, 10, and 11 of , 1998No. 7, 10, and 11 of , and 2008. Based on the description, it is therefore, necessary to study and explore the shift in the meaning of bank secrecy and the legal consequences in electronic system-based banking activities in Indonesia.

RESEARCH METHODS
This is a normative juridical research, which focused on the rule of law. The normative legal research is carried out by studying the meaning of bank secrecy, and its regulations related to the implementation of electronic systems and transactions. This study aims to determine the legal consequences associated with the implementation of electronic systems and transactions in accordance with the laws and regulations in Indonesia. Data were obtained from secondary sources in the form of primary legal materials, such as Law No. 7, 10, and 11 of 19921998and 2008on Financial Services Vol. 16 No. 1 (2020 Authority Regulation. In addition to law No.1/POJK.07/2013, No. 16/1/PBI/2014, and No 82 of 2012 on Government Regulation. Data were also obtained from Regulation of the Minister of Communication and Information Technology Number 20 of 2016, legal materials in the form of books, research results, scientific journals, and dictionaries. The obtained data were descriptively and qualitatively analyzed.

The Shift associated with the Principle of Bank Secrecy due to the implementation of Electronic Transactions
Initially, banks were concerned with the principle of secrecy, however, the development of privacy concept, led to the concern with the principle of confidentiality and security of personal data. Werner De Capitani stated that this technique existed during the time of the Hamurabi Code, some 4000 years ago, with financial privacy associated with personal data. 3 This time, the shift was felt faster due to the strong influence of information technology advancement. Moor stated that privacy is a difficult concept to understand because it changes periodically and is often influenced by the political and technological features of the society. 4 David Banisar defined privacy as a broad concept relating to the protection of individual autonomy and society. 5 Floridi stated that there are two theories of information privacy, namely reductionist and ownership-based interpretations. According to reductionist interpretations, the privacy of information is valuable because it preserves unintended consequences due to violation. Meanwhile, ownership-based interpretation views that everyone has the information. 6 Privacy is considered important in protecting the ability of individuals to develop ideas and personal relationships. Personal experiences and cultures strongly influence their notion in some countries. For example, European countries are susceptible to privacy due to the several violations experienced during the Second World War. 7 Samuel Warren and Louis Brandeis, which stated a person's rights are irrevocably protected from intrusion or unwanted disclosure. This term 42 Varia Justicia Vol. 16 No. 1 (2020) is called the "right to be alone," and it was accepted in the Bill of Rights of the United States constitution. 8 Due to the advancement in the use of information technology, the concept of privacy which initially focused on caring for customers data shifted to protecting the personal interests by providing banks with the right to control data, reject certain types of processing, right to claim/forget the its portability. 9 This led to a shift in the principle of bank secrecy to confidentiality and data security in Indonesia, as stated in Law No. 7 and 10 of 1992 and 1998. According to Adrian Sutedi, Article 40 paragraph (1) of these laws stated that banks are required to keep information on their customers' deposits. 10 Rachmadi Usman reported that all data information related to finance and other matters need to be kept confidential. This article also emphasized several interests exempted from the bank's secrecy obligations, as discussed in subsequent chapters. Firstly, managers of Indonesian Banks, has the authority to issue written instructions to banks to provide information, show written evidence and letters regarding the financial condition of certain customers' financial statement to tax officials, upon request by the Minister of Finance in accordance with Article 41. Secondly, the Chairperson of Indonesian banks grants permission to officials of the State Receivables and Auction Agency to obtain information regarding a customer debtor, as stated in Article 41A. Thirdly, the Chairperson of Bank Indonesia grants permission to the police, prosecutors, or judges to obtain information from banks regarding the depositor for the judiciary in criminal cases, as stated in Article 42. Fourthly, in the context of exchanging information between banks, the directors have the ability to notify the customers' financial condition to other banks, as reported in Article 44). Finally, based on the request, approval, or authority of the customer made in writing, the bank is obliged to provide the information their personal information as reported in Article 44A. 11 According to Article 40, paragraphs (2) of Law no. 7 of 1992 Jo and Law No. 10 of 1998, affiliated parties are excluded from the bank's confidential obligations. This is explained in details as follows:  Vol. 16 No. 1 (2020) 2. Members of the management, supervisors, managers, officials, or employees of banks in the form of cooperative law and accordance with regulations, 3. Parties that provide services to banks, such as public accountants, appraisers, and legal consultants, 4. The various parties that have influenced the management of banks, such as shareholders, Commissioners, supervisors, directors, and the manager's families.
In line with the provisions of bank secrecy, business activities are also provided with the obligation to implement consumer protection with the principle of confidentiality and security of personal data. This is observed in the provisions of Financial Services Authority Regulation No. 1/POJK.07/2013 on Consumer Protection in accordance with Bank of Indonesia Regulation No. 16/1/PBI/2014 on Consumer Protection in Payment System Services, where bank obligations guarantee the principle of bank secrecy, confidentiality, and security of data.
The obligations regarding the confidentiality and security of personal data regarding electronic systems implementation, used by banks are also bound by the provisions of Article 26 paragraph (1) of Law no. 11 of 2008 on Electronic Information and Transactions. This law stated that "Unless determined by the legislation, the use of customers' personal information through electronic media needs the consent of the person concerned." This provision emphasizes the importance of protecting the personal data of electronic media users. According to Article 26, paragraph (1) of Law no. 11 of 2008, personal rights is a customer's right to achieve the following: (1). enjoy private life and free from all kinds of distractions, (2). communicate with others without spying, (3). monitor access to information regarding one's personal life and data. Furthermore, it is the obligation to maintain confidentiality and personal protection to further strengthen the provisions of Article 15 Government Regulation Number 82 of 2012 on the Implementation of Electronic Transactions and Systems. This shift, due to technological advancement, is obliged to maintain the confidentiality, integrity, and availability of personal data. It also guarantees the acquisition, disclosure, and utilization of personal data based on the owner's approval and in accordance with the objectives. According to article 1 paragraph (1) Vol. 16 No. 1 (2020) The various laws and regulations regarding bank secrecy led to the following conclusions (1). A bank in carrying out its business activities is bound by the principle of bank secrecy as regulated in Article 40 of Law No. 7, and 10 of 1992 and 1998 Jo, respectively. It is also in accordance with the Financial Services Authority The implementation of electronic transactions and systems shows that bank secrecy broadly shifted to the protection of personal data with a very broad scope, in accordance with the banking sector. In line with this understanding, banks are obligated to guarantee the customer's personal data are protected by providing the right to control, reject, process, and carry out claims.

Legal Consequences of Violation and Shifts in Principles of Bank Secrecy in implementing Electronic Systems and Transactions in the Banking Sector
This section analyzes the various consequences of violating bank secrecy principles in line with the provisions of Law No. 7 and 10 of 1992 and 1998 Jo, respectively, which stated that, assuming there is a violation of bank secrecy, the violator is held liable in accordance with criminal, civil and administrative laws.
The violation of bank secrecy is an act of crime, as shown in Article 51 of Law No. 10 of 1998. According to this law, which stated that criminal acts in Articles 46, 47, 47A, 48 (paragraph 1), 49, 50, and 50A are crimes minimum sanctions of IDR. 4,000,000,000 (four billion) to IDR. 200,000,000 (two hundred billion).
In addition, the violations of bank secrecy are for administrative responsibility, carried out by Bank Indonesia (BI). These responsibilities are as follows: 1. Money fines, 2. Written warning, 3. Decreasing bank reputation, 4. A prohibition from participating in clearing activities, 5. Suspension of certain business activities in all branch offices, 6. Dismissal of a bank manager and subsequently hire temporary substitute till a general meeting of shareholders is conducted with the approval of Bank of Indonesia, 7. Inclusion of members, managers, bank employees, shareholders in the list of disgraced people in the banking sector.