Publication Search

The rapid digitalization in Indonesia, reaching 180 million active social media users, has not been accompanied by adequate security system resilience, thereby triggering massive data breach risks. This study aims to analyze the privacy navigation mechanisms of the digital society as an instrument for mitigating information leaks. The method used is descriptive qualitative with a literature study (library research) approach, which examines primary and secondary literature related to regulations, digital behavior, and user psychological factors. The research findings indicate that privacy navigation in the digital era has not operated optimally due to the dominance of social existence needs, which triggers the privacy paradox phenomenon. Although users possess knowledge regarding cyber risks, the desire for social validation through self-disclosure often overrides technical protection logic. The practice of using secondary accounts (second accounts) was found to be a form of manual navigation, yet its effectiveness remains dependent on individual digital literacy. The implications of this research emphasize that mitigating information leaks requires the integration of critical user awareness, platform governance transparency, and consistent law enforcement through the PDP Law. Digital awareness must transform into reflexive protective behavior to maintain informational sovereignty in cyberspace.  

This study aims to evaluate the effectiveness of implementing Law Number 27 of 2022 concerning Personal Data Protection in Indonesia's efforts to prevent and combat phishing crimes. This research employs a normative legal method to analyze the implementation of the PDP Law in the context of preventing and combating phishing crimes. The findings indicate that the PDP Law has provided a comprehensive legal framework for protecting personal data, including data that is often targeted by phishing attacks.The implementation of the PDP Law is overseen by the Personal Data Protection Authority, which has the authority to impose administrative sanctions, support law enforcement processes, and evaluate cross-border data transfers. To achieve maximum effectiveness in combating phishing crimes, strong synergy is needed between the government, private sector, and the public. The PDP Law has provided a good legal framework, but the success of its implementation is highly dependent on the commitment of all parties to work together in protecting personal data.

Article 20 of the Personal Data Protection Law (PDP Law) normatively regulates the protection of data subjects and constitutes a pivotal provision that underscores the principle of consent as the legal basis for the processing of personal data for commercial purposes. This normative framework safeguards individuals’ right to privacy, encompassing the validity of explicit consent, the right to withdraw such consent, and the accountability of data controllers. In parallel, Articles 65 to 70 of the PDP Law substantively establish various categories of criminal offenses within the context of personal data protection. These include the unlawful acquisition, disclosure, processing, falsification, and utilization of personal data. Collectively, these provisions reflect the State’s commitment to ensuring criminal legal protection against violations of personal data.This research adopts a doctrinal legal methodology with a descriptive-normative approach to address two primary issues: First, to examine and identify the scope of legal protection concerning the trade of personal data under the PDP Law; and Second, to assess and determine the degree of legal certainty afforded to the trade of personal data within the framework of the PDP Law.Notwithstanding the protective intent embodied in Article 20—particularly concerning the commercial use of personal data—this provision gives rise to legal uncertainty due to the absence of comprehensive regulatory clarity on several critical aspects. Similarly, Articles 65 to 70 continue to exhibit significant legal ambiguities, particularly with respect to the constituent elements of offenses, the definition of harm, corporate liability, regulatory overlap with other legislative instruments, and the lack of clear enforcement mechanisms and implementing institutions.

This study aims to examine the role of Sharia Financial Institutions (SFIs) in strengthening sharia financial literacy as a preventive measure against illegal online lending practices in Indonesia. The study uses a descriptive qualitative method through literature review and normative legal analysis of fintech regulations (POJK 77/2016, PBI 19/12/PBI/2017, PDP Law 27/2022, and DSN-MUI Fatwa 117/2018) as well as various studies related to Islamic financial literacy, the role of LKS, and the phenomenon of illegal online lending. The results of the analysis show that Islamic financial literacy still lags behind conventional financial literacy, while the educational and social roles of LKS have not been fully utilized. On the other hand, the legal framework for fintech is adequate, but weak in terms of implementation and public literacy. This study recommends strengthening LKS literacy strategies based on community and digital platforms and developing Islamic microfinance as a safer alternative to illegal online loans.

The rapid development of digital technology has increased the risk of privacy violations and cybercrimes targeting personal data. This study aims to analyze the role of criminal law in personal data protection and the prevention of cybercrimes in Indonesia, as well as to identify the challenges and strategies for strengthening law enforcement in the digital era. The research method used is a qualitative approach with a juridical-normative method through library research on regulations, particularly Law Number 27 of 2022 concerning Personal Data Protection (PDP Law), as well as related academic literature. The results of the study show that criminal law serves a dual function, acting as a repressive tool through the imposition of criminal sanctions on offenders, and as a preventive instrument in enhancing compliance with data security standards. Although the PDP Law provides a strong legal foundation, its implementation still faces challenges such as the suboptimal functioning of data protection institutions, limited capacity of law enforcement officers, and low public awareness of digital ethics. This study recommends institutional strengthening, enhancement of law enforcement human resource capacity, as well as public education and cross-sectoral synergy to create an effective and sustainable data protection system. Thus, criminal law plays a central role in safeguarding personal data and preventing cybercrimes in Indonesia.

This study analyzes the impact of implementing Indonesia’s Law No. 27 of 2022 on Personal Data Protection (PDP Law) on cybersecurity in the e-business sector. Using a normative qualitative approach through literature analysis, this research examines the regulation’s implications for technical infrastructure, compliance procedures, and human resource capacity development within e-business operations. The findings indicate that although the PDP Law provides a comprehensive legal framework and human-centered principles for personal data protection, its implementation faces technical, operational, and economic challenges, particularly for micro, small, and medium enterprises (MSMEs). These challenges include limited security infrastructure, lack of technical expertise, and high investment costs. Nevertheless, adopting strategies such as multi-layer security architecture, zero-trust security model, privacy by design, and strengthening human resource capacity can enhance consumer trust, industry credibility, and the global competitiveness of Indonesia’s e-business sector. This study contributes to the literature by bridging the gap between personal data protection regulation and cybersecurity practices while offering strategic recommendations for both business actors and regulators.

The development of digital technology has had a significant impact on people's lives, including the protection of citizens' privacy rights. One key issue that has emerged is the management and protection of personal data, which is increasingly vulnerable to misuse. This study aims to examine and compare the personal data protection provisions stipulated in the 2024 Electronic Information and Transactions Law (ITE Law) and Law Number 27 of 2022 concerning Personal Data Protection (PDP Law). The research method used is a normative approach with comparative study techniques. The study focuses on the legal substance, scope of data protection, and institutional roles in implementing both regulations. The analysis shows that the ITE Law remains general in nature, lacking specific detailed regulations governing personal data protection mechanisms. Meanwhile, the PDP Law presents a more systematic and comprehensive specific regulation, referencing international principles such as the General Data Protection Regulation (GDPR) in the European Union. However, several implementation challenges exist, including overlapping authority between institutions, inconsistencies in legal norms, and limited adequate legal infrastructure. This situation has the potential to create regulatory dualism and complicate the law enforcement process. Therefore, steps are needed to harmonize the ITE Law and the PDP Law, strengthen the capacity of institutions responsible for data protection, and increase the digital literacy of the public so that citizens' digital rights can be optimally protected in the digital era.

Advances in information technology-based financial services are beginning to follow suit, in the form of peer-to-peer lending, which provides easy access to loans without the need for conventional financial institutions. However, this convenience brings new challenges, particularly regarding the protection of users' personal data. Many platform providers access excessive amounts of sensitive information, such as contacts, photos, and other personal data, which can be misused to the detriment of borrowers. Therefore, this study aims to identify and analyze regulations related to personal data protection, particularly in the field of peer-to-peer lending services in Indonesia. It also analyzes the role of financial institutions, namely the Financial Services Authority (OJK), in addressing potential violations committed by platform providers. Using a normative legal approach, the study shows that despite the existence of these regulations, implementation in the field is suboptimal, particularly in terms of monitoring illegal platforms. Furthermore, challenges to oversight include limited resources and a lack of digital literacy among the public, which results in many users not fully understanding the risks of sharing their personal data. This study also highlights the importance of collaboration between the OJK, the Ministry of Communication and Information Technology, and law enforcement agencies to strengthen oversight mechanisms and take action against violations. In addition, extensive public education regarding personal data security is needed to encourage greater vigilance in using digital services. Personal data protection must be a top priority in the development of financial technology to prevent privacy violations. Strict regulations and effective sanctions are expected to provide a deterrent effect and create a healthy and equitable fintech ecosystem in Indonesia. This study also recommends that the government accelerate harmonization between the Personal Data Protection Law (PDP Law) and financial services sector regulations, particularly regarding service providers' transparency obligations in managing consumer data.  

In the rapidly evolving digital era, data breaches have emerged as a serious threat, particularly in the e-commerce sector which handles vast amounts of customers’ personal data. The protection of personal data has therefore become a crucial issue, requiring effective regulation to ensure digital privacy. In response to this growing concern, Indonesia enacted the Personal Data Protection Law (UU PDP) in 2022 as a significant step toward strengthening digital privacy and security. This study aims to evaluate the effectiveness of the 2022 PDP Law in addressing customer data breach incidents on e-commerce platforms in Indonesia. Using a qualitative approach and case study method, this research analyzes several high-profile data breach cases involving major e-commerce companies in the country. The findings indicate that, although the PDP Law has established a clear legal framework regarding the obligations of reporting and managing data breaches, its implementation still faces multiple challenges. Some companies have not fully complied with the legal timeframes for notifying users, and there is a general lack of transparency in how data breach incidents are managed. These shortcomings reveal a gap between the regulatory framework and practical enforcement in the field. Furthermore, the study highlights the limited public awareness and the insufficient preparedness of some companies in responding to data security incidents in accordance with the law. As a result, the rights of consumers to be informed and protected are not always upheld effectively. This research recommends stronger supervision by relevant authorities to ensure stricter enforcement of the PDP Law. It also underscores the need for ongoing education and intensive training for e-commerce companies to enhance their capacity to prevent, detect, and respond to data breaches in compliance with the legal standards. By reinforcing regulatory implementation and organizational readiness, Indonesia can better safeguard digital consumer rights in the growing e-commerce landscape.

The development of the banking sector has led to an increase in the processing of customers' personal data, which can pose a risk of data misuse. One of the efforts to prevent this is the implementation of data minimisation, which emphasises that the personal data collected must be relevant, limited, and consistent with the legitimate purposes of processing, as well as transparent in accordance with the provisions of Article 27 of Law No. 27 of 2022 on Personal Data Protection (PDP Law). This study employs a normative legal analysis method with a descriptive-analytical approach, incorporating transformative legal theory and privacy rights protection to examine the application of the data minimisation by banks. The findings indicate that excessive data collection practices still frequently occur and may violate customers' privacy rights. Therefore, banks are required to disclose the types and relevance of customer data, conduct regular mapping and evaluation of the data required, and implement selective and secure information technology systems. This implementation constitutes banks' compliance with data protection principles, particularly security and accountability. Additionally, active customer involvement and oversight by authorities are crucial factors in ensuring the effectiveness of data minimisation implementation in the banking sector.

Di era transformasi digital dan big data, perlindungan data pribadi menjadi isu yang sangat mendesak, terutama dengan diberlakukannya Undang-Undang Nomor 27 Tahun 2022 tentang Pelindungan Data Pribadi (UU PDP) di Indonesia. Artikel ini bertujuan untuk melakukan tinjauan kritis terhadap pelaksanaan UU PDP 2022, mengeksplorasi tantangan, peluang, serta dampaknya terhadap hak atas privasi individu. Metode yang digunakan adalah studi pustaka kualitatif dengan pendekatan deskriptif-analitis, mengkaji literatur terkini dan dokumen hukum melalui analisis tematik. Hasil kajian menunjukkan bahwa meskipun UU PDP 2022 telah memberikan kerangka hukum yang kuat, implementasinya masih menghadapi hambatan, mulai dari rendahnya literasi digital masyarakat, lemahnya pengawasan kelembagaan, hingga dominasi platform digital raksasa. Artikel ini memberikan kontribusi dengan menawarkan pemahaman baru tentang urgensi tata kelola data yang inklusif dan berbasis kepercayaan publik, sekaligus memberikan rekomendasi praktis bagi pemangku kepentingan. Kesimpulannya, perlindungan data pribadi memerlukan sinergi lintas sektor untuk menciptakan ekosistem digital yang adil, aman, dan berdaulat, serta perlu didukung penelitian lanjutan yang lebih mendalam dan komparatif.

In the era of rapid digital transformation, digital sovereignty has become a strategic issue for ASEAN countries, including Indonesia. Digital sovereignty encompasses a country's ability to manage data, technological infrastructure, and information systems independently without foreign intervention. This study aims to analyze Indonesia's strategies in strengthening digital sovereignty through regional cooperation within ASEAN. A descriptive qualitative approach is employed to illustrate the dynamics of Indonesia’s domestic and regional policies, with data obtained from literature studies, official government documents, and international publications related to cybersecurity. The findings indicate that Indonesia is actively developing national policies such as the Personal Data Protection Act (PDP Law), building national digital infrastructure, and launching strategic projects such as the SATRIA-1 Satellite. At the regional level, Indonesia plays an active role in forums such as the ASEAN Digital Ministers' Meeting (ADGMIN) and ASEAN-CERT, as well as initiating the establishment of the ASEAN Digital Resilience Task Force. However, significant challenges remain, including institutional fragmentation at the national level, digital infrastructure gaps, limited human resources, and varying political commitments among ASEAN member states. This study concludes that Indonesia's strategy must be accompanied by strengthened inter-agency coordination, capacity building of human resources, and harmonization of regional digital policies to create a secure, sovereign, and inclusive ASEAN digital ecosystem.

Personal data dissemination is a new type of crime that has emerged in the digital world. The rapid development of technology has led to various innovations in data storage, one of which is through barcode technology. Although it provides convenience, this technology also opens up new gaps in cybercrime, especially the misuse and dissemination of personal data stored in barcodes. The impacts of the spread of personal data include damage to personal reputation due to the widespread dissemination of personal data on the internet, the emergence of cyber bullying and sexual harassment, personal data that has the potential to be sold, and the distress and psychological trauma experienced by victims of personal data dissemination. The purpose of this study is to analyze how law enforcement against perpetrators of abuse of the spread of personal data stored in barcodes is reviewed from the ITE Law and the PDP Law, and identify preventive efforts that can be made to prevent these crimes. This research uses a normative juridical approach method used to examine applicable legal norms related to personal data protection. With a statute approach, books, scientific journals, and the internet. The results showed that, although the ITE Law does not specifically regulate barcode technology, the protection of personal data stored in barcodes is still subject to the provisions of the ITE Law and Law Number 27 of 2022 concerning Personal Data Protection.

The general election as a pillar of democracy faces new challenges with the rapid development of information technology, one of which is the practice of doxing—disseminating personal data without consent to harm individuals. In the context of Indonesia’s 2024 General Election, doxing cases have increased, targeting political figures and ordinary citizens, potentially undermining political participation and violating the right to privacy. This study aims to analyze the legal framework governing doxing based on Law Number 1 of 2024 concerning Electronic Information and Transactions (ITE Law) and Law Number 27 of 2022 concerning Personal Data Protection (PDP Law), as well as to examine the form of criminal liability for perpetrators of doxing in the context of the 2024 election. This normative juridical research employs statutory, conceptual, and case approaches. The findings reveal that although not explicitly regulated, doxing can be classified as a legal violation under the two laws. However, law enforcement still faces technical and normative obstacles, such as difficulty in identifying perpetrators and proving intent. Strengthening legal provisions and the capacity of law enforcement officers is essential to ensure accountability without compromising democratic principles.

The rapid development of information technology has had a significant impact on the pattern of collecting, processing, and storing personal data in the digital era. However, this progress is also accompanied by an increasing threat of cybercrime, one of which is phishing attacks. Phishing is a digital fraud mode that aims to obtain personal data illegally through social engineering and manipulation of electronic systems. This study aims to analyze the form of legal protection for phishing victims in the perspective of Law Number 27 of 2022 concerning Personal Data Protection (UU PDP). Using normative legal methods and conceptual approaches, this study examines the role of state authorities such as the National Cyber and Crypto Agency (BSSN) and the Directorate of Cyber Crime (Dittipidsiber) of the National Police Criminal Investigation Unit in the procedures for handling and prosecuting phishing. The results of the study show that although the PDP Law has provided a clear legal framework, its implementation still faces challenges in technical aspects, institutional coordination, and public digital literacy. Therefore, strong synergy is needed between regulation, supervision, and public education to realize effective and sustainable personal data protection in the digital era.

The practice of leaking customer data by banks to third parties, such as Mata elang, raises serious problems in the context of personal data protection in Indonesia. This action not only threatens the individual's right to privacy but also has the potential to violate the legal provisions stipulated in Law Number 27 of 2022 concerning Personal Data Protection. This article aims to analyze the legal basis violated by this practice and provide a legal solution in an effort to protect customer rights. The formulation of the problem in this study is what form of legal violation of data leaks by banks to Mata elang and what is the legal enforcement mechanism. This study uses a normative legal method with a statutory and conceptual approach. Data were obtained through a literature study of relevant regulations and supporting scientific literature. The results of the analysis show that leaking customer data to third parties without valid consent is a violation of the principles of data processing in the PDP Law, especially regarding legality, transparency, and protection of data subjects. Banks as data controllers are responsible for the leak and can be subject to administrative, civil, or criminal sanctions. In closing, this study recommends strengthening internal bank regulations, strict supervision by regulatory authorities, and increasing legal awareness for customers. This effort is important to ensure the security of personal data and uphold the right to privacy in the banking system.

Digital transformation in Indonesia has increased dependence on digital database systems, so that personal data protection has become a crucial issue. This research aims to analyze the urgency of protecting personal data in digital database systems in Indonesia from regulatory, ethical and technical strategy aspects. The method used is literature study and document analysis of regulations, ethical practices and data protection technology. The research results show that even though Law Number 27 of 2022 concerning Personal Data Protection (UU PDP) has been passed, its implementation still faces challenges in the form of low digital literacy, weak law enforcement, and not yet optimal monitoring infrastructure. Additionally, implementing ethical principles and technical strategies, such as encryption, access control, and privacy by design, is critical to strengthening data security. This research concludes that effective personal data protection can only be realized through synergy between strong regulations, the application of digital ethics, and adequate technical strategies, in order to safeguard individual privacy rights in the digital era.

The implementation of personal data protection in information systems at financial services companies is an important issue in this digital era. This study aims to analyze the implementation of personal data protection in information systems at financial services companies in Indonesia after the enactment of Law Number 27 of 2022 concerning Personal Data Protection (UU PDP). The main focus of the study is to identify the level of company compliance with the principles of personal data protection, the challenges faced in its implementation, and the legal and business implications that arise. The research method used is normative law with a qualitative approach, supported by literature studies and analysis of related documents. The results of the study show that although the PDP Law has been enacted, the implementation of personal data protection in the information systems of financial services companies still faces various challenges, including system complexity, varying stakeholder awareness, and the need for significant technology investment. This study concludes that more comprehensive efforts are needed from all relevant parties to ensure the effective implementation of the PDP Law and provide concrete suggestions for future improvements.

Fintech or financial technology is an alternative path in the financial sector based on information technology. Fintech as an innovation from electronic financing institutions provides many benefits, but on the other hand there are also weaknesses that are still a problem in society, namely data leakage in the fintech system which is implemented electronically. One of the companies that experienced a data leak is PT Fintech Cermati. In Indonesian regulations, preventive and repressive efforts against data leaks have been regulated in OJK Regulation (POJK) Number 77 of 2016 concerning Information Technology-Based Money Lending Services and Law No. 27 of 2022 concerning Personal Data Protection which regulates the Company's obligations in maintaining the confidentiality of its consumer data. This study aims to determine the extent of compliance and responsibility of PT Fintech Cermati for the protection of its consumers' personal data. The research method used in this study is descriptive analytical, namely against data that has been collected as completely as possible through secondary data from relevant literature sources to be discussed and explained systematically with primary data in the form of literature studies with an analytical concept approach method. The results of this study indicate that the company's obligation to comply with the provisions of Article 16 of the PDP Law in conjunction with Article 26 and Article 28 of POJK 77/2016 concerning maintaining the confidentiality of personal and company data can be held accountable in civil and criminal matters.