Legal Protection for Citizens in Data Breach Cases based on Law Number 27 of 2022 on Personal Data Protection
Abstract
Technological advancements bring both benefits and challenges, particularly in the realm of personal data protection. Data breaches present significant risks, such as threats to individual security and misuse of information. Despite the enforcement of Law No. 27 of 2022 concerning Personal Data Protection (PDP Law), incidents of data leakage continue to occur in Indonesia. This study aims to analyze the legal protections available to citizens in relation to data breaches, as provided under the PDP Law. Specifically, this research addresses: (1) the responsibilities of parties involved in personal data breaches that affect the rights of citizens, and (2) the forms of legal protection available for citizens' personal data. The research employs a normative legal method using a statutory approach and literature review, involving primary, secondary, and tertiary legal sources. The responsibility for data breaches lies with Personal Data Controllers and Personal Data Processors, as mandated by the PDP Law, which requires data protection, supervision, lawful processing, and sanctions for violators to ensure data security and integrity. The law provides both preventive and repressive protections, but this study finds weaknesses such as inadequate regulation of emerging technologies, ambiguous enforcement mechanisms, and limited oversight and complaint systems, all of which reflect gaps in the legal protection of individual rights.
