<![CDATA[The integration of the Taxpayer Identification Number (NPWP) with the National Identity Number (NIK) has heightened the sensitivity of taxpayer data, obliging the Directorate General of Taxes (DJP) as data controller to comply with Indonesia’s Law No. 27 of 2022 on Personal Data Protection (PDP Law). However, the September 2024 breach of 6.6 million NPWP records raises legal accountability concerns. This study examines (1) the legal framework for NPWP data protection under the PDP Law and (2) DJP’s liability for the breach. Employing a normative juridical method with statutory and conceptual approaches, primary and secondary legal sources were analyzed qualitatively. Findings confirm that NPWP constitutes specific personal data, and DJP violated its accountability obligation under Article 47. Such violation warrants administrative sanctions per Article 57, yet no enforcement has occurred. The study concludes that DJP bears juridical responsibility and must be sanctioned to uphold the rule of law and protect citizens’ constitutional right to privacy]]>
Copyrights © 2026
