<![CDATA[This study analyzes the legal gaps in personal data protection and the responsibilities of e-commerce business actors in Indonesia, focusing on Law Number 27 of 2022 concerning Personal Data Protection, especially Articles 55–56 concerning cross-border data transfers, as well as Law Number 8 of 1999 concerning Consumer Protection and Government Regulation Number 80 of 2019 concerning Commerce Through Electronic Systems. Using a normative legal approach supported by literature studies and comparative analysis, this study identifies regulatory weaknesses, such as the absence of explicit consent requirements in cross-border data transfers and the continued use of exoneration clauses that are detrimental to consumers. Comparisons with the Malaysian Personal Data Protection Act and the European General Data Protection Regulation show that Indonesia lags behind in aspects of compliance, supervision, and consumer protection. The results of the study show that unclear regulations and weak law enforcement mechanisms increase the risk of misuse of personal data and hinder the growth of the digital economy. Here, legal reform is needed in the form of explicit consent obligations, elimination of clauses that are detrimental to consumers, and strengthening the supervisory role of Ministry of Communication and Information and Business Competition Supervisory Commission, as well as the establishment of alternative dispute resolution mechanisms.]]>
Copyrights © 2025
