<![CDATA[The development of information technology has truly changed many things in Indonesia. In fact, in many countries, the business and trade sectors are the most impacted by the development of information and telecommunications technology and the fastest growing. The concept of the right to privacy and personal data is actually a new concept along with the development of technology and information. In its development, personal data protection in Indonesia is regulated by Law Number 27 of 2022 concerning Personal Data Protection (PDP Law), which came into effect on October 17, 2024. However, despite the aforementioned regulations, there are still quite a lot of crimes and violations of personal data experienced by the public, both by individuals and by business entities. On the one hand, the theft of personal data, whether due to intentional or negligent actions by personal data managers, especially by e-commerce businesses such as Tokopedia, and official government legal entities such as BPJS, certainly requires concrete legal accountability. The research method used in this study is a normative juridical research method. The materials reviewed are primary, secondary, and tertiary legal materials. The research results show that Law Number 27 of 2022 still has several shortcomings, and these weaknesses still require attention. Issues such as the lack of independence of the supervisory institution, sanctions that are potentially less stringent than international standards, implementation issues, and suboptimal protection of vulnerable groups remain challenges. Furthermore, the issue of legal accountability by business actors or legal entities managing personal data that is biased and only benefits the government remains a major weakness of Law Number 27 of 2022. Therefore, further efforts are needed to refine regulations, strengthen institutions, and ensure effective law enforcement to achieve maximum personal data protection for all citizens]]>
