<![CDATA[The rapid growth of digital business in Indonesia has positioned online marketplaces as key actors in collecting and processing consumers’ personal data. Major data breaches, such as the 2020 Tokopedia incident, have exposed cybersecurity vulnerabilities and highlighted weak legal protections for users. This study aims to analyze the legal responsibility of marketplaces in addressing the misuse of consumer data based on Law No. 11 of 2008 on Electronic Information and Transactions (EIT Law) and Law No. 27 of 2022 on Personal Data Protection (PDP Law). The research employs a normative juridical method with a descriptive qualitative approach by examining relevant legislation, legal literature, and case studies of data breaches involving major Indonesian marketplaces. The results indicate that marketplaces have a legal obligation as data controllers to ensure the security, integrity, and confidentiality of users’ personal data. However, the implementation of accountability principles and liability mechanisms remains weak, both technically and administratively. This study emphasizes the need to strengthen the enforcement of the PDP Law through stricter supervision, greater transparency, and enhanced collaboration among regulators, businesses, and educational institutions. Consequently, a secure, ethical, and legally just digital business ecosystem can be achieved in Indonesia.]]>
Copyrights © 2025
