Personal Data Protection in Digital Business Based on the Law on Personal Data Protection

Abstract

The development of information technology drives the growth of digital businesses in Indonesia, which directly increases the activities of collecting, processing, and storing consumer personal data. However, on the other hand, the rampant misuse and leakage of personal data pose a serious threat to the privacy rights of the public. The Indonesian government enacted Law Number 27 of 2022 on Personal Data Protection (PDP Law) as a legal framework governing personal data management, particularly within the digital business ecosystem to address this issue. This research uses a normative juridical method with a legislative and conceptual approach to analyze the regulation of personal data protection based on the PDP Law and the responsibilities of digital business actors in ensuring consumer rights. The research results show that the PDP Law has provided a sufficiently comprehensive legal framework for collecting, processing, storing, and deleting personal data. In addition, business operators must ensure data security, obtain consumer consent, and respect the rights to access and control personal data by data subjects. However, challenges still exist in implementing the PDP Law, particularly regarding the readiness of digital infrastructure, compliance by business actors, and law enforcement. Therefore, more optimal efforts are needed from both the government and business actors to realize adequate personal data protection and provide a sense of security to consumers in the digital business era. This research provides strategic recommendations in the form of enhanced education and training for business actors, strengthening the role of the Personal Data Protection Authority, and the development of cutting-edge data security technology as important steps in optimizing personal data protection in the digital business era.