<![CDATA[The rapid development of digital technologies, such as artificial intelligence and biometric surveillance systems, has triggered a dilemma between protecting individual privacy and demanding data security in the digital space. This study aims to analyze the normative-philosophical conflict between privacy rights and public security, and to evaluate the effectiveness of the General Data Protection Regulation (GDPR) and Law No. 27 of 2022 concerning Personal Data Protection (PDP Law) in addressing these dynamics. The research method employed is a normative law approach, incorporating statutory and comparative perspectives. Secondary data in the form of academic literature and legal documents from 2023–2025 were analyzed descriptively and qualitatively through a systematic literature review. The results show that the effectiveness of the PDP Law in Indonesia remains partial due to structural barriers, such as low digital literacy (only 45% of students understand the implications of the PDP Law), unprepared technical infrastructure (60% of local applications are not encrypted), and weak independence of supervisory institutions. There is a significant tension between the implementation of the PDP Law and press freedom, as well as the lack of transparency in state surveillance practices. Comparisons with the GDPR and Singapore's PDPA highlight the need for a global, revenue-based, and progressive sanction mechanism to enhance platform compliance. Without reinterpreting privacy as a non-negotiable fundamental right and strengthening institutional capacity, data protection regulations risk becoming merely symbolic legal instruments. This study recommends the establishment of an independent data protection authority, synchronization of cross-sectoral regulations, and integration of a national digital ethics curriculum.]]>
