<![CDATA[The rapid advancement of digital technology has heightened concerns regarding personal data protection, particularly in Indonesia, where regulatory frameworks are still evolving. The ransomware attack on Indonesia’s National Data Center (Pusat Data Nasional/PDN) on June 20, 2024, which led to the leakage of citizens’ personal data and disrupted public services, has sparked widespread public criticism and demands for stronger data protection measures. This incident highlights Indonesia’s weak national cybersecurity system and raises critical questions regarding the state’s responsibility for safeguarding personal data under both domestic and international law. The findings reveal that while Indonesia has enacted Law No. 27 of 2022 on Personal Data Protection, its enforcement remains weak, leaving citizens vulnerable to cyber threats. From an international law perspective, Indonesia is obligated to protect personal data under frameworks such as the International Covenant on Civil and Political Rights (ICCPR) and the Responsibility of States for Internationally Wrongful Acts (RSIWA 2001). However, gaps in implementation, lack of institutional coordination, and inadequate cybersecurity infrastructure continue to hinder effective protection. The novelty of this research lies in its dual legal analysis, bridging domestic and international legal responsibilities while examining the broader implications of state accountability in cybersecurity governance. This study contributes to legal discourse by proposing reinforced legal frameworks, improved institutional coordination, enhanced international cooperation, and the adoption of sophisticated cybersecurity technologies. Strengthening legal, social, and cultural structures is essential to prevent future data breaches and ensure comprehensive protection of Indonesian citizens’ personal data.]]>
Copyrights © 2024
