Authors

  • Tofik Yanuar Chandra Universitas Jayabaya, Jakarta, Indonesia Author

Keywords:

Cyber Law, Data Breach Regulation, Electronic System Operator Liability, Personal Data Protection, Tokopedia

Abstract

Indonesia’s digital economic transformation has accelerated the collection of personal data by e-commerce platforms, yet it has also been accompanied by significant information security risks. This study examines the legal liability of Private-Sector Electronic System Operators (Penyelenggara Sistem Elektronik or PSE) through a case study of the 2020 data breach involving 91 million Tokopedia users. Employing a normative legal research method with statutory and case-based approaches, this article evaluates the effectiveness of Indonesia’s positive legal instruments, including the UU ITE, PP PSTE, and PP PMSE. The findings reveal that Article 15 of the UU ITE, which adopts the principle of presumption of liability, has not been effectively implemented due to ambiguous security standards and weak administrative sanctions under the PP PSTE. A deeper analysis further identifies a legal loophole in exoneration clauses contained in platform privacy policies, which unilaterally shift risk to consumers. A comprehensive review of sectoral regulations is therefore urgently needed to ensure legal certainty and to safeguard the constitutional right to personal protection as guaranteed under Article 28G of the 1945 Constitution (UUD 1945). This study recommends strengthening technical oversight by regulatory authorities and standardizing security system audits for all PSE operating in Indonesia.

Downloads

Published

2022-06-30