Article Per Year (5 Year)
p-Index From 2021 - 2026
0.23
P-Index
This Author published in this journals
All Journal Journal of Law Justice
La Sirajuddin
Unknown Affiliation
Law, Crime, Criminology & Criminal Justice Social Sciences Other

Published : 1 Documents Claim Missing Document
Claim Missing Document
Check
Articles

Found 1 Documents
Search

 1 
Analysis of Legal Protection for Tokopedia Consumer Data in Data Leakage Cases in Indonesia La Sirajuddin; Dwi Pratiwi Markus
Journal of Law Justice (JLJ) Vol 4 No 1 (2026): Journal of Law Justice (Inpress)
Publisher : Fakultas Hukum Universitas Muhammadiyah Sorong

Show Abstract | Download Original | Original Source | Check in Google Scholar | DOI: 10.33506/jlj.v4i1.5199

Abstract

The aim of this study is to examine the strength of legal protection for Tokopedia customers' personal data following the leak of 91 million accounts in May 2020, as well as to explain Tokopedia's obligations and responsibilities as a data controller under PDP Law 27/2022, UUPK 8/1999, ITE Law 11/2008, PP 71/2019, and the breach of contract provisions of Article 1234 of the Civil Code. This study uses a normative legal approach, which involves examining written regulations through laws, scientific journals, and official reports from the Ministry of Communication and Information Technology, then analyzing them conceptually and comparing them to assess legal certainty, fairness, and benefits for the community. The novelty of this research lies in combining classical civil law (breach of contract in the Civil Code) with new regulations in the PDP Law to assess Tokopedia's responsibility as a private PSE in the case of the leak of 91 million accounts, something that is still rarely discussed comprehensively in Indonesian literature. The results of the study show that the rules on personal data protection are actually quite strong on paper, but their implementation is still weak because Tokopedia has not maximized its assessment of data protection, encryption, and incident reporting; the public's level of understanding of their personal data rights is still low; and the government's response has only been in the form of warnings, so there is still the possibility of administrative sanctions, fines, or criminal penalties being imposed based on the PDP Law and the ITE Law. The conclusion of the study emphasizes the need to strengthen personal data protection through mandatory information security standards such as ISO 27001, the application of the principle of privacy by design from the outset of system design, the provision of features (dashboards) for rapid data deletion, increased public education, and better coordination between Kominfo, OJK, and the PDP Council so that e-commerce transactions in Indonesia are safer for hundreds of millions of users.
Co-Authors Dwi Pratiwi Markus, Dwi