<![CDATA[This research aims to analyse criminal sanctions due to negligence of personal data controllers that cause data leaks based on Law No. 27 of 2022 on Personal Data Protection (PDP Law). The increasing incidents of personal data leakage in Indonesia indicate weak legal protection related to personal data control. Meanwhile, the PDP Law does not explicitly regulate culpa, resulting in legal uncertainty and potential impunity for perpetrators. This research is important because there is a legal vacuum related to the liability of negligent data controllers and the weak deterrent effect of administrative sanctions that have been applied so far. This research uses a normative juridical method with a statutory approach, examining existing legal norms related to personal data protection, especially the PDP Law. The results show that the PDP Law has not expressly regulated the negligence of data controllers, resulting in a legal vacuum and weakening the enforcement of personal data protection. Therefore, this research offers a new norm formulation that explicitly regulates criminal sanctions for data controller negligence and criminal liability for negligent data controllers. Thus, the a need for reformulation of criminal norms against negligence to increase legal certainty and protect the rights of personal data owners in Indonesia.]]>
Copyrights © 2025
