Criminal Sanctions and Personal Data Protection in Indonesia
DOI:
https://doi.org/10.58829/lp.11.2.2024.1-27Keywords:
Personal Data Protection, Law Number 27 of 2022, Institutional Strengthening, Data Privacy, General Data Protection RegulationAbstract
This research analyzes Indonesia's Law Number 27 of 2022 on Personal Data Protection (Law on Personal Data Protection), focusing on its regulatory framework and institutional strengthening efforts. The study employs a normative legal research approach with a descriptive-analytical method, examining primary legal materials such as Law Number 27 of 2022 and secondary sources including relevant academic literature. To provide a global perspective, comparisons are drawn with the General Data Protection Regulation (GDPR) in the European Union, the Personal Data Protection Act (PDPA) in Singapore, and the Act on the Protection of Personal Information (APPI) in Japan. The findings reveal that while the Law on Personal Data Protection provides a comprehensive framework for personal data protection, its implementation faces significant challenges, including low public awareness, insufficient readiness in the business sector, and limited enforcement capacity of supervisory institutions. Strengthening institutional frameworks and enhancing public understanding of data privacy rights are critical steps toward addressing these challenges. Although criminal sanctions are stipulated in the law, their application has yet to be evaluated in depth, as this research primarily focuses on regulatory analysis. Suggestions include developing robust technological and organizational measures to secure data and fostering international collaboration in managing cross-border data flows to align with global standards. Further research is recommended to assess the effectiveness of criminal sanctions in deterring data breaches and their role in enhancing the overall efficacy of Indonesia's personal data protection framework.
References
Adelia, Fitri. "Peran Otoritas Jasa Keuangan Atas Perlindungan Data Pribadi Konsumen Fintech Lending." Dinamika 27, no. 21 (2022): 3142-3157.
Algamar, Muhammad Deckri, and Noriswadi Ismail. "Data Subject Access Request: What Indonesia Can Learn and Operationalise In 2024?" Journal of Central Banking Law and Institutions 2, no. 3 (2023): 481-512.
Astuti, E. F., A. N. Hidayanto, S. Nurwardani, and A. Z. Salsabila. "Assessing Indonesian MSMEs' Awareness of Personal Data Protection by PDP Law and ISO/IEC 27001:2013." International Journal of Safety and Security Engineering 14, no. 5 (2024): 1559–1567
Astuti, Endah Fuji, Achmad Nizar Hidayanto, Sabila Nurwardani, and Ailsa Zayyan Salsabila. "Assessing Indonesian MSMEs' Awareness of Personal Data Protection by PDP Law and ISO/IEC 27001: 2013." International Journal of Safety & Security Engineering 14, no. 5 (2024).
Ba'abud, Mohammad Fadel Roihan, and Dodik Setiawan Nur Heriyanto. "Application of The Principles of Extraterritorial Jurisdiction Towards Personal Data Breach Committed Cross-Country Borders."Uti Possidetis: Journal of International Law 5, no. 1 (2024): 106-137.
Benn, Stanley I. "Privacy, freedom, and respect for persons." In Privacy and personality, pp. 1-26. Routledge, 2017.
Capurro, Rafael, Michael Eldred, and Daniel Nagel. Digital Whoness: Identity, Privacy and Freedom in the Cyberworld. Walter de Gruyter, 2013.
Cohen, Julie E. ‘What Privacy Is For’. Harvard Law Review 126 (2013 2012): 1904.
Dewantoro, Naufal Mahira, and M. H. Dian Alan Setiawan SH. "Penegakan Hukum Kejahatan Siber Berbasis Phising Dalam Bentuk Application Package Kit (APK) Berdasarkan Undang-Undang Informasi Dan Transaksi Elektronik." In Bandung Conference Series: Law Studies, 3:892–900, 2023.
Dewi, Luh Anastasia Trisna, Ni Putu Suci Meinarni, and I. Dewa Gede Dana Sugama. "Analisis Ekonomi Terhadap Hukum Dalam Kegagalan Perlindungan Data Pribadi Pengguna E-Commerce." Jurnal IUS Kajian Hukum dan Keadilan 9, no. 3 (2021).
Ekawati, Dian, Toto Tohir, and Susanto Susanto. "Optimization of Consumer Protection and Increase of Virtual Currency Trading in Indonesia: A Study on Financial Services Authority Regulation." Al-Ishlah: Jurnal Ilmiah Hukum 27, no. 1 (2024): 60-75.
Fauzie, Muhamad Alfat. "Securing The Future: Indonesia Personal Data Protection Law and It’s Implication for Internet of Things (IOT) Data Privacy." Sriwijaya Crimen and Legal Studies 2, no. 1 (2024): 12-25.
Firmansyah, Muhammad Rizieq. "Perlindungan Data Pribadi Dalam Transaksi Elektronik Pra dan Pasca UU Nomor 27 Tahun 2022." bachelorThesis, Fakultas Syariah dan Hukum UIN Syarif Hidayatullah Jakarta, 2023.
Gurria, Angel. "OECD Employment Outlook 2020: Worker Security and the Covid-19 CRISIS." OECD Employment Outlook (2020): 116-221.
Hamsin, Muhammad Khaeruddin, Abdul Halim, Rizaldy Anggriawan, and Hilda Lutfiani. "Sharia E-Wallet: The Issue of Sharia Compliance and Data Protection." Al-Manahij: Jurnal Kajian Hukum Islam 17, no. 1 (2023): 53-68.
Harahap, Tuti Khairani, Yuyut Prayuti, Nining Latianingsih, Amsari Damanik, Tiyas Maheni, Ida Farida, and Mohamad Hidayat Muhtar. "Pengantar Ilmu Hukum." Penerbit Tahta Media (2023).
Hoofnagle, Chris Jay, Bart van der Sloot, and Frederik Zuiderveen Borgesius. "The European Union General Data Protection Regulation: What It Is and What It Means*". Information & Communications Technology Law 28, no. 1 (2019): 65–98.
Indriani, Masitoh. "Perlindungan Privasi dan Data Pribadi Konsumen Daring Pada Online Marketplace System." Justitia Jurnal Hukum 1, no. 2 (2017).
Junaidi, Junaidi, Pujiono Pujiono, and Rozlinda Mohamed Fadzil. "Legal Reform of Artificial Intelligence’s Liability to Personal Data Perspectives of Progressive Legal Theory." Journal of Law and Legal Reform 5, no. 2 (2024): 587–612.
Kumalaratri, Giosita, and Yunanto Yunanto. "Urgency of the Personal Data Protection Bill on Privacy Rights in Indonesia." Jurnal Hukum 37, no. 1 (2021): 1–13.
Land, Joy. "Cohen-Scali Saguès, Julie". Encyclopedia of Jews in the Islamic World, 2010.
Lestari, Ahdiana Yuni, Misran Misran, Trisno Raharjo, Muhammad Annas, Dinda Riskanita, and Adya Paramita Prabandari. "Improving Healthcare Patient Data Security: An Integrated Framework Model for Electronic Health Records from A Legal Perspective." LAW REFORM 20, no. 2 (2024): 329–52.
Lestari, Endang, and Rasji Rasji. "Legal Study on Personal Data Protection Based on Indonesian Legislation." Awang Long Law Review 6, no. 2 (2024): 471–77.
Li, He, Lu Yu, and Wu He. "The Impact of GDPR on Global Technology Development." Journal of Global Information Technology Management 22, no. 1 (2019): 1–6.
Mahardika, Ahmad Mahardika. "Desain Ideal Pembentukan Otoritas Independen Perlindungan Data Pribadi Dalam Sistem Ketatanegaraan Indonesia." Jurnal Hukum 37, no. 2 (2021): 101–18.
Mahmud Marzuki, Peter. Penelitian Hukum. Jakarta: Kencana Prenada Media Group, 2011.
Mangku, Dewa Gede Sudika, Ni Putu Rai Yuliartini, I. Nengah Suastika, and I. Gusti Made Arya Suta Wirawan. "The Personal Data Protection of Internet Users in Indonesia." Journal of Southwest Jiaotong University 56, no. 1 (2021).
Manurung, Evelyn Angelita Pinondang. "The Right to Privacy Based on the Law of the Republic of Indonesia Number 27 of 2022." Journal of Digital Law and Policy 2, no. 3 (2023): 103–10.
Mayasari, Hanita. "A Examination on Personal Data Protection in Metaverse Technology in Indonesia: A Human Rights Perspective." Journal of Law, Environmental and Justice 1, no. 1 (2023): 64–85.
Moh Hamzah. "Urgensi Rancangan Undang-Undang (RUU) Perlindungan Data Pribadi." Jurnal Hukum 37, no. 2 (2021): 119–33.
Morić, Zlatan, Vedran Dakic, Daniela Djekic, and Damir Regvart. "Protection of Personal Data in the Context of E-Commerce." Journal of Cybersecurity and Privacy 4, no. 3 (2024): 731–61.
Mubashwir Alam, A. K. M., Sagar Sharma, and Keke Chen. "SGX-MR: Regulating Dataflows for Protecting Access Patterns of Data-Intensive SGX Applications." arXiv e-prints (2020): arXiv-2009.
Nababan, Tabitha Fransisca Romauli, and Shevanna Putri Cantiqa. "Mengoptimalkan Implementasi UU No. 27 Tahun 2022 Dengan Penetration Test Dan Vulnerability Assessment Pada Kasus Pembobolan Data Aplikasi Dana." Jurnal Hukum, Politik Dan Ilmu Sosial 3, no. 3 (2024): 155–61.
Nafisah, Syifaun. "Electronic Information and Transaction Law, a Means of Information Control in Libraries." Jurnal Kajian Informasi & Perpustakaan Vol 11, no. 1 (2023): 57–76.
Natamiharja, Rudi, and Ikhsan Setiawan. "Guarding Privacy in the Digital Age: A Comparative Analysis of Data Protection Strategies in Indonesia and France." Jambe Law Journal 7, no. 1 (2024): 233–51.
Patnaik, Sambhabi, Kyvalya Garikapati, Lipsa Dash, Ramyani Bhattacharya, and Arpita Mohapatra. "Safeguarding Patient Privacy: Exploring Data Protection in E-Health Laws: A Cross-Country Analysis." EAI Endorsed Transactions on Pervasive Health and Technology 10 (2024).
Prastyanti, Rina Arum, and Ridhima Sharma. "Establishing Consumer Trust Through Data Protection Law as a Competitive Advantage in Indonesia and India." Journal of Human Rights, Culture and Legal System 4, no. 2 (2024): 354–90.
Priskarini, I.A., Pranoto, and Tejomurti, K. "The Role of The Financial Services Authority in The Legal Protection of Privacy Rights in Connection with Personal Data of Fintech Lending Debtor in Indonesia | Peran Otoritas Jasa Keuangan (OJK) dalam Perlindungan Hukum Hak Privasi atas Data Pribadi Konsumen Peminjam Fintech Lending di Indonesia." Padjadjaran Jurnal Ilmu Hukum 6, no. 3 (2019): 556–575.
Puluhulawa, Jufryanto, Mohamad Hidayat Muhtar, Mellisa Towadi, and Vifi Swarianata. "The Concept of Cyber Insurance as a Loss Guarantee on Data Protection Hacking in Indonesia." Law, State and Telecommunications Review 15, no. 2 (2023): 132–45.
Putra, Tegar Islami, Akbar Jihadul Islam, and Abdullah Mufti Abdul Rahman. "Integrating Islamic Laws into Indonesian Data Protection Laws: An Analysis of Regulatory Landscape and Ethical Considerations." Contemporary Issues on Interfaith Law and Society 3, no. 1 (2024): 85–118.
Putri, Nafila Andriana. "Doxing Untuk Malicious Purposes vs Doxing Untuk Political Purposes: Urgensi Pengklasifikasian Ancaman Hukuman Bagi Para Pelaku Doxing Dalam Undang-Undang Nomor 27 Tahun 2022 Tentang Perlindungan Data Pribadi." Padjadjaran Law Review 11, no. 1 (2023): 102–13.
Raab, Charles, and Ivan Szekely. "Data Protection Authorities and Information Technology." Computer Law & Security Review 33, no. 4 (2017): 421–33.
Rahman, Faiz, and Cora Kristin Mulyani. "Minimising Unnecessary Restrictions on Cross-Border Data Flows? Indonesia’s Position and Challenges Post Personal Data Protection Act Enactment." International Review of Law, Computers & Technology 0, no. 0 (n.d.): 1–20.
Rahmatullah, Indra, Pujiyono Suwadi, and Hari Purwadi. "Legal Reform of Zakat Management Based on Personal Data Protection Law in Indonesia." Mazahib 23, no. 1 (2024): 199–236.
Raihan, Kevin, and Sinta Dewi Rosadi. "Have AI-Enhanced Telemedicines in Indonesia Adopted the Principles of Personal Data Protection?" Yustisia 13, no. 2 (2024): 151–67.
Reis, Oluwatosin, Nkechi Emmanuella Eneh, Benedicta Ehimuan, Anthony Anyanwu, Temidayo Olorunsogo, and Temitayo Oluwaseun Abrahams. "Privacy Law Challenges in The Digital Age: A Global Review of Legislation and Enforcement." International Journal of Applied Research in Social Sciences 6, no. 1 (2024): 73–88.
Rizal, Muhammad Saiful, Yuliati Yuliati, and Siti Hamidah. "Perlindungan Hukum Atas Data Pribadi Bagi Konsumen Dalam Klausula Eksonerasi Transportasi Online." Legality: Jurnal Ilmiah Hukum 27, no. 1 (2019): 68–82.
Rosadi, Sinta Dewi, Andreas Noviandika, Robert Walters, and Firsta Rahadatul Aisy. "Indonesia’s Personal Data Protection Bill, 2020: Does It Meet the Needs of the New Digital Economy?" International Review of Law, Computers & Technology 37, no. 1 (2023): 78–90.
Rosadi, Sinta Dewi, Tasya Safiranita Ramli, and Rizki Fauzi. "Utilization of Non-Fungible Token and Regulatory Challenges in Indonesia: Aspects of Copyright Law." Journal of Intellectual Property Rights (JIPR) 29, no. 5 (2024): 389–95.
Saeki, Soichiro. "Impact of the Amendments to the Act of the Protection of Personal Information to Global Health Research Conducted in Japanese Medical Facilities." Journal of Epidemiology 32, no. 9 (2022): 438–438.
Serfiyani, Citi Rahmati, Cita Yustisia Serfiyani, Iswi Hariyani, and Devina Tharifah Arsari. "Developers Data Protection in the Open-Source Application with the Copyleft License." Lentera Hukum 8 (2021): 23.
Shahrullah, Rina Shahriyani, Jihyun Park, and Irwansyah Irwansyah. "Examining Personal Data Protection Law of Indonesia and South Korea: The Privacy Rights Fulfilment." Hasanuddin Law Review 10, no. 1 (2024): 1–20.
Shalihah, Fithriatus, and Roos Niza Mohd Shariff. "Identifying Barriers to Data Protection and Investor Privacy in Equity Crowdfunding: Experiences from Indonesia and Malaysia." UUM Journal of Legal Studies 13, no. 2 (2022): 215–42.
Silvi, Ferina Widyawati Ayu, and Anom Wahyu Asmorojati. "The Urgency of Establishing a Special Agency of Personal Data Protection and Supervision to Ensure the Indonesian Citizens’ Privacy Rights." Borobudur Law Review 4, no. 2 (2022): 110–22.
Silviani, Ninne Zahara, Rina Shahriyani Shahrullah, Vanessa Riarta Atmaja, and Park Ji Hyun. "Personal Data Protection in Private Sector Electronic Systems for Businesses: Indonesia vs. South Korea." Jurnal Hukum Dan Peradilan 12, no. 3 (2023): 517–46.
Simbolon, Valentina Ancillia, and Vishnu Juwono. "Comparative Review of Personal Data Protection Policy in Indonesia and The European Union General Data Protection Regulation." Publik (Jurnal Ilmu Administrasi) 11, no. 2 (2022): 178–90.
Singer, Joseph William. Legal Realism Now. California Law Review 76 (1988): 465.
Soemitro, Dian Purwaningrum, Muhammad Arvin Wicaksono, and Nur Aini Putri. "Penal Provisions in the Personal Data Protection Law: A Comparative Legal Study between Indonesia and Singapore." SIGn Jurnal Hukum 5, no. 1 (2023): 155–67.
Sudarwanto, Al Sentot, and Dona Budi Budi Kharisma. "Comparative Study of Personal Data Protection Regulations in Indonesia, Hong Kong and Malaysia." Journal of Financial Crime 29, no. 4 (2021): 1443–57.
Suwadi, Pujiyono, Priscilla Wresty Ayuningtyas, Shintya Yulfa Septiningrum, and Reda Manthovani. "Legal Comparison of the Use of Telemedicine between Indonesia and the United States." International Journal of Human Rights in Healthcare 17, no. 3 (2022): 315–29.
Tom Goldstein. Killing the Messenger: 100 Years of Media Criticism. Columbia University Press, 2019.
Tribunnews.com. "Akademisi Sebut Perlindungan Data di RI Butuh Reformasi, Singgung Kebocoran Data e-KTP." Tribunnews.com, 26 December 2024. https://www.tribunnews.com/nasional/2024/12/19/akademisi-sebut-perlindungan-data-di-ri-butuh-reformasi-singgung-kebocoran-data-e-ktp.
Villaronga, Eduard Fosch, Peter Kieseberg, and Tiffany Li. "Humans Forget, Machines Remember: Artificial Intelligence and the Right to Be Forgotten." Computer Law & Security Review 34, no. 2 (2018): 304–13.
Voigt, Paul, and Axel von Dem Bussche. The EU General Data Protection Regulation (GDPR). Cham: Springer International Publishing, 2017.
Wibowo, Ari, Widya Alawiyah, and Azriadi. "The Importance of Personal Data Protection in Indonesia’s Economic Development." Cogent Social Sciences 10, no. 1 (2024): 2306751.
Widiatedja, I Gusti Ngurah Parikesit, and Neha Mishra. "Establishing an Independent Data Protection Authority in Indonesia: A Future–Forward Perspective." International Review of Law, Computers & Technology 37, no. 3 (2023): 252–73.
Wiwoho, Jamal, Umi Khaerah Pati, and Anugrah Muhtarom Pratama. "Reciprocal Data Portability to Foster Financial Services Competition in the Open Banking System Era." Yustisia 13, no. 2 (2024): 134–50.
Wong YongQuan, Benjamin. "Data Privacy Law in Singapore: The Personal Data Protection Act 2012." International Data Privacy Law 7, no. 4 (2017): 287–302.
Yusliwidaka, Arnanda, Muhammad Ardhi Razaq Abqa, and Khansadhia Afifah Wardana. "A Discourse of Personal Data Protection: How Indonesia Responsible under Domestic and International Law?" Pandecta Research Law Journal 19, no. 2 (2024): 173–202.
Yuspin, Wardah, Kelik Wardiono, Aditya Nurrahman, and Arief Budiono. "Personal Data Protection Law in Digital Banking Governance in Indonesia." Studia Iuridica Lublinensia 32, no. 1 (2023): 99–130.
Yuspin, Wardah, Trisha Rajput, Abhinayan Basu Bal, Kelik Wardiono, and Absori Absori. "The Regulations of the Supervisory Officer Personal Data Protection-Based Accountability Principle." BESTUUR 12, no. 1 (2024): 49–68.
