<![CDATA[The development of digital financial services has encouraged the massive growth of electronic wallet users in Indonesia, but at the same time opens up serious vulnerabilities in the form of leakage of users' personal data. This study examines the civil liability of business entities operating electronic wallets for the leakage of users' personal data based on Law Number 27 of 2022 concerning Personal Data Protection (PDP Law) and its enforcement mechanisms. The research uses normative juridical methods with a statutory approach and a conceptual approach. The results of the study show that electronic wallet operators as data controllers can be held to civil liability based on fault (Article 1365 of the Civil Code jo. Article 50 of the PDP Law) as well as strict liability in the context of fundamental information asymmetry between operators and users. The PDP Law requires the implementation of adequate technical and organizational safety standards; Failure to comply with them is the basis for a valid civil lawsuit. The conclusion of the study emphasizes that the gap between das sollen and das sein in personal data protection requires the strengthening of derivative regulations, reverse proof mechanisms, and independent supervisory institutions that are immediately operational]]>
Copyrights © 2026
