Developers’ Data Protection in the Open-Source Application with the Copyleft License

: Copyright protection of digital products in an open-source system has led to the emergence of copyleft against copyright. Copyleft licenses in open-source serve to impose limits on creations to protect creators' moral rights. At the same time, personal data protection is one part of personal rights amidst the advent of information technology. The development of copyleft products and licenses that usually take place online can potentially lead to violations that harm application developers’ personal data. This paper aimed to characterize copyleft as an antithesis of copyright and analyze legal protection on the open-source application developers' personal data. Using legal research, this paper showed that open-source licenses could consist of two categories. First, non-copyleft licenses in the form of permissive licenses, included in the software under it and are subject to copyright. Second, the copyleft license, which required licenses to modify and distribute copyleft products. This open-source license adopted a form of a standard contract and personal data protection in copyleft products through open-source sites were using a preventive and repressive way. This paper recommended a copyleft-based legal protection mechanism and creators' data by considering the comparative aspects of the copyleft and copyright concepts' characteristics to respect moral rights.


I. INTRODUCTION
The legal aspects of intellectual property rights prioritize the protection of creators and copyright holders for their creations. Protection is provided through an exclusive rights mechanism so that other people who want to copy or reproduce creations must ask permission from creators or the copyright holders. Given Frederich Hegel's idea, Indonesia, as a country adhering to the Civil Law system, provides the principal protection to individual creators in the form of economic rights and moral rights. 1 The exclusive rights of creators and copyright holders sometimes impede knowledge transfer in developing science and technology amidst society's increasing needs. Copyright-protected creations are often not affordable. 2 The parties that made creations but do not want to put creations' economic aspect into top priority and prioritize developing their creations try to find solutions to facilitate the transfer of copyright to the public. It becomes the essential reason for emerging and demanding copyleft.
Copyleft is regarded as another way of exploiting the benefits of creations by ignoring the use of economic rights. 3 Communities against the exclusivity of copyright criticized the application of copyright protection. On the one hand, copyleft protects the creators' moral rights and improves creators' economic welfare. On the other hand, it remains to harm the community as users of creations, resulting in partiality. It becomes the reason to treat creations as creators' rights, reducing their exclusivity, especially economic rights. At the outset, creations emerged to support the free distribution of knowledge to society. The community uses and develops these creations, referring to copyleft. To this issue, Indonesia's Copyright Law No. 28 of 2014 was enacted to protect creations and creators. The same applies to copyleft's creations; copyleft elements are creations that creators deliberately share for social needs. In Indonesia's Copyright Act, it is categorized into moral rights. Copyleft commonly applies to creations in the digital creations such as computer programs and video games, especially those accessed with an open-source system. The creator rights have been released from the start so that other users are free to reproduce, redistribute, rent, modify, and add to the source code.
The freedoms to apply in the open-source system and copyleft-based creations do not necessarily negate creators' copyright. It is because the authors' right to be recognized in their creations remains and inherent with them. However, there are also creators of copyleft-based creations who have decided to use the name from the start-pseudonym or not the actual name in their creations' identity. 4 In implementing copyleft-based creations, even though they are given freely, there is still a mechanism for granting creators' permission through the copyleft license mechanism. In practice, the implementation of the license and product development is carried out openly through an open-source system that involves the parties' personal information. Creators must clearly define the limits on what data and actions can and cannot be accessed by contributors and users while paying attention to the copyleft character that is different from the copyright. Legal protection is applied to the copyleft products in question and creators' personal data and related contributors.
The state of the art of this research is apprehended from previous research, including the article written by Dewi Sinta that discussed the need to form adequate new rules to protect cloud users computing in Indonesia. 9 Second, a study by Ika Riswanti discussed the legal implications of copyleft licenses for the open-source software (OSS) protection in Indonesia based on Law No. 19 of 2002 on Copyright. 10 Thus, this paper aimed to characterize copyleft as an antithesis of copyright and analyze legal protection on the open-source application developers' personal data. It has two main discussions. First, this paper starts by defining the copyleft and copyright from the perspective of intellectual property rights, followed by classification of their differences. Second, it enquires to what extent the legal protection for personal data of open-source application developers. This section overviews data and data protection as a concept and then conforms to Indonesia's data protection law, followed by the identification of the opensource procedures, risks, and the form of legal protection.

II. METHODS
The method used in this legal research is a statutory approach and conceptual approach. The statutory approach was carried out by reviewing all laws and regulations concerning copyleft and personal data protection. The analysis used in this study is qualitative, by comprehending the laws and regulations, books, journals, and doctrines in data protection and intellectual property.

III. COPYLEFT AS THE ANTITHESIS OF DIGITAL CREATIONS
The copyright concept is the right to transcripts, imitations, reproductions, publish, and print an original work. There are two theories in the copyright approach in the Common Law and Civil Law systems. John Locke was a figure who influenced the views of the Common Law system and G.W. Friedrich Hegel in the Civil Law system. The primary key to copyright protection in the Civil Law system is prioritizing creators or known as "personality theory." The protection is in the form of economic rights and moral rights. Meanwhile, in the Common Law system, the benchmark lies in the creation. It seems to prioritize Economic Rights known as "The Fruit of Labor." 11 The principle of copyright protection is the "Automatic Protection" for created products in the areas of science, art, and literature in Article 40 of Indonesia's Copyright Law. Thus, it is clear that Indonesia adheres to a Civil Law System by protecting creators by fulfilling moral and economic rights. The principle of "Automatic Protection" means that it does not need to be preceded like Trademarks and Patents applications. In particular, copyright adheres to the Declarative Principle that creations' registration is not an obligation and only relates to evidence strength.
The computer program is one of the types of creations in the field of science. Initially, the Berne Convention in 1971 stated that computer programs and data compilations were only given the protection as written works, but in 1976 computer programs were protected as copyright creations. Computer programs then get an extended range of protection that included software and operating systems in object code, source code, microdata, program structure, sequence organization, look and feel. This change is in line with Annex 1C Article of 10 TRIPs on Computer Programs and Compilations of Data.
The essence of granting copyright is basically to give creators exclusive rights to their creations. This right begins after creations were born in the tangible form. Exclusive rights consist of economic rights and moral rights. Exclusive rights are special rights reserved for the holder. No other party can take advantage of these rights without the holder's permission. However, to deviate from this exclusive right, creators are also given the freedom to allow certain people to use their creations through the licensing method as in Article 80 of Indonesia's Copyright Law. The granting of a license can be equated as "rental of goods." Therefore no transfer of rights occurs, but only in granting permission to other parties to use the copyright. As a result of the licensing scheme, the creator receives royalty payments, either in money or goods.
The exclusivity of copyright does clearly protect creators from the irresponsibility acts towards their creation. However, on the other hand, some think that the exclusivity of copyright can limit the development of science and the public interest. There are mechanisms for exploiting copyright in the interests of parties other than creators and copyright holders through licensing options and copyright transfers. However, these options remain burdensome to the public. Against this background, then appears a type of antithesis of copyright, which is named copyleft.
The copyleft's definition is not available in Indonesia's regulations, despite its previously long-application. According to Dusollier, copyleft is more than just "free software." He explained as follows: "Copyleft is a term for designating software or free art initiative. This provides a form of antithesis to the basic rights of copyright regarding protection to creators. Meanwhile, copyleft submitted their works freely to the public. Thus, the work is not given freely as possible, but creators provide a broader authorization of rights to use their works than they are usually given to copyright." 12 The copyleft's definition is more extensive than just free software that is distributed to the public. Copyleft was born from copyright, which was given to the public deliberately. 13 In copyleft, creators initially authorize broader rights to the public to use their creations more than the copyright granting 12 Sharee L. Broussard, "The Copyleft Movement: Creative Commons Licensing" (2007) 26:3 Communication Research Trends at 8. 13 Kartik Arushi Maheshwari, "Copyleft: "Copying" Done "rRght" (2017) 4 IJLMH 26.

29| LENTERA HUKUM
without going through an official transfer process. The goal is that other parties in the community can develop their peer-to-peer (among users) so that creators and the community benefit from them. Indeed, copyleft still protects private property but specifically wants it to remain free to be used by anyone. Therefore, copyleft's position as the antithesis of copyright does not necessarily make it antagonistic against copyright and the legal protection provided by copyright.
In practice, many people often equate copyleft with a Creative Commons License, but the two have differences. In copyleft, the keywords which are the main objective are "Collaboration and Cooperation. "Meanwhile, its development shows that Creative Commons (CC) uses the keyword "Share.". This license was invented by Lawrence Lessig, a law professor from the United States whom the Free Software Foundation GNU-GPL inspired. 14 CC is a license that consists of various types of licenses that can be applied to all types of creation, not just computer programs. CC is divided into six types, first is Attribution, coded "CC BY." Second, Attribution-Without Derivative (Non-Derivative), which is symbolized as "CC BY-ND." Third is Attribution-Non-Commercial (Non-Commercial) with the symbol "CC BY-NC." The fourth type is Attribution-Non-Commercial-ShareAlike (ShareAlike), which is symbolized by "CC BY-SA." It is this type that adopts the copyleft license in it. Whereas the CC BY-SA license character is similar to copyleft, among others, to modify, improve, and create derivative creations. However, this Sharealike CC license is possible for commercial purposes as long as credit is attached to the author. The fifth is a combination of Attribution-Non-Commercial-Sharing Similar to the code "CC BY-NC-SA." The last one is Attribution-Non-Commercial-No Derivatives, or referred to as "CC BY-NC-ND." 15 In summary, the copyleft license is included in the Creative Commons License section in the ShareAlike scheme. In this system, creators allow others to use their creations without violating copyright. The Creative Commons license is an advanced development adapted from copyleft, which was initially limited to digital creations. Through the idea of Copyleft, the Creative Commons License expanded the range of applications to insert non-technological creations such as music and language, which was also included in Article 40 of Indonesia's Copyright Law as objects of copyright protection.
Applying a copyleft scheme to a program begins with creating a digital format program as a creation with copyright protection in a declarative way. Then, the author adds the distribution terms or what is known as an opensource license, which can be a copyleft license or a non-copyleft license. For using the copyleft system, the copyleft license agreement must be followed. This license serves as a sign that the program is a legal instrument that gives everyone the right to use, modify, and redistribute the program code or its derivatives, only if the distribution terms do not change. The code and the freedom to change are referred to as one legal procedure.
The copyleft concept in digital and computer technology was first introduced in 1984 by Richard Stallman to access his program development into the Xerox 9700 printer source code. 16 Stallman provided a guarantee for modification and continued distribution freely to the license holder of the Stallman product. This license is called the General Public License as the first and most widely used copyleft license. Copyleft licenses in open-source serve to impose limits on works to protect the creators' moral rights. The license can use the GNU General Public License (GNU GPL) and the GNU Free Documentation License as the most broadly used types of license agreements in copyleft. GNU is a collection of software distribution terms and conditions to create a copyleft. 17 GNU is developed and accessed through a free software foundation. The license can be divided into two categories. First is the general public license, for example, CIVICRM, edX, Nextcloud, and the General Documentation License, like Wikipedia, MoodleDocs, Joomla.
The licensing method applied between copyleft and copyright is different. Copyright generally allows a person with his/her consent to make "Some-Rights-Reserved" claims that apply to all copyright. As a result, the user or the licensee can act as the owner in exploiting creations' economic rights, of course with due respect to creators' moral and economic rights. Meanwhile, copyleft generally provides "All-Rights-Reserved," whose initial idea came from giving freedom. 18 Creators may keep restrictions on information or data that contributors and users may not share.
The application of open-source licenses, both copyleft and non-copyleft licenses, refers to distributing four freedoms. These freedoms include freedom to use the program (freedom 0), freedom to modify and learn how the program works (freedom 1), freedom to redistribute copies of the initial program (freedom 2), and freedom to distribute the derivative product (freedom 3). 19 The copyleft license is used to realize the "Fair Use" under Article 44 of Indonesia's Copyright Law. The cumulative copyleft license must fulfill all freedom elements. If one element is not fulfilled, then creations will lose their identical character as copyleft. It is different from products that are equally circulating on the open-source system but are not copyleft products. In this open-source digital product with a non-copyleft license, it is possible to fulfill only one element or an alternative.
Fair use is a concept of restricting the use of copyright originating in the United States. 20 It is outlined in Articles 43 to 49 of Indonesia's Copyright Law. However, in a Civil Law system like Indonesia, it refers to "Fair Dealing." Fair Dealing's purpose is to provide certain restrictions for creators in utilizing their creations. 21 It is because creators' freedom needs to be regulated to avoid the monopoly of creation. In Article 44 (1)  and/or related products in whole or in substantial part is not considered a copyright infringement if the source is mentioned or included in full for specific purposes. In America, Fair Uses is determined by four factors. They are (a) purpose and characteristics of usage; (b) the initial form of copyrighted creations; (c) the amount of the substance is used; and (d) the effect of the use on the related potential market. 22 One of the manifestations of fair use is the reproduction or duplication of one copy or adaptation of a computer device by a legitimate user that can be done without permission from creators or copyright holders if the copy is used to develop such computer equipment. Thus, copyleft diverges from a different point of copyright. Copyleft deliberately frees its creations while maintaining its moral rights as creators to support research and technology development. In summary, copyleft is in line with the essence of Fair Dealing or Copyright Restrictions following the provisions regulated by Indonesia's Copyright Law. However, of course, there are some differences between copyleft and copyright. One of them is about contributors. In copyleft, contributors get the copyright to their creations. Those who use the copyleft license are required to distribute it under the terms of the original license, which must remain open and cannot be recognized as their property. The project distribution on the open-source site itself is an option and not an obligation. Not all application developers use copyleft licenses and use modified versions of open-source programs. If the user chooses to use copyleft, the distribution system is using the same license as before. The distribution scheme is known as the "Viral Effect," which expands the work by creating and distributing its derivative program with a copyleft license. As a result, creators' name is still included even in the derivative products.

33| LENTERA HUKUM
The following is a summary comparison between copyleft and copyright to make it easier for writers to present explanations: No. Aspects Copyright Copyleft

License Method
"Some-Rights-Reserved" applies, which regulates the prohibition of use and distribution of creations without permission.
"All-Rights-Reserved" applies, which eliminates the prohibition on the use and distribution of creations. Copyright is private rights as regulated in Article 7 of TRIPs (Trade-Related Aspects of Intellectual Property Rights) whose existence must also consider the public interest. The protection of copyright law must be in line with aspects of the public interest, including the interests of technological innovation, economic welfare for society, and balancing the rights and obligations of creators with other parties. Copyleft itself is a meeting point of balance between copyright protection of innovative digital format products and is developing very fast along with the times and provides sufficient access to the development of science for the community.
LINUX is an example of an open-source that first entered Indonesia in the early 1990s. Paulus Suryono Adisoemarta carried the Softlanding System Distro to Indonesia in 1992, followed by Linux Kernel 1.0 in 1994 and In copyleft, creators deliberately produce their creations free to be used and modified. It does not mean that creators do not get any protection because moral rights must be prioritized as eternal rights. The copyleft concept that appears to be a conflict against copyright should not be confused with an effort to support piracy and copyright infringement. Copyleft becomes a bridge between copyright protection to creators while still prioritizing access to the public. Therefore, the copyleft restrictions must be regulated in the copyleft license agreement and adjusted to the copyleft characteristics different from the copyright. However, copyleft is not suitable if it has to be regulated in a special law such as copyright or copyright. Too many regulations that impose restrictions can eliminate copyleft characteristics.

IV. PROTECTING DEVELOPERS' PERSONAL DATA IN THE OPEN-SOURCE APPLICATION
Personal data is information that can be considered as an intangible asset that has economic value. Personal data submitted by consumers to a site can be used to determine its ownership regime. Samuel Warren first wrote the legal conception of the right to privacy and Louis Brandeis in 1890, writing entitled "The Right to Privacy." 27 Through the legal perspective of Personal Data, the data subject, in this case, the customer, has the right to privacy over their data. In contrast, the data controller, namely the company that processes the data, acts through an agreement "terms and conditions" in a position of control over the data processing. As a result, copyright gives exclusive rights to its creations and copyleft to creations distributed freely. Thus, personal data's precise nature can reduce the absolute nature of IPR related to that information. The factoring point used is the Consumer as an individual who maintains the right to privacy over their data.
Until now, Indonesia does not yet have a law related to Personal Data Protection. The right to privacy, including personal data protection, is recognized as one of the citizens' constitutional rights. According to Article 28G(1) of the Indonesian Constitution, every person has the right to receive protection and feel secure from the threat of fear to do as human rights. Protection of personal data can also be associated with Articles 14(2), 29(1), and 31 of Human Rights Law No. 39 of 1999. Article 31 emphasizes the state responsible for guaranteeing the confidentiality of communication relations in electronic means, except on a judge or other power that is legally valid according to law.
In this context, cybercrime can be inevitable due to the weak security of personal data protection. The literature broadly categorizes four cybercrime types based on the relationship between computers and these crimes. First, computer as a target: which includes intellectual property theft, theft of business information (customer data, price data, and marketing plans), and extortion based on information obtained from additional information integrated with a profile, for example, media information, personal history, and sexual preference). Second, Computers as the main tool of crimes: such as fraud using ATM cards, theft of money, conversion or transfer between accounts, fraud in stock transactions, sales, and telecommunications. Third, computers as an additional tool against other crimes: money laundering and lawlessness in banking transactions and recording or leakage of criminal record data. Forth, computer-related crimes in general: software piracy/counterfeiting, copyright infringement of computer programs, counterfeiting of computer devices and programs through the black market, and theft of technological devices. 28 Cybercrime as part of the causality of modernization happen as one of the subject of legal protection, In term of national and International cases.
In the international context, the OECD (Organization for Economic and Cooperation Development) provides a reference frame in protecting personal data. This reference has also been applied in other non-OECD countries like Malaysia. The OECD is an organization for cooperation and economic development between countries to maintain sustainable economic stability. 29 The terms of reference related to the protection of personal data by the OECD are also known as "Guidelines Governing the Protection of Privacy and Transborder Flows of Personal Data." These basic principles consist of some principles. They are pprinciples of collection of boundaries, quality, special purposes, limitation of use, security protection, openness, individual participation, and accountability. 30 The last is a SIM Swap or is also called SIM card hijacking. This method is technically a new form of cyber fraud where hackers obtain personal information and perform illegal work with the victim's bank account and credit card number. 31 Open-source users are concerned with privacy and data protection in connection with extracting data from information available in open-source.

37| LENTERA HUKUM
They are not afraid of losing primary digital data ownership, which is still in raw processed data. However, they are afraid that third parties misuse their data by taking a small part of their personal information. Privacy is about the expectations, acceptance, and respect received from the environment and the norms where the information is shared. For instance, when a person shares medical records information, the information shared is typically limited to a doctor. Of course, it is accomplished in a hospital, where certain norms have explicitly been regulated; doctors must maintain patient confidentiality. 32 However, this is different from the "environment" in social media. Although it has been distributed only to limited people, anyone effortlessly penetrates the limit of confidentiality. Making content publicly accessible is not ultimately the same as being specifically distributed, aggregated, or scaled. Therefore, obtaining data on open-source sites or social media is prone to privacy violations.
The open-source system process allows contributors to an application from other countries. It also impacts personal data protection arrangements because Indonesia does not yet have its own governing rules. As an open application developer site, open-source is difficult to restrict when there is a violation of its creations. In practice, the use of software from social media to open-source allows application owners to control and exploit these personal data sets for commercial purposes as long as data protection requirements are met. The principle that must be fulfilled is the accountability that the data controller has exploitation rights in the data. Open-source software is released under various open-source licenses, source code availability (source code), and the right to modify and improve others' code. 36 The main difference between traditional application development outside open-source and cooperative application development in opensource is the participation of parties outside creators. Open-source uses a voluntary process that relies on a group of application developers or programmers in developing a particular product. The information available in open-source is publicly available information. In other words, anything that is not "confidential" and is in the digital public domain is information that can be "legally obtained." The acquisition can be through access requests, purchases, or joint observations. Data privacy of developers, contributors, and users is essential in developing applications through open-source. The protection of personal data with the use of information technology is a part of privacy rights. For most people, it is possible to create a profile without the data subject. It is not easy to know whether that person created the profile lawfully. Technological developments have raised significant concerns about privacy and data protection and resolving disputes in third parties. 37 Efforts that can be taken concerning personal data protection in copyleft products through opensource sites can be made in preventive and repressive ways. The difference is the availability of source code for OSS and the right to modify and improve others' code. The main difference regarding the philosophy between traditional application development and cooperative software is the participation of parties outside creators. Raymond explained that open-source uses a process called as Voluntary OSS. This process relies on the cooperative participation of a group of application developers or programmers in developing a particular product. 39 The electronic license agreement requires creators to provide all of their profile data before the project is launched on open-source. Open-source licenses can consist of two categories-first, non-copyleft licenses in the form of a so-called 'permissive licenses' subject to copyright. Second, the copyleft license requires licensees who modify and distribute copyleft products to contribute back by modifying, and so on. 40 Copyleft licenses should contain provisions that guarantee that all license terms cannot be revoked, for example, as contained in the Basic Permission of the GNU General Public License (GPL) Version 3. In the preamble of the GPL Version 1, creators' moral rights have included distribution right and integrity rights, are protected. It emphasizes that a person who wants to modify the software and distribute it must ensure that the next contributor must use the software that is not the original version but a derivative version. If there is an error, original creators cannot be blamed. The following is a schematic from the author regarding applying a license to copyleft products in open-source systems: The first section of the license governs the right to apply freedom in copying, distribution, and modification provided, including notification to contributors that the program uses a copyleft license. The second part regarding rights sets the terms and conditions for implementing program modifications (derivative works). Furthermore, in the third part, the obligation to include source code is stipulated in the distribution of derived works. The fourth part concerns the restrictions on copying, duplicating, and distributing as stipulated in the license agreement. The fifth part of the statement submits to or accepts the terms and conditions of the license. The sixth part deals with the redistribution of programs or derivative works. The seventh part allows license changes or the creation of new versions made by the author-part eight, regarding license combinations. The last part, which is the ninth, contains the responsibilities in which the applicable law requires.

Derivative Products
Copyleft License

41| LENTERA HUKUM
Source License Agreement clause, either copyleft or non-copyleft. The enforcement of sanctions must accompany the difference in clauses. If an application developer uses a non-copyleft license, it is possible to change the open-source to Closed-Source and obtain economic interests. Personal data as assets under the Copyleft License is the same as protecting the creator's moral rights.
The connection between creators' moral rights and the protection of creators' data is linked. Copyleft-based creations only reduce or eliminate creators' economic rights, but they still apply their moral rights as exclusive rights. Moral rights are also related to creators' reputation and responsibility to third parties. Thus, creators' data is a valuable asset, morally and economically. The importance of creators' reputation and respect for creators' moral rights, both individuals and companies, for example, can be seen in the case of Jacobsen vs. Mathew Katzer & KAM Industries in 2008 for a copyleft-based software product "Decoder Commander." 42 Jacobsen sued Mathew Katzer for not including Jacobsen's name in the software and did not even provide Jacobsen with information about the modifications. The first instance court ruling ruled that the holder of copylefted copyright bound by an open-source license still has the right to control the modification and distribution of copyrighted material without the author's permission.
Protecting creators' personal data in copyleft-based creations are the same as protecting creators' moral rights simultaneously. A license accommodates creators' protections and restrictions on parties' actions outside creators as written permission from creators, copyright holders, and related rights holders to other parties to exercise economic rights over their creations or rights products related to certain conditions. Thus, only economic rights are transferred under the license. The preventive protection of creators' personal data can be settled through the privacy policy outlined in the copyleft license agreement or non-copyleft license on open-source systems. If creators use a non-copyleft license, it is still possible to change the open-source basis into closed-source or proprietary software to obtain economic benefits. The agreement of the parties and the process of developing the creation entirely occurs online. It is prone to theft of personal data related to user profiles to the confidentiality of creators and contributors. This open-source license adopts the standard agreement form.
Repressive legal protection can only be taken after an actual violation occurs. The protection of personal data in the open-source system in practice involves the participation of programmers from Indonesia and abroad. The data collection process, data processing mechanisms, and data controllers regarding requests for data deletion from electronic systems must be carried out. There are three forms of data privacy frameworks implemented on a global scale. Specifically ISO/IEC 27701, National Institute of Standards and Technology (NIST) privacy, and Kynveld Peat Marwick Goerdeler (KPMG) privacy. 43 One of the main principles is privacy by design, a private data management arrangement through a privacy policy that aims to make users aware of security and privacy for secondary uses related to buying and selling to third parties.
"Privacy by Design" is a private data management setting through a privacy policy. This policy must provide all needed by the user about how the opensource service provider will manage the user's data. 44 Thus, users know the security and privacy level used for secondary uses to buy and sell and share with other companies. This kind of activity is possible in open-source mainly under the non-copyleft license agreement, like trading variety products. understanding of the extent to which information is categorized as personal data. It is proven by many hate speech content and other posts that often contain personal data. Therefore, cyberattacks' potential will increase in line with the high number of internet users in Indonesia with that literacy percentage in data protection.
Other countries such as Malaysia and European Union countries have regulations such as the Personal Data Protection Act 2010 and the GDPR, respectively, which both encourage law enforcement to protect personal data, while Indonesia is still in the form of the Personal Data Bill. Indonesia has also formed a Government-Computer Security Incident Response Team (Gov. CSIRT Team) in 2018 as a cyber response team in the government sector to protect personal data in general. The incident response provided is in the form of triage, coordination, and incident resolution. Proactive activities are also possible in drill tests, technical guidance, and assistance in forming CSIRTs. According to data on the National Cyber and Crypto Agency, there were 88,414,296 cyber-attacks and data leaks in Indonesia from January 1 to April 12, 2020. 46 Until now, there are no regulations that require companies to collect personal data. Both on sites and applications in open-source or closed source systems, the public is responsible for protecting the public's data and regulating the sanctions.
The use of open-source aims to provide public access to knowledge. However, this license still involves parties who have personal data that needs to be protected. It is even more if the person who opens a project is an employee representing its interests. Thus, "Privacy by Design" is suitable to be applied to defend the company's interests in the confidentiality of company documents. Every employee who wants to open an open-source project should first report it to the company regarding making the "Employee IP Agreement." It is used as a guarantee that they will not leak the company data.
The absence of regulation means that the private sector does not have an obligation to form a cyber incident management team. As a result, it is appropriate for companies to have an IR team as the vanguard to violate personal data privacy to respond to violations. It isolates the violation's source carrying out security restoration. It works and functions similarly to Gov-CSIRT in the government sector. However, the IR team's implementation is in the private sector. Team formation is within the company's IT management to enforce the principle of "privacy by design." The obligation to form an IR team can be used as a requirement for certification and the issuance of a permit to determine a company's security level. Copyleft characteristics as the antithesis of copyright do not need to be regulated in law and enough to emphasize legal protection from the parties' agreement in the copyleft license. This arrangement regarding the IR team should be included in Indonesia's bill of Personal Data Protection. This IR team can be of general use to all electronic activities in cyberspace, not only for copyleft products in open-source systems.

V. CONCLUSION
Copyleft is the opposite of copyright as its development of fair use in copyright. It is not a resistance to copyright. Instead, it bridges copyright protection and fulfilling society's needs for scientific development. The comparison between copyleft and copyright can be seen from the aspects of the licensing method, type of protection, nature, openness, the author's economic goals, the object of protection, the characteristics of the rights, and the character of the protection. Copyleft licenses are listed under the Creative Commons ShareAlike type. The function is not the same because the copyleft license is a special license limited to digital-based creations. Meanwhile, Creative Commons consists of various types of licenses for digital and other products, such as music and languages. Given the absence of legal provisions governing, the copyleft application should consistently pay attention to these aspects to protect creators' moral rights.
The use of copyleft-based creations in open-source through a copyleft license must be carried out under the concept of all-rights-reserved freely but 45| LENTERA HUKUM responsibly as an effort to respect creators' moral rights and protect creators' data. Moral rights are related to good names and responsibility towards third parties. Each user must include the name of the creators and changes made before the program is redistributed to other contributors to end-users. Legal protection of creators' personal data should be carried out in a preventive and repressive manner. Preventive efforts can be made by applying privacy principles by design to protect creators' moral rights in copyleft license clauses in standard contract format. Repressive measures can be carried out by requiring the formation of an IR team in Indonesia's Personal Data Protection Bill.