Keywords:
Personal Data Protection, Electronic Commerce, Data Breach, Cyber Regulation, Digital Law, Indonesia, GDPRAbstract
The rapid expansion of digital technology has accelerated
the growth of electronic commerce (e-commerce) in
Indonesia, simultaneously generating significant risks of
personal data breaches and misuse. According to the
Indonesian Internet Service Providers Association (Asosiasi
Penyelenggara Jasa Internet Indonesia/APJII), internet users in
Indonesia reached 215.63 million in the 2022–2023 period,
yet this growth has been accompanied by a surge in data
breach incidents, including the leakage of 91 million
Tokopedia user accounts (2020), 279 million BPJS
Kesehatan participant records (2021), and data from
Bukalapak and Bhinneka.com. This study aims to analyze
the effectiveness of personal data protection regulations
within the context of e-commerce transactions in Indonesia
and to identify the urgency of comprehensive legal reform.
Employing a normative-comparative method reinforced by
a sociological approach, this research examines the
Electronic Information and Transactions Law (UndangUndang Informasi dan Transaksi Elektronik/UU ITE) as
amended, Government Regulation Number 71 of 2019 on
the Implementation of Electronic Systems and
Transactions (Peraturan Pemerintah tentang Penyelenggaraan
Sistem dan Transaksi Elektronik/PP PSTE), and compares
them with the European Union's General Data Protection
Regulation (GDPR). The findings reveal that existing regulations contain fundamental weaknesses: the absence of
explicit data subject rights, disproportionate sanctions, and
fragmented supervisory mechanisms. The urgency of
enacting a standalone Personal Data Protection Law
(Undang-Undang Perlindungan Data Pribadi/UU PDP) is
paramount to ensuring legal certainty and providing genuine
protection for millions of Indonesian digital consumers.