<![CDATA[This study examines the Indonesian government's legal responsibilities in protecting citizens' personal data, focusing on constitutional, administrative, and criminal aspects. Using normative legal research methods, the analysis incorporates provisions from the 1945 Constitution, the Personal Data Protection Law (UU PDP), and related regulations to evaluate the state's obligations in preventing and addressing data breaches. The findings reveal that personal data protection is a constitutional right under Article 28G(1) of the 1945 Constitution, reinforced by the UU PDP. As data controllers, government institutions bear layered responsibilities including preventive measures, administrative compliance, victim compensation, and constitutional accountability. However, criminal liability only applies to individual officials rather than government institutions as legal entities. Despite existing safeguards, regulatory gaps remain particularly concerning administrative sanctions, compensation mechanisms, and the establishment of an independent oversight body as mandated by the UU PDP. To strengthen data protection, this study recommends: (1) refining implementing regulations; (2) enhancing oversight mechanisms; (3) improving government officials' capacity; (4) increasing public awareness; and (5) fostering international cooperation to address cross-border data violations. These measures are crucial for ensuring effective personal data protection and safeguarding citizens' constitutional rights in the digital age.]]>
