<![CDATA[The development of information technology and the digitalization of banking services has increased the utilization of customers' personal data in various financial transactions. On the other hand, this situation also poses risks of misuse of access and leakage of personal data. Therefore, clear legal regulation that provides legal certainty is crucial to ensure the protection of personal data in the banking sector. This study aims to analyze the legal regulation of personal data protection in the banking sector from the perspective of legal certainty and to examine the forms of legal protection provided to customers regarding access to personal data information in Indonesia. This research employs a normative legal research method with a statute approach and a conceptual approach. The legal materials used include legislation, specifically Law Number 10 of 1998 concerning Banking, Law Number 27 of 2022 concerning Personal Data Protection, as well as various financial sector regulations issued by the Financial Services Authority and Bank Indonesia. The analysis is conducted using the theory of legal certainty and the principle of conflict resolution of norms, namely lex specialis derogat legi generali and lex posterior derogat legi priori. The results of the study indicate that the regulation of personal data protection in the banking sector essentially has a sufficient legal foundation through provisions on bank secrecy in the Banking Law and general personal data protection regulations in the Personal Data Protection Law. However, there is a potential overlap of norms between these two legal regimes, particularly regarding state access to data and the obligations of data controllers. Furthermore, the fragmentation of supervisory authority among the Financial Services Authority, Bank Indonesia, and law enforcement agencies may lead to inconsistencies in the procedures for access and protection of customer data. Legal protection for customers can be provided through preventive mechanisms, such as banks’ obligations to maintain data confidentiality and implement electronic system security, as well as repressive mechanisms through complaints, dispute resolution, administrative sanctions, and criminal sanctions based on the applicable legislation. Based on indicators of legal certainty, the existing regulations have provided a normative basis for the protection of customers’ personal data, but regulatory harmonization and strengthening of supervisory mechanisms are still required to ensure effective legal protection of personal data in the digital banking era.]]>
