Authors

  • Irham Alfarid Hidayat Universitas Pembangunan Nasional Veteran Yogyakarta, Yogyakarta, Indonesia Author

Keywords:

Accountability, Data Breach, Information Security, Personal Data Protection, Privacy Rights

Abstract

This article examines legal gaps in Indonesia’s personal data protection framework during the 2017-2021 period, focusing on the effectiveness and urgency of existing regulations in responding to data breach cases. Using a normative legal approach, the study analyzes the Electronic Information and Transactions Law, Government Regulation No. 71 of 2019, and Ministerial Regulation No. 20 of 2016 in relation to major breach incidents involving Tokopedia and BPJS Kesehatan. The analysis shows that Indonesia’s pre-2022 framework had recognized consent, confidentiality, system reliability, and breach notification, but remained fragmented, sectoral, and weak in enforcement. The article discusses regulatory effectiveness through legal certainty, liability, supervision, sanctions, and data subject remedies, while also examining the urgency of reform in the context of privacy rights, digital transformation, and information security governance. The main finding is that Indonesia required a comprehensive personal data protection regime to ensure stronger accountability, clearer rights, effective remedies, and greater public trust in digital systems. 

Downloads

Published

2022-06-30