<![CDATA[The cases of data breaches in Indonesia have been increasing over the past few years, raising serious concerns regarding the protection of users' personal data in electronic systems. This research aims to analyze the legal responsibilities of electronic system organizers (PSE) in data breach cases from the perspective of Indonesian law. The analysis focuses on the applicable regulatory framework, forms of responsibility, and the effectiveness of its implementation. This study employs a normative juridical method with a legislative approach and case studies. Primary data is obtained through an analysis of the ITE Law, Government Regulation 71/2019, and regulations related to data protection, while secondary data is collected from significant case studies of data breaches that have occurred in Indonesia. The research findings indicate that the legal responsibilities of PSE in data breaches encompass civil, administrative, and criminal aspects. Although the PDP Law has been enacted, Indonesian regulations remain less comprehensive, particularly concerning mandatory security standards and breach notification mechanisms. Law enforcement faces challenges such as proof difficulties, the complexity of foreign PSE jurisdiction, and limited sanctions. Compared to the EU's GDPR, Indonesian regulations are not as strict and progressive in proactive obligations and strong penalties. The study recommends strengthening regulations with a strict liability principle, establishing minimum security standards, clear notification mechanisms, and refining proportional administrative and criminal sanctions.]]>
