<![CDATA[The rapid advancement of information technology has intensified the risks of personal data breaches and violations of privacy rights. Although Law Number 27 of 2022 on Personal Data Protection (PDP Law) has established a comprehensive legal framework for personal data protection in Indonesia, its effective implementation remains constrained by the absence of the Personal Data Protection Supervisory Authority (PDP Authority). This institutional absence creates a structural authority vacuum that weakens preventive measures, law enforcement mechanisms, and alternative dispute resolution in personal data protection. Through normative legal analysis using Hans Kelsen’s Stufenbau Theory, Nonet and Selznick’s Responsive Law Theory, and Satjipto Rahardjo’s Progressive Law, this study argues that the establishment of the PDP Authority is a crucial institutional bridge between abstract legal norms and their concrete implementation. A comparative overview of personal data protection authorities in Thailand, Singapore, and Malaysia is employed as a supporting argument to demonstrate how preventive functions can be effectively exercised when a dedicated authority is operational. This study concludes that the urgency lies not in the lack of normative regulation, but in the absence of an effective institutional mechanism to enforce preventive data protection measures. Therefore, the establishment of an independent PDP Authority is essential to ensure legal effectiveness, prevent data breaches, and strengthen public trust in personal data protection governance.]]>
Copyrights © 2025
