<![CDATA[The banking sector is structurally dependent on the continuous collection and processing of personal data, making data governance an inherent component of banking operations rather than a discretionary practice. This study examines personal data protection in the Indonesian banking sector by applying Helen Nissenbaum’s theory of Contextual Integrity as a normative analytical framework. Using a normative juridical approach and qualitative textual analysis, the research analyzes the privacy policies of four state-owned banks Bank Mandiri, BRI, BTN, and BNI to assess how norms governing information flows are articulated at the policy level. The analysis focuses on five core elements of Contextual Integrity: social context, actors and social relations, data attributes, transmission principles (purposes), and the integrity of contextual boundaries across data uses. The findings show that privacy policies in state-owned banks largely function as instruments of formal legal compliance rather than as normative statements clarifying the appropriateness of information flows within the banking context. While purposes of data processing are relatively explicit, multiple processing contexts such as core banking services, digital platforms, and marketing activities are often aggregated without clear normative boundaries. This weakens the articulation of trust-based norms and increases the risk of context collapse, particularly in relation to secondary uses of customer data.]]>
