<![CDATA[The interaction between personal data protection and criminal law enforcement created a normative tension within the Indonesian legal system. The enactment of Law Number 27 of 2022 on Personal Data Protection strengthened constitutional guarantees of privacy, while criminal procedural regulations continued to prioritize public interest and effective investigation. PT PLN (Persero), as a state-owned enterprise managing extensive customer data, occupied a legally sensitive position when responding to requests from law enforcement agencies. This research employed a normative juridical approach to examine statutory provisions governing data disclosure and institutional responsibility. The findings indicated that personal data protection was not absolute and could be limited for legitimate investigative purposes based on statutory authority. However, the absence of detailed implementing regulations created interpretative ambiguity and potential institutional vulnerability. Legal certainty could be strengthened through formal written authorization, proportional disclosure standards, and clearer regulatory safeguards ensuring accountability in the disclosure process.]]>
Copyrights © 2026
