Article 33 Indonesian Data Protection Law 2020
Refusal of access or request to change personal data
The personal Data controller shall refuse to provide the personal data owner with a change in access to the personal data that is alleged to be known or appropriate:
a. Harm the safety or physical health or mental health
The owner of the personal Data and/or other persons;
b. affect the disclosure of other persons ‘ personal Data; and/or
c. National defense and security interests.