<![CDATA[The rapid development of insurtech as a digital innovation in the insurance sector has increased efficiency while simultaneously raising the risk of personal data breaches involving policyholders. This study aims to examine the legal certainty and civil liability of insurtech providers in cases of personal data breaches under Law Number 27 of 2022 on Personal Data Protection (UU PDP) and POJK No. 36 of 2024. The research applies a normative legal method using a statute approach, supported by primary legal materials in the form of legislation and secondary materials from scholarly literature. The findings indicate that insurtech providers, as personal data controllers, bear comprehensive responsibilities, including mandatory breach notification within 72 hours, implementation of mitigation and recovery measures, and compensation for material and immaterial losses. While POJK No. 36/2024 emphasizes preventive mechanisms through risk management and governance, the UU PDP provides a more comprehensive framework by incorporating administrative and criminal sanctions. However, gaps remain regarding effective remedial mechanisms and regulatory coordination. Strengthening these aspects is essential to ensure legal certainty, enhance accountability, and protect consumer rights in the digital insurance ecosystem.]]>
Copyrights © 2026
