Comparative Analysis of Indonesia's Personal Data Protection Law with the European Union and California Regulations to Identify Best Practices in Protecting Public Privacy Rights
Keywords:
Personal Data Protection, Europe, California, RegulationAbstract
Personal data protection has become a critical issue in the digital era, as data breaches increase in Indonesia. Law No. 27 of 2022 concerning Personal Data Protection (PDP Law) is a newly enacted regulation aimed at safeguarding individuals' privacy rights. However, the implementation of the PDP Law still faces various challenges, especially in terms of law enforcement and oversight of electronic system providers. This research aims to analyze the substantial differences between Indonesia’s PDP Law, the European Union’s General Data Protection Regulation (GDPR), and the United States’ California Consumer Privacy Act (CCPA), as well as to identify best practices that can be adopted to strengthen personal data protection in Indonesia. This study employs a normative legal research method with a statutory and comparative approach. An analysis of GDPR and CCPA, both recognized as global standards for data protection, is conducted to provide recommendations for enhancing Indonesia’s regulations. The results indicate that while the PDP Law is a positive step, there are still weaknesses in terms of transparency, accountability, law enforcement, and the granting of data subject rights. Indonesia can adopt practices from the GDPR, such as data protection impact assessments and stricter sanctions, as well as from the CCPA in giving consumers greater control over their data. This study recommends improving law enforcement mechanisms, transparency in data management, and public education on the importance of personal data protection. By referring to effective international regulations, Indonesia can enhance the effectiveness of its PDP Law and strengthen the protection of privacy rights in the increasingly complex digital era.
References
Alamsyah, B. (2020). Personal data protection in the digital era. Jakarta: Gramedia Pustaka Utama.
Andini, W. (2021). Comparison of GDPR and CCPA from the perspective of personal data protection. Journal of Law and Justice, 7(2), 120–135.
California Consumer Privacy Act (CCPA) of 2018. (2018). Retrieved from https://oag.ca.gov/privacy/ccpa
Darmawan, R. (2019). Law and information technology: Personal data protection regulations. Yogyakarta: UGM Press.
Fadli, Z. (2023). Effectiveness of personal data protection policies in Indonesia after Law No. 27 of 2022. Journal of Legal Studies, 5(3), 90–105.
Friedman, G. (2018). Privacy, data protection, and the law: A global perspective. Cambridge University Press.
Friedman, L. M. (2018). The legal system: A social science perspective. Russell Sage Foundation.
General Data Protection Regulation (GDPR) 2016/679. (2018). European Commission. Retrieved from https://eur-lex.europa.eu
General Data Protection Regulation (GDPR), Article 35: Data Protection Impact Assessment (DPIA). (2018). Retrieved from https://gdpr-info.eu/art-35-gdpr/
Hakim, S. (2021). Data privacy and security: Challenges of the digital era. Bandung: Alfabeta.
Handayani, A. (2023). Challenges of personal data protection in Indonesia post-major data breach. Research Report, Center for Technology and Law Research.
Handayani, N. (2023). BPJS Kesehatan and General Election Commission data leaks: Challenges in personal data protection in Indonesia. Journal of Cyber Security, 15(2), 45-60.
Hartono, D. (2020). Analysis of personal data protection policies in Indonesia based on global practices. Journal of Technology Law, 4(1), 45–59.
Hatta, M. (2020). Personal data protection in the digital era: International and national legal perspectives. Jakarta: Universitas Indonesia Publisher.
Indrawati, S. (2022). Data protection law enforcement mechanisms in Indonesia: Lessons from GDPR. Journal of Law and Policy, 6(1), 72–85.
Iskandar, B. (2021). Case study of BPJS Kesehatan and KPU data leaks. Indonesian Data Security Journal, 7(4), 198-211.
Kuner, C. (2020). The General Data Protection Regulation: A commentary. Oxford University Press.
Law No. 27 of 2022 concerning Personal Data Protection.
Lestari, P. (2023). The role of government in ensuring personal data security in Indonesia. Journal of Public Administration, 13(2), 210-225.
Lestari, R. (2023). Coordination between government and private sector in implementing the Personal Data Protection Law. Journal of Law and Technology, 19(1), 34-49.
Marzuki, P. M. (2017). Legal research. Jakarta: Kencana.
Mulyono, A. (2022). Cyber law and privacy policy in Indonesia. Surabaya: Airlangga University Press.
Nugroho, E. (2021). Personal data protection policy in the context of the digital economy in Indonesia. Journal of Digital Economy, 8(2), 155–170.
Prabowo, D. (2022). The impact of data leaks on public trust in digital services. Journal of Technology and Privacy, 10(4), 85-99.
Prabowo, D. (2022). Data leaks and their impact on public trust. Indonesian Cyber Security Journal, 5(1), 45-56.
Prasetyo, B. (2019). Legal aspects of personal data protection in electronic information systems. Jakarta: Kencana.
Soekanto, S. (2019). Introduction to legal research. Jakarta: Rajawali Press.
Suryanto, D. (2023). Protection of privacy and personal data in the digital era: A critical review of Law No. 27 of 2022. Journal of Law and Information Technology, 9(2), 101–120.
Sutrisno, B. (2022). Data leakage analysis on e-commerce platforms: The cases of Tokopedia and Bukalapak. Journal of Data Protection and Technology, 7(3), 77-91.
Sutrisno, R. (2022). Personal data security and its protection in the digital era. Journal of Technology Law, 10(2), 123-138.
Downloads
Published
How to Cite
Issue
Section
License
Copyright (c) 2024 Muhammad Maleno, Andriana Kusumawati
This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.
