Publication Search

The dissemination of personal data through digital media has increased significantly alongside the growing use of Quick Response (QR) Codes for various purposes, such as electronic tickets, certificates, and digital identities. Conventional QR Codes are open and can be easily scanned, copied, or manipulated by unauthorized parties. The personal data referred to in this study includes sensitive information such as full name, identity number (NIK/National ID), date of birth, address, phone number, and email address. This research proposes a layered security system that combines the Advanced Encryption Standard (AES) cryptographic algorithm with steganography using the Discrete Cosine Transform (DCT) method. The process begins with encrypting personal data using AES, converting the encrypted result into a QR Code, and embedding the QR Code into a digital image using DCT, hiding it in the image’s frequency domain. The digital images used are of fixed size and formats that preserve visual quality. System evaluation is carried out by testing the visual quality of the stego image, the success rate of QR Code extraction, and the integrity of the encrypted data. The results are expected to conceal sensitive information visually while maintaining its confidentiality, with potential applications in electronic ID cards, digital certificates, e-tickets, and other confidential documents.

The digital transformation in Indonesia’s banking sector has significantly increased the use of digital banking services; however, it has not been fully accompanied by optimal customer trust. This study aims to examine the effect of perceived risk, data privacy protection, and digital service quality on customer trust, both partially and simultaneously. A quantitative approach was employed using survey data collected from 150 digital banking users in Indonesia. Data were analyzed using Structural Equation Modeling based on Partial Least Square (SEM-PLS). The results indicate that perceived risk has a negative and significant effect on trust, while data privacy protection and digital service quality have positive and significant effects on trust. Simultaneously, all variables significantly influence trust, with an R² value of 0.672, indicating strong explanatory power. Compared to prior studies, this research contributes novelty by integrating these three variables into a comprehensive model. The findings reveal that digital service quality is the most dominant factor influencing customer trust. This study concludes that enhancing customer trust requires an integrated approach through effective risk management, strengthened data protection, and continuous improvement in digital service quality.

The right to privacy and the right to health are fundamental human rights that are closely interconnected. The protection of privacy for patients with Human Immunodeficiency Virus (HIV) constitutes a critical issue, given that HIV status is classified as highly sensitive health data and is particularly vulnerable to stigma and discrimination. In Indonesia, the legal framework governing the protection of HIV patients’ health data has been normatively strengthened through the Personal Data Protection Law and the Health Law; however, its implementation continues to face various challenges. This article aims to analyze the right to privacy of HIV patients and the obligations of the state in protecting sensitive health data, as well as to examine the limitations and exceptions to the disclosure of HIV-related data within the framework of law and human rights. This study employs a normative legal research method using statutory, conceptual, and human rights-based approaches. Legal materials are analyzed qualitatively through juridical interpretation and prescriptive analysis. The findings indicate that HIV status is legally categorized as sensitive personal data that is entitled to a high level of legal protection. The state bears tripartite obligations to respect, protect, and fulfill the privacy rights of HIV patients. Nevertheless, a gap persists between legal norms and their implementation, particularly in the management of electronic medical records. The protection of HIV patients’ privacy rights requires strengthened legal implementation, regulatory harmonization, and the adoption of a human rights-based approach to ensure that data protection does not conflict with public health interests.

The economy of a country, including Indonesia, is a system that encompasses all production, distribution, and consumption activities occurring within the country. In the economy, problems often arise that can affect the welfare of society. The problem formulation in this study is: How is the regulation and supervision of both internal and external banks carried out to prevent customer personal data leakage in credit agreements? And how is the responsibility of BPR Karya Sari Sedana towards the leakage of customer debtor data? The research method used is empirical legal research. The conclusion in the study is the protection of customer data against personal data leakage by understanding the forms of supervision from both internal and external parties conducted by the banking institution and referring to the OJK regulations that have been established, in order to minimize the recurrence of similar incidents and allow the public to conduct transactions safely without worrying about their personal data. Leaked by irresponsible individuals. The responsibility carried out by the banking sector currently, namely the Financial Services Authority Regulation Number 22 of 2023 concerning Consumer and Community Protection in the Financial Services Sector, also regulates consumer protection in the financial services industry. Forms in policies related to regulations in the banking world ensure that the public does not worry about their personal data.

Phishing is a form of cybercrime that has experienced a significant increase in frequency within Indonesia. This fraudulent practice aims to deceive victims into surrendering personal data or sensitive financial information by impersonating trusted institutions. Such crimes result in substantial losses for both individuals and the business sector, particularly concerning personal data protection and digital transaction security. This research aims to analyze the legal regulations and the role of supervisory institutions in addressing phishing threats in Indonesia using a normative legal research method. The legal analysis encompasses the implementation of the Electronic Information and Transactions Law (UU ITE), specifically Article 28, paragraph (1), and the Personal Data Protection Law (UU No. 27 of 2022), which serves as the primary foundation for privacy rights. Furthermore, this study examines the Consumer Protection Law and the Indonesian Criminal Code (KUHP) as enforcement instruments. The strategic roles of the Financial Services Authority (OJK) and Bank Indonesia (BI) are also discussed in the context of risk mitigation within the financial sector. The findings indicate that law enforcement effectiveness is still hindered by low digital literacy, limited forensic technology infrastructure, and jurisdictional challenges in tracking cross-border perpetrators. Consequently, a synergy between regulatory strengthening, international collaboration, and massive public education is required to comprehensively suppress these cybercriminal activities.

The rapid adoption of digital contracts in Indonesia demands a reliable document authentication system, one of which is through electronic stamps (e-meterai). However, the current e-meterai verification system remains centralized and exclusively managed by Perum Peruri, making it vulnerable to single point of failure risks and data manipulation. Blokchain technology, with its characteristics of decentralization, transparency, and data immutability, offers a technical solution that could potentially strengthen the integrity of this verification system. This article aims to examine the legal position of blokchain technology within Indonesia's existing e-meterai regulatory framework and to analyze the urgency of establishing specific regulations governing its use. The research employs a normative juridical method through statutory and conceptual approaches. The findings reveal that blokchain currently occupies a legal grey area: technically compatible with the validity requirements of agreements under Article 1320 of the Civil Code and meeting the criteria for Electronic Information under Article 5 of the ITE Law, yet formally lacking explicit recognition due to its conflict with Perum Peruri's monopolistic authority established under Law Number 10 of 2020 on Stamp Duty. Four normative gaps are identified, encompassing the absence of evidentiary guarantees for blokchain-verified documents, the lack of mandatory standards for Electronic Certification Providers, the ambiguity in civil liability allocation for automated system failures, and the conflict between blokchain's immutability and the right to erasure under the Personal Data Protection Law. Comprehensive specific regulations constitute an urgent normative necessity to ensure legal certainty for Indonesia's digital contract ecosystem.

This study aims to examine the influence of local wisdom as a living law on personal data protection behavior, as well as assess the role of Islamic law ethics and digital literacy in the context of intimate digital crime in Indonesia. The background of this research is based on the increasing cases of misuse of personal data in the digital space that have not been fully responded to effectively through formal legal approaches. The method used a quantitative approach with a correlational explanatory design. Data were obtained through the distribution of a questionnaire based on the Likert scale to 150 respondents who were selected purposively, then analyzed using descriptive statistics, Pearson correlation, and simple linear regression. The results showed that local wisdom of alwasliyahan had a positive and significant influence on personal data protection behavior (β = 0.42; p < 0.05). Islamic legal ethics serve as a mediating variable that strengthens the relationship, while digital literacy provides a positive influence at a moderate level. These findings show that the internalization religious and cultural values plays an important role in shaping individual awareness and behavior in protecting personal data in the digital era. The conclusion of this study emphasizes that local wisdom can function effectively as a living law in supporting the protection of personal data. This research makes theoretical contribution the development of the study of Islamic law and the sociology of law, as well as practical implications for policy formulation that integrates formal regulations, cultural values, and digital literacy.

The rapid development of e-commerce in Indonesia makes transactions easier for consumers, but also presents various losses, such as fraud, goods that do not match the description, leaks of personal data, and problems with returning goods. In this context, Law Number 1 of 2024 concerning the Second Amendment to Law Number 11 of 2008 concerning Information and Electronic Transactions (UU ITE) exists as a legal basis which is expected to provide protection for consumers in online buying and selling transactions. This research aims to explore and analyze the effectiveness of the legal protection provided by the ITE Law for consumers, with a focus on protection for detrimental transactions, consumer personal data, as well as dispute resolution mechanisms. The research method used is a normative approach with a literature study of statutory regulations and related legal literature. The research results show that the ITE Law provides quite comprehensive legal protection, including the obligation of electronic system operators to ensure the security of transactions and personal data, as well as regulating sanctions for perpetrators of fraud. However, even though regulations already exist, implementation and consumer understanding of their rights is still a major challenge.

The rapid development of information technology has brought significant changes to various aspects of life, including business and law. One of the key innovations in this context is Blockchain technology. Blockchain has revolutionized information storage and exchange, particularly in the realm of Indonesian contract transactions. It is a decentralized technology that allows for transactions between two parties who do not trust each other, without the need for a third party. The data in Blockchain is stored across the entire network, ensuring that it cannot be altered by a single party without the agreement of the entire network. Furthermore, Blockchain enhances transparency and accountability in data management. This study employs a normative legal research method with a descriptive approach. The findings reveal that Blockchain technology has significant implications for the protection of personal data and the validity of evidence in civil cases. As the technology continues to evolve, its potential to transform legal transactions in Indonesia is undeniable.

This article examines Indonesia’s public policy on personal data protection in light of Law No. 27/2022, which mandates the establishment of an independent Personal Data Protection Authority (PDP Authority). Despite this legal requirement (Article 58 UU PDP), no such institution has been formed. As a result, there is currently no supervisory authority with the mandate to audit compliance, impose administrative sanctions, or resolve data protection disputes. Enforcement of the law has thus remained reactive rather than preventive, with violations prosecuted only after harm occurs. Experts warn that without a strong implementing agency, deterrence is weak: administrative sanctions cannot be effectively applied and punished violations continue unchecked. Cybersecurity analysts even describe this gap as a national digital protection crisis, as personal data leaks (e.g. millions of citizens’ records exposed in recent breaches) continue unabated. Using a normative legal research approach and literature review, this study analyzes how the lack of the mandated PDP Authority undermines the effectiveness of data protection in Indonesia. The article reviews relevant legal theory on regulatory independence and deterrence, and compares with international best practices (e.g. EU/GDPR). We find that the absence of the agency creates serious implementation gaps, and we urge the government to immediately form the PDP Authority and clarify its powers.

This research examines Islamic legal protection for victims of social engineering crimes within the context of cybercrime. Social engineering is a form of digital crime that exploits psychological manipulation and trust to obtain personal data, system access, or financial benefits. Such crimes cause not only material losses but also immaterial harm, including psychological trauma, violations of privacy, dignity, and personal security. However, positive legal frameworks tend to prioritize offender punishment, while victim protection and recovery remain insufficiently addressed. This study adopts a qualitative approach with a normative-juridical research design, complemented by limited empirical insights. Data were collected through library research on Islamic legal sources—namely the Qur’an, Hadith, and fiqh jināyah—alongside statutory regulations on cybercrime and selected interviews with legal scholars and practitioners. The analysis employs a descriptive-analytical method grounded in the maqāṣid al-sharī‘ah framework, particularly the principles of ḥifẓ al-māl (protection of property), ḥifẓ al-‘irḍ (protection of dignity), and ḥifẓ al-nafs (protection of life and psychological security). The findings demonstrate that Islamic law provides a robust normative foundation for protecting victims of social engineering crimes. Such protection extends beyond retributive punishment through ta‘zīr and emphasizes restorative justice by prioritizing victims’ rights restoration, offender accountability, and public welfare. Islamic law is both adaptive and relevant in addressing contemporary cybercrime challenges and may serve as a humanistic, just, and responsive model for victim protection in the digital era.

This study aims to evaluate the effectiveness of implementing Law Number 27 of 2022 concerning Personal Data Protection in Indonesia's efforts to prevent and combat phishing crimes. This research employs a normative legal method to analyze the implementation of the PDP Law in the context of preventing and combating phishing crimes. The findings indicate that the PDP Law has provided a comprehensive legal framework for protecting personal data, including data that is often targeted by phishing attacks.The implementation of the PDP Law is overseen by the Personal Data Protection Authority, which has the authority to impose administrative sanctions, support law enforcement processes, and evaluate cross-border data transfers. To achieve maximum effectiveness in combating phishing crimes, strong synergy is needed between the government, private sector, and the public. The PDP Law has provided a good legal framework, but the success of its implementation is highly dependent on the commitment of all parties to work together in protecting personal data.

Quality public service represents a key measure of effective governance, including police administrative services. The Mobile Driving License (SIM Keliling) service is one of the public service innovations in the traffic sector designed to improve accessibility for the community. This study examines the quality of Mobile SIM services delivered by the Traffic Directorate of the East Java Regional Police at Lippo Plaza Sidoarjo. This research used a qualitative descriptive approach. Data collection techniques included observation, interviews with Mobile SIM officers and service users, and documentation. Service quality was analyzed using five dimensions proposed by Luke and Heyns (2020) reliability, responsiveness, assurance, empathy, and tangibles.The findings reveal that the Mobile SIM service generally performs well. Reliability is evident in the implementation of services in accordance with established procedures, although issues remain regarding service time certainty and transparency of administrative costs. Responsiveness is reflected in the officers’ prompt and attentive responses to public needs during the service process. Assurance is supported by officers’ professionalism, competence, and efforts to safeguard personal data, which enhance public trust. Empathy is demonstrated through friendly behavior, attention to individuals with special needs, and assistance throughout the service process. In terms of tangibles, the service location and main facilities are considered adequate; however, supporting facilities and officer identification still require improvement. In conclusion, while the Mobile SIM service fulfills most service quality indicators, further improvements are needed in time management, administrative transparency, and supporting facilities to achieve more optimal service quality.

The development of technology-based peer-to-peer financing services (LPBBTI) in Indonesia, including platforms like Shopee Paylater, has facilitated easier access to credit. However, this progress is accompanied by cybersecurity risks, such as unauthorized use and account breaches. This study aimed to (1) analyze the operation of LPBBTI under prevailing regulations, and (2) examine the legal liability of parties in cases of Shopee Paylater credit breaches.The study employed a normative legal approach with prescriptive characteristics, combining statutory, conceptual, and case-based analyses. Primary and secondary legal materials were obtained through literature review of Law No. 8 of 1999, POJK No. 10 of 2022, POJK No. 40 of 2024, and personal data protection regulations. The analysis was conducted descriptively and qualitatively. The findings indicate that, despite OJK regulations, Shopee Paylater’s electronic agreements still contain standard clauses that unilaterally shift all account security risks to users. This practice potentially violates Article 18(1)(a) of the Consumer Protection Law and is void under Article 18(3). Consequently, consumers remain liable for payments even if transactions are conducted illegally by third parties. In line with Article 19 of the Consumer Protection Law, service providers should assume liability, as system security is under their control.

Digital fraud, particularly schemes involving the distribution of fake wedding invitations through instant messaging applications such as WhatsApp, has developed into a serious problem in Indonesia along with the increasing use of digital technology in everyday life. This fraudulent modus operandi exploits victims’ curiosity, trust, and panic to prompt them to open malicious links or download harmful files containing malware. Such malware has the potential to damage device systems, steal personal data, and access sensitive information, including banking accounts and social media profiles. This form of fraud not only causes significant financial losses for victims but also results in psychological impacts, such as fear, trauma, and a loss of trust in digital communication. This article aims to comprehensively examine the modus operandi of digital fraud through fake wedding invitations, analyze the relevant legal framework, and assess the social and economic impacts on society. In addition, the article emphasizes the importance of improving digital literacy as an effective preventive measure to minimize the risk of digital fraud. To address this issue, the article proposes strengthening cooperation among law enforcement agencies, cybersecurity institutions, and technology service providers. Recommendations are also directed toward reinforcing regulations, enhancing the effectiveness of law enforcement, and intensifying public awareness campaigns to reduce the incidence of digital fraud in Indonesia.

Article 20 of the Personal Data Protection Law (UU PDP) normatively regulates the protection of data subjects and constitutes a key provision emphasizing the principle of consent as the legal basis for the processing of personal data for commercial purposes. This norm safeguards individual privacy rights, including the validity of explicit consent, the right to withdraw consent, and the responsibility of data controllers. Furthermore, Articles 65–70 of the UU PDP substantively regulate various forms of criminal violations in the context of personal data protection, including the acquisition, disclosure, processing, falsification, and illegal use of personal data, demonstrating the state’s commitment to providing criminal law protection against personal data breaches. This study employs doctrinal legal research with a descriptive-normative approach to address two main issues. First, it aims to examine and identify the legal protection of personal data trading under the UU PDP. Second, it seeks to analyze and identify the legal certainty of personal data trading as regulated by the UU PDP. Although Article 20 of the UU PDP is intended to provide strong protection against the commercial use of personal data, the provision still gives rise to legal uncertainty due to the lack of clear regulation of several crucial aspects. Similarly, Articles 65–70 contain significant legal uncertainties, particularly with regard to the elements of criminal offenses, forms of harm, corporate criminal liability, overlap with other regulations, and the absence of clear enforcement mechanisms and implementing institutions.  

Article 20 of the Personal Data Protection Law (PDP Law) normatively regulates the protection of data subjects and constitutes a pivotal provision that underscores the principle of consent as the legal basis for the processing of personal data for commercial purposes. This normative framework safeguards individuals’ right to privacy, encompassing the validity of explicit consent, the right to withdraw such consent, and the accountability of data controllers. In parallel, Articles 65 to 70 of the PDP Law substantively establish various categories of criminal offenses within the context of personal data protection. These include the unlawful acquisition, disclosure, processing, falsification, and utilization of personal data. Collectively, these provisions reflect the State’s commitment to ensuring criminal legal protection against violations of personal data.This research adopts a doctrinal legal methodology with a descriptive-normative approach to address two primary issues: First, to examine and identify the scope of legal protection concerning the trade of personal data under the PDP Law; and Second, to assess and determine the degree of legal certainty afforded to the trade of personal data within the framework of the PDP Law.Notwithstanding the protective intent embodied in Article 20—particularly concerning the commercial use of personal data—this provision gives rise to legal uncertainty due to the absence of comprehensive regulatory clarity on several critical aspects. Similarly, Articles 65 to 70 continue to exhibit significant legal ambiguities, particularly with respect to the constituent elements of offenses, the definition of harm, corporate liability, regulatory overlap with other legislative instruments, and the lack of clear enforcement mechanisms and implementing institutions.

The development of social media has encouraged students to be more active in interacting, sharing information, and establishing relationships online. However, the high intensity of social media use also increases the risk of personal data leakage. This literature study aims to examine the relationship between privacy awareness and students' safe behavior in social media use. The research was conducted by examining various sources, including scientific journals, articles, research reports, books, and online references relevant to digital security issues. The results of the study show that privacy awareness has a significant role in shaping students' safe behavior. This awareness is reflected through the practice of using strong passwords, the implementation of two-factor authentication, and prudence in sharing personal information in the digital space. Although knowledge about digital threats is quite adequate, students' safe behavior is still influenced by the level of internalization of privacy awareness. Therefore, increasing privacy awareness requires not only information, but also educational strategies that emphasize the formation of consistent digital attitudes and habits. This study makes an important contribution to understanding the relationship between privacy awareness and safe behavior, as well as being the basis for the development of more effective digital literacy programs among students.

The rapid development of information technology has increased the use of online lending services, including illegal platforms that impose excessive interest rates, misuse personal data, and employ intimidating debt collection practices. Limited legal and digital literacy has made communities more vulnerable to these risks. This Community Service Program aims to enhance the understanding of residents in Kradenan Village, Tuban Regency regarding the characteristics of illegal online loans, their social, economic, and psychological impacts, and the relevant legal protections under regulations such as the Electronic Information and Transactions Law, the Personal Data Protection Law, and OJK Regulation No. 77/2016. Through participatory legal education and interactive discussions, the program achieved full participation and improved participants’ knowledge by up to 75%. Residents became more capable of identifying illegal loan applications, recognizing data misuse risks, and understanding preventive measures and available legal remedies. This program effectively increased public awareness to use digital financial services more responsibly and avoid the dangers of illegal online lending.

Information security incidents within government institutions have become a critical issue due to their potential impact on public trust and socio-economic stability. This study examines the social and economic impacts of information security incidents at the General Election Commission (KPU) of Jambi Province. The research aims to identify the types of security incidents that occurred, analyze their social and economic consequences, and evaluate mitigation efforts implemented by the institution. This study employs a qualitative case study approach, using data collection techniques including document analysis, media reports, and interviews with relevant stakeholders. The findings indicate that information security incidents significantly affect public trust in electoral institutions, increase public anxiety regarding personal data protection, and generate additional economic costs related to system recovery, security enhancement, and administrative delays. Furthermore, the incidents also indirectly affect voter participation and institutional reputation. The study highlights the importance of strengthening information security governance, improving human resource awareness, and implementing comprehensive risk management strategies. The results of this research are expected to contribute to the development of more resilient information security policies in public sector institutions, particularly in electoral management bodies.