<![CDATA[The personal data leak experienced by Tokopedia in 2020 was one of the biggest incidents in the history of data protection in Indonesia. This incident, which involved more than 91 million user accounts, raised concerns about weak cybersecurity and the lack of law enforcement related to personal data protection. This study aims to analyze the legal responsibility of companies for the leakage of consumer personal data based on applicable laws and regulations, including the Personal Data Protection Law (PDP Law), the Electronic Information and Transaction Law (ITE Law), and their derivative regulations. The research method used is normative legal research through the study of laws and regulations, literature, and case documents. The results of the study show that as an Electronic System Operator (PSE), Tokopedia has an obligation to ensure the security of personal data and is responsible for any violations that occur. Affected users have several legal remedies, including administrative complaints to the Ministry of Communication and Information Technology, civil lawsuits based on unlawful acts, class actions, and criminal reports. This study emphasizes the importance of enforcing the principles of accountability and consumer protection in personal data management to prevent similar incidents from recurring in the future.]]>
Copyrights © 2025
