<![CDATA[Digital transformation in the banking sector has led to the emergence of mobile banking services such as BRImo, owned by PT. Bank Rakyat Indonesia (Persero) Tbk., which offers customers easy financial transactions. However, behind this innovation, complex issues have arisen regarding compliance with the data minimization principle as stipulated in Law Number 27 of 2022 concerning Personal Data Protection (PDP Law) and the 2018 General Data Protection Regulation (GDPR). This research focuses on the compliance of the personal data processing consent mechanism in the BRImo application with the data minimization principle, as well as the legal consequences of non-compliance with this principle. The research was conducted using a normative juridical approach through a review of relevant laws, doctrines, and legal literature, as well as a sociological juridical approach. The results show that BRImo's non-compliance with the data minimization principle is reflected in the practice of bundled consent without granular options, minimal transparency regarding data purposes and retention, and limited user control to revoke or modify consent. This shifts data consent from a substantial function to a mere administrative formality, ultimately leading to potential criminal and administrative sanctions and reputational risks for service providers. Corrective measures require the implementation of granular consent, interactive privacy dashboards, strict data retention policies, the appointment of a Data Protection Officer (DPO), and internal education to ensure lawful, fair, and proportionate data processing.]]>
