Content posted on social networking site Facebook has prompted Indonesian officials to consider amending its 2008 IT law.
The Information and Electronic Transaction Act was passed after eight years of debate to regulate jurisdiction, e-contract, privacy, IP rights and criminal liability.
But there remained loopholes and weaknesses, Sinta Dewi of Indonesia's Padjadjaran University told academics at the UNSW Cyberspace Law and Policy Centre yesterday.
Dewi highlighted two recent legal cases in which the Act overlapped with existing law, introducing far more severe penalties for defamation and pornography.
One case involved Indonesian pop star Nazril Irham, alias Ariel, who contravened the Information and Electronic Transaction Act as well as the 2008 Pornography Act for a video that was posted on Facebook.
Dewi expected Irham to be acquitted of cyberlaw-related charges in the so-called 'Ariel Case', because the law punished those who distributed, rather than produced, pornography.
In the 2009 'Prita case', Indonesian woman Prita Mulysari was charged with libel after her e-mailed complaint about service at the Omni International Hospital went viral.
Mulysari may have been penalised a maximum of 4,500 rupiah (A$0.51) and 16 months' imprisonment under the Indonesian penal code on defamation.
But the new cyberlaw - targeted at hackers, spammers and DDoS attackers - meant Mulysari could be penalised up to one billion rupiah (A$113,475) and six years imprisonment.
Dewi said one million Facebook users expressed their support for Mulysari through various groups, raising a total of 1.2 billion rupiah in on- and offline donations. She was subsequently acquitted in two civil defamation lawsuits, and was expected to also escape criminal charges.
"Facebook [is] having a big impact in influencing some political and legal issues in Indonesia," Dewi said, noting that the Indonesian Government was now seeking academics' advice on cyberlaw amendments.
Although privacy was still a nascent area of Indonesian law, young Indonesians were leading a push towards more privacy protections, Dewi said.
Her Australian guest lecture came ahead of the planned December 2011 implementation of a single identity number for all Indonesians that would be stored on a population database and used to process administrative services.
Indonesia was also in the process of ratifying the European Union's Convention on Cybercrime, which called for procedures to force service providers to surrender information about subscribers, and intercept and record traffic.
The Australian Government announced plans to accede to that treaty in May, 2010.
"Indonesians, especially younger generations, have a strong voice that privacy has to be protected. But other parts of society don't care," Dewi said.
She blamed a lack of privacy regulations for local banks' practice of selling customers' data to credit card marketers.
"In the academic sphere, we understand that we need this [privacy] regulation ... [But] unfortunately in Indonesia, cyberlaw hasn't been a priority," she said, highlighting corruption and bureaucracy as more pressing issues.