The rapid development of digital technology has triggered an increase in cybercrime, including doxing, which is the unauthorized disclosure and dissemination of personal data through digital media. In Indonesia, doxing cases have increased significantly in the last five years and target activists, journalists, academics, and individuals who are active in the digital public space. Despite causing serious psychological and social impacts, legal protection for victims is still inadequate because there is no regulation that explicitly regulates doxing in the Information and Electronic Transactions Law (ITE Law) and the Personal Data Protection Law (PDP Law), so that law enforcement practices are weak and inconsistent. This research uses an empirical juridical method with legislative, case, and conceptual approaches, as well as qualitative analysis of legal materials and case reports for 2020–2025. The results of the study show that the effectiveness of law enforcement against doxing is hampered by factors of legal substance, law enforcement officials, facilities and infrastructure, public awareness, and legal culture as stated in Soerjono Soekanto's Theory of Legal Effectiveness. From the perspective of M. Yahya Harahap's Legal Certainty Theory, the norms in the ITE Law still contain ambiguity, while the PDP Law is relatively more progressive but not optimal in its implementation. Therefore, comprehensive regulatory reforms, strengthening digital forensic capacity, institutional coordination, and improving public legal literacy are needed to ensure legal certainty and protection of privacy rights in the ever-evolving digital era. Keywords: Criminal, Crime, Personal data protection.