<![CDATA[Introduction to The Problem: This study focuses on a new form of cybercrime due to advancing technology: AI-based phishing crimes. These crimes involve using artificial intelligence to misuse personal data on digital platforms or applications. Such illicit activities have significant implications and require attention. One significant threat in this context is the rise in AI-based phishing crimes, where attackers use sophisticated AI algorithms to deceive individuals and gain access to their data and information. Establishing solid and comprehensive personal data protection laws is critical to combating AI-based phishing crimes and protecting individuals across national borders. Purpose/Study Objectives: The study's object is cross-border AI-based phishing crimes, a new form of cybercrime due to technological advances. This study aims to analyze the concept of personal data protection in Law Number 27 of 2022 from the perspective of substantive justice and the prevention of AI-based phishing crimes. Design/Methodology/Approach: The author has conducted normative legal research or literature review with a meticulous approach to the principles of criminal law, a comprehensive comparative study of cybercrime law, and an in-depth exploration of the legal history of personal data protection law. Technical analysis, in the form of content analysis, is a series of methods that rigorously analyze the content of all forms of communication, categorizing them into matters related to AI-based cyber phishing, personal data protection regulations, information regulations, and technology. Findings: Law Number 27 of 2022 on Personal Data Protection can prevent phishing crimes through AI by implementing PDP principles adopted from international PDP principles. This can be done by referring to the OECD Guidelines Governing Privacy Protection and Cross-Border Flow of Personal Data and the data protection regulations in Indonesia. Paper Type: Research Article]]>
