Establishing A Personal Data Protection Agency for E-Commerce in Indonesia
Legal Framework and Implementation Challenges
DOI:
https://doi.org/10.21154/invest.v4i2.10031Keywords:
personal data protection, e-commerce, legal frameworkAbstract
The rapid growth of e-commerce in Indonesia has led to a significant increase in the collection and processing of personal data, raising concerns regarding data security and privacy rights. This study analyzes the urgency of establishing a Personal Data Protection Agency (LPDP) specifically for e-commerce users in Indonesia, considering the increasing risks to personal data in the digital marketplace. This research focuses on addressing the limitations of the current legal framework, particularly the gaps in the Indonesian Personal Data Protection Law (UU No. 27 of 2022), and proposes an independent body with clear authority to regulate, monitor, and enforce data protection standards. This study employs a qualitative approach using normative legal analysis to evaluate existing regulations and assess the evolving needs of the e-commerce sector. The findings suggest that the absence of detailed implementation regulations and lack of a specific regulatory body create significant legal uncertainties, exposing users to potential data breaches. Establishing the LPDP is expected to strengthen data protection measures, enhance consumer trust, and provide legal certainty in Indonesia's digital economy. The proposed structure of the LPDP includes directorates for policy and regulation, supervision and audits, law enforcement, and public education and awareness. The implementation of effective personal data protection policies requires a comprehensive and coordinated approach, with the LPDP having sufficient authority and resources to perform its duties. This study highlights the importance of establishing an independent regulatory body to ensure the protection of personal data and privacy rights in Indonesia's rapidly expanding e-commerce sector.
References
Abdurrohim, Muhammad, Indah Kumalasari, and Fathur Rosy. ‘The Paradox of Indonesia Cyberspace Policy and Cooperation: Neoclassical Realism Perspective’. Jurnal Hubungan Internasional 11, no. 2 (19 September 2022): 13–23. https://doi.org/10.18196/jhi.v11i2.14361.
Aji, Muhammad Prakoso. ‘Sistem Keamanan Siber Dan Kedaulatan Data Di Indonesia Dalam Perspektif Ekonomi Politik (Studi Kasus Perlindungan Data Pribadi) [Cyber Security System and Data Sovereignty in Indonesia in Political Economic Perspective]’. Jurnal Politica Dinamika Masalah Politik Dalam Negeri Dan Hubungan Internasional 13, no. 2 (4 January 2023): 222–38. https://doi.org/10.22212/jp.v13i2.3299.
Aldiyansyah, Muhamad Nur, Fatya Alty Amalia, and Gundur Leo. ‘Understanding the Effect of E-Commerce Security Towards Loyalty’: Bandung, Indonesia, 2021. https://doi.org/10.2991/aer.k.211106.093.
APJII. ‘Kasus Data Pribadi Yang Selalu Bocor’. Jakarta: Asosiasi Penyelenggara Jasa Internet Indonesia, 2021. chrome-extension://efaidnbmnnnibpcajpcglclefindmkaj/https://apjii.or.id/assets/media/buletin_apjii_edisi_94_-_september_2021_bulletin.pdf.
Aptika Kominfo. ‘Pusat Data Nasional – Ditjen Aptika’, 2024. https://aptika.kominfo.go.id/tag/pusat-data-nasional/.
Bennett, Colin J., and Charles D. Raab. The Governance of Privacy: Policy Instruments in Global Perspective. 1st ed. Routledge, 2017. https://doi.org/10.4324/9781315199269.
Chassang, Gauthier. ‘The Impact of the EU General Data Protection Regulation on Scientific Research’. Ecancermedicalscience 11 (3 January 2017). https://doi.org/10.3332/ecancer.2017.709.
CNBC. ‘Hackers Raid eBay in Historic Breach, Access 145M Records’, 2014. https://www.cnbc.com/2014/05/22/hackers-raid-ebay-in-historic-breach-access-145-mln-records.html.
CNN Indonesia. ‘Kronologi Lengkap 91 Juta Akun Tokopedia Bocor Dan Dijual’, 2020. https://www.cnnindonesia.com/teknologi/20200503153210-185-499553/kronologi-lengkap-91-juta-akun-tokopedia-bocor-dan-dijual.
Derindağ, Ömer Faruk. ‘Rise of Cross-Border E-Commerce: A Systematic Literature Review’. Journal of Applied And Theoretical Social Sciences 4, no. 3 (11 September 2022): 352–72. https://doi.org/10.37241/jatss.2022.71.
Dinev, Tamara, Heng Xu, Jeff H Smith, and Paul Hart. ‘Information Privacy and Correlates: An Empirical Attempt to Bridge and Distinguish Privacy-Related Concepts’. European Journal of Information Systems 22, no. 3 (May 2013): 295–316. https://doi.org/10.1057/ejis.2012.23.
Ensign Infosecurity. ‘Cyber Threat Landscape Report 2024’. Accessed 31 July 2024. https://www.ensigninfosecurity.com/resources/threat-insights/cyber-threat-landscape-report-2024?utm_source=google&utm_medium=cpc&utm_campaign=cti_report_2024&gad_source=1&gclid=Cj0KCQjwwae1BhC_ARIsAK4Jfrzrw_y4mvCoLNXpkwMqDmLX6KKDasvKBgUvIqjvpBv0IOcOl4oAslUaAuxTEALw_wcB.
Fung, Archon, Mary Graham, and David Weil. Full Disclosure: The Perils and Promise of Transparency. Inggris: Cambridge University Press, 2007.
Goddard, Michelle. ‘The EU General Data Protection Regulation (GDPR): European Regulation That Has a Global Impact’. International Journal of Market Research 59, no. 6 (November 2017): 703–5. https://doi.org/10.2501/IJMR-2017-050.
IBM Security. ‘Cost of a Data Breach 2024 | IBM’, 2020. https://www.ibm.com/reports/data-breach.
Javelin. ‘Identity Fraud Study | Javelin’, 2021. https://www.javelinstrategy.com/annual-identity-fraud-study.
P. Romansky, Radi, Irina S. Noninska, 1 Department of Informatics, Technical University of Sofia, Sofia 1000, Bulgaria, and 2 Department of Computer Systems, Technical University of Sofia, Sofia 1000, Bulgaria. ‘Challenges of the Digital Age for Privacy and Personal Data Protection’. Mathematical Biosciences and Engineering 17, no. 5 (2020): 5288–5303. https://doi.org/10.3934/mbe.2020286.
Privacy Rights. ‘Data Breach Chronology | Privacy Rights Clearinghouse’, 2020. https://privacyrights.org/data-breaches.
Rahayu, Rita, and John Day. ‘E-Commerce Adoption by SMEs in Developing Countries: Evidence from Indonesia’. Eurasian Business Review 7, no. 1 (April 2017): 25–41. https://doi.org/10.1007/s40821-016-0044-6.
Salim, Samuel Christian, and Jeane Neltje. ‘Analysis of Legal Protection Towards Personal Data in E-Commerce’: Jakarta, Indonesia, 2022. https://doi.org/10.2991/assehr.k.220404.101.
Shabani, Mahsa, and Pascal Borry. ‘Rules for Processing Genetic Data for Research Purposes in View of the New EU General Data Protection Regulation’. European Journal of Human Genetics 26, no. 2 (February 2018): 149–56. https://doi.org/10.1038/s41431-017-0045-7.
Thales Group. ‘Lack of Consumer Trust across Industries to Protect Their Personal Data, New Research from Thales Has Revealed | Thales Group’, 2021. https://www.thalesgroup.com/en/countries-europe/romania/press_release/lack-consumer-trust-across-industries-protect-their-personal.
Tikkinen-Piri, Christina, Anna Rohunen, and Jouni Markkula. ‘EU General Data Protection Regulation: Changes and Implications for Personal Data Collecting Companies’. Computer Law & Security Review 34, no. 1 (February 2018): 134–53. https://doi.org/10.1016/j.clsr.2017.05.015.
Ventures and Cybersecurity. ‘Cybersecurity Jobs Report’. Herjavec Group 1, 2017.
Westin, Alan F. ‘Social and Political Dimensions of Privacy’. Journal of Social Issues 59, no. 2 (July 2003): 431–53. https://doi.org/10.1111/1540-4560.00072.
You, Ilsun, Marek R. Ogiela, Isaac Woungang, and Kangbin Yim. ‘Innovative Security Technologies against Insider Threats and Data Leakage’. International Journal of Computer Mathematics 93, no. 2 (February 2016): 236–38. https://doi.org/10.1080/00207160.2015.1044784.
Zuboff and Shoshana. The Age of Surveillance Capitalism Social Theory Re-Wired. England: Routledge, 2023.
Downloads
Published
How to Cite
Issue
Section
License
Copyright (c) 2024 Bilqis Laila Nuzul Sa'adah, Sukarmi Sukarmi, Reka Dewantara
This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License.
An author who publishes in the Invest Journal of Sharia & Economic Law agrees to the following terms:
- Authors retain copyright and grant the journal the right of first publication with the work simultaneously licensed under Creative Commons Attribution-NonCommercial 4.0 International License that allows others to share the work with an acknowledgment of the work's authorship and initial publication in this journal.
- Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgment of its initial publication in this journal.
- Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work (See The Effect of Open Access).
Journal highlights 
Aims & Scope 
Author Guidelines 
APC Free 
Publications Ethics 
Citations 
Indexing 
Recruitment 
