<![CDATA[The advancement of information and communication technology has encouraged the rapid growth of the e-commerce sector in Indonesia, enabling efficient buying and selling transactions without space and time restrictions. However, behind the convenience, there is a serious problem related to the protection of consumer personal data. Sensitive data such as name, address, phone number, account information, to shopping preferences are collected by business actors and at risk of being misused, either through leaks, identity forgery, or digital fraud. This research aims to examine the legal regulations regarding the protection of consumer personal data in e-commerce transactions in Indonesia and analyze the effectiveness of the implementation of applicable regulations, especially Law Number 11 of 2008 concerning Information and Electronic Transactions (UU ITE) and Law Number 27 of 2022 concerning Personal Data Protection (UU PDP). The research results show that although national regulations have adopted the principles of personal data protection quite comprehensively, such as the principle of transparency, restriction of purpose, and accountability, the implementation is still not optimal. Hindering factors include weak law enforcement, lack of supervision by related authorities, and low consumer awareness of their rights.Concrete steps are needed to strengthen the effectiveness of regulation, including the establishment of an independent supervisory agency in accordance with the mandate of the PDP Law, increasing the compliance of business actors to data protection standards, as well as the provision of a complaint mechanism that is easily accessible to the public. Thus, legal protection of consumer personal data is not only a written norm, but can be materialized substantively in creating a safe, fair, and reliable e-commerce ecosystem.]]>
