The Implementation of Personal Data Protection Policy within Indonesia’s Digital Legal System
DOI:
https://doi.org/10.51903/2r46zv36Keywords:
Personal Data Protection , Digital Legal System, Pdp Law, Digital Governance, Digital LiteracyAbstract
Digitalisation developments in Indonesia are unfolding at a rapid pace, shifting the paradigm of personal data collection and utilisation. However, the significant increase in use has not been matched by an equally rapid development of adequate legal protection frameworks. This study aims to analyse the implementation of the personal data protection policy as outlined in Law Number 27 of 2022 (PDP Law), within the context of Indonesia's digital legal system. Qualitative-descriptive research with a case study method was employed, whereby in-depth interviews, semi-structured questionnaires, and document analysis were used to collect data on 20 participants from the government, the digital industry, and civil society. As the study reveals, significant challenges to the implementation of the PDP Law include low levels of public digital literacy (62%), limited institutional capacity, and resistance from the digital industry. Enabling factors include cross-sectoral collaboration and pressures from global markets. The study contributes theoretically through applications of a multi-actor Digital Governance framework. In contrast, the study's practical contribution appears to be the strategic recommendations to strengthen regulation, institutional capacity, and public literacy. Among the implications is the need to synergise the state, private sector, and civil society to stimulate the establishment of a fair, adaptive, and competitive data protection ecosystem.
References
Aguilar, J. J. D. (2024). Beyond compliance: Analysis of data privacy implementation. Journal of Management, Economics, and Industrial Organization, 8(1), 78–93. https://doi.org/10.31039/jomeino.2024.8.1.4
Amber Wutich et al. (2024). Sample Sizes for 10 Types of Qualitative Data Analysis: An Integrative Review, Empirical Guidance, and Next Steps. International Journal of Qualitative Methods, 23, 1–14. https://doi.org/10.1177/16094069241296206
Batool, A., Zowghi, D., & Bano, M. (2025). AI Governance: A Systematic Literature Review. AI and Ethics, 5(3), 3265–3279. https://doi.org/10.1007/s43681-024-00653-w
Bisogno, M., Cuadrado-Ballesteros, B., & Abate, F. (2024). The Role of institutIonal and Operational Factors in the Digitalization of Large Local Governments: Insights From Italy. International Journal of Public Sector Management, 38(2), 238–258. https://doi.org/10.1108/ijpsm-10-2023-0291
Byrne, D. (2022). A worked Example of Braun and Clarke’s Approach to Reflexive Thematic Analysis. Quality and Quantity, 56(3), 1391–1412. https://doi.org/10.1007/s11135-021-01182-y
Coche, E., Kolk, A., & Ocelík, V. (2024). Unravelling Cross-Country Regulatory Intricacies of Data Governance: the Relevance of Legal Insights for Digitalization and International Business. Journal of International Business Policy, 7(1), 112–127. https://doi.org/10.1057/s42214-023-00172-1
Dagdag, J. (2025). Institutional Policy Barriers to Scopus Research Publication. April. https://doi.org/10.13140/RG.2.2.17156.85120/2
Degli Esposti, S., Ball, K., & Dibb, S. (2021). What’s In It For Us? Benevolence, National Security, and Digital Surveillance. Public Administration Review, 81(5), 862–873. https://doi.org/10.1111/puar.13362
Dove et al. (2024). Building Capacity to Govern Emerging Climate Intervention Technologies. Elementa, 12(1), 1–22. https://doi.org/10.1525/elementa.2023.00124
Dunja Duic et al. (2023). Data Protection and Cybersecurity : Case-Law of Two European Courts. Law in the Age of Modern Technologies, 7, 94–118. https://doi.org/10.25234/eclic/28259
Fu, D., & Chen, T. (2025). Evolutionary Patterns and Mechanism Optimization of Public Participation in Community Regeneration Planning : A Case Study of Guangzhou. Land, 14(7), 1–25. https://doi.org/10.3390/land14071394
Futri, I., & Naruetharadhol, P. (2025). Open innovation’s effects on Indonesia’s digital health market and related societal issues. Cogent Arts and Humanities, 12(1), 2457819. https://doi.org/10.1080/23311983.2025.2457819
Giner-Sorolla, R., Montoya, A. K., Reifman, A., Carpenter, T., Lewis, N. A., Aberson, C. L., Bostyn, D. H., Conrique, B. G., Ng, B. W., Schoemann, A. M., & Soderberg, C. (2024). Power to Detect What? Considerations for Planning and Evaluating Sample Size. Personality and Social Psychology Review, 28(3), 276–301. https://doi.org/10.1177/10888683241228328
Guillen-Gamez et al. (2024). Digital Security in Educational Contexts: Digital Competence and Challenges for Good Practice. Computers in the Schools, 41(3), 257–262. https://doi.org/10.1080/07380569.2024.2390319
Judijanto, L., Solapari, N., & Putra, I. (2024). An Analysis of the Gap Between Data Protection Regulations and Privacy Rights Implementation in Indonesia. The Easta Journal Law and Human Rights, 3(01), 20–29. https://doi.org/10.58812/eslhr.v3i01.351
Karinda et al. (2024). Potential and Challenges of Digital Governance at the Local Level in Central Sulawesi, Indonesia. Journal of Contemporary Governance and Public Policy, 5(2), 135–152. https://doi.org/10.46507/jcgpp.v5i2.246
Kharisma, D., Susanti, E., Aprili, R., Info, A., Transactions, D., & Protection, C. (2024). Evaluasi Kebijakan Perlindungan Konsumen dalam Transaksi Digital di Indonesia: Studi Kebijakan dan Analisis SWOT. Perkara: Jurnal Ilmu Hukum Dan Politik, 2(4), 565–578. https://doi.org/10.51903/perkara.v2i4.2228
Koesten et al. (2021). Talking datasets – Understanding data sensemaking behaviours. International Journal of Human Computer Studies, 146, 102562. https://doi.org/10.1016/j.ijhcs.2020.102562
Kriswandaru, A. S., Pratiwi, B., & Suwardi, S. (2024). Efektivitas Kebijakan Perlindungan Data Pribadi di Indonesia: Analisis Hukum Perdata dengan Pendekatan Studi Kasus. Hakim: Jurnal Ilmu Hukum Dan Sosial, 2(4), 740–756. https://doi.org/10.51903/hakim.v2i4.2157
Kriswandaru et al. (2025). Analisis Yuridis terhadap Penggunaan Teknologi Blockchain dalam Pengamanan Data Pribadi: Studi Kasus di Indonesia. Perkara : Jurnal Ilmu Hukum Dan Politik, 2(4), 531–540. https://doi.org/10.51903/perkara.v2i4.2225
Lim, S., & Oh, J. (2025). Navigating Privacy: A Global Comparative Analysis of Data Protection Laws. IET Information Security, 2025(1). https://doi.org/10.1049/ise2/5536763
Manny, L., Duygan, M., Fischer, M., & Rieckermann, J. (2021). Digital Governance: A Conceptual Framework and Research Agenda. Policy Sciences, 54(4), 943–983. https://doi.org/10.1007/s11077-021-09438-y
Mansell, R. (2023). Digital Technology Innovation: Mythical Claims about Regulatory Efficacy. Javnost, 30(2), 145–160. https://doi.org/10.1080/13183222.2023.2198933
Marvin Hanisch et al. (2023). Digital governance: A conceptual framework and research agenda. Journal of Business Research, 162(July 2022), 113777. https://doi.org/10.1016/j.jbusres.2023.113777
Marwan, A., Garduno, D. O. C., & Bonfigli, F. (2022). Detection of Digital Law Issues and Implication for Good Governance Policy in Indonesia. Bestuur, 10(1), 22–32. https://doi.org/10.20961/bestuur.v10i1.59143
Miller, K. M., Lukic, K., & Skiera, B. (2025). The impact of the General Data Protection Regulation (GDPR) on online tracking. International Journal of Research in Marketing, 1–23. https://doi.org/10.1016/j.ijresmar.2025.03.002
Morales-Saenz et al. (2024). Beyond Data Protection: Exploring the Convergence between Cybersecurity and Sustainable Development in Business. Sustainability (Switzerland), 16(14), 1–32. https://doi.org/10.3390/su16145884
Nderu, L., Oginga, R., Butichi, B., Rono, J., Njau, F., Mogire, F., Matindo, D., Muiruri, D., & Kiragga, A. (2024). Data Law Companion: Enhancing Data Protection Law Compliance in the Digital Age. Data Science Journal, 23(1), 1–13. https://doi.org/10.5334/dsj-2024-036
Nicol, E., Briggs, J., Moncur, W., Htait, A., Carey, D. P., Azzopardi, L., & Schafer, B. (2022). Revealing Cumulative Risks in Online Personal Information: A Data Narrative Study. Proceedings of the ACM on Human-Computer Interaction, 6, 1–25. https://doi.org/10.1145/3555214
Njonge, T. (2023). Influence of Psychological Well-Being and School Factors on Delinquency , During the Covid-19 Period Among Secondary School Students in Selected Schools in Nakuru County : Kenya. International Journal of Research and Innovation in Social Science, 7(2), 1175–1189. https://doi.org/10.47772/ijriss
Obudho, K. (2024). The Impact of Data Privacy Laws on Digital Marketing Practices. Journal of Modern Law and Policy, 4(1), 35–48. https://doi.org/10.47941/jmlp.2155
Oluwatosin Reis, Nkechi Emmanuella Eneh, Benedicta Ehimuan, Anthony Anyanwu, Temidayo Olorunsogo, & Temitayo Oluwaseun Abrahams. (2024). Privacy Law Challenges in the Digital Age: a Global Review of Legislation and Enforcement. International Journal of Applied Research in Social Sciences, 6(1), 73–88. https://doi.org/10.51594/ijarss.v6i1.733
Pimenta Rodrigues, G. A., Marques Serrano, A. L., Lopes Espiñeira Lemos, A. N., Canedo, E. D., de Mendonça, F. L. L., de Oliveira Albuquerque, R., Sandoval Orozco, A. L., & García Villalba, L. J. (2024). Understanding Data Breach from a Global Perspective: Incident Visualization and Data Protection Law Review. Data, 9(2), 1–24. https://doi.org/10.3390/data9020027
Prince et al. (2023). Online Privacy Literacy and Users’ Information Privacy Empowerment: the Case of GDPR in Europe. Information Technology and People, 37(8), 1–24. https://doi.org/10.1108/itp-05-2023-0467
Putra, R. K., Idris, M. F., & Widhiati, G. (2024). Perlindungan Data Pribadi Dalam Era Big Data : Implikasi Hukum Di Indonesia. Jaksa : Jurnal Kajian Ilmu Hukum Dan Politik, 2(4), 31–44. https://doi.org/10.51903/jaksa.v2i4.2260
Putri, F. S., & Suryono, A. (2024). Langkah Hukum Bagi Peminjam Jasa Pinjaman Pribadi (PINPRI) Atas Kerugian Yang Ditimbulkan Akibat Kebocoran Data Pribadi. Perkara : Jurnal Ilmu Hukum Dan Politik, 2(2), 105–116. https://doi.org/10.51903/perkara.v2i2.1849
Qadri et al. (2025). Digital Technologies and Social Sustainability in the Digital Transformation age: A Systematic Analysis and Research Agenda. International Journal of Ethics and Systems, 41(1), 142–169. https://doi.org/10.1108/ijoes-08-2024-0239
Quach et al. (2022). Digital Technologies: Tensions in Privacy and Data. Journal of the Academy of Marketing Science, 50(6), 1299–1323. https://doi.org/10.1007/s11747-022-00845-y
Ruijer, E., Van Twist, A., Haaker, T., Tartarin, T., Schuurman, N., Melenhorst, M., & Meijer, A. (2023). Smart Governance Toolbox: A Systematic Literature Review. Smart Cities, 6(2), 878–896. https://doi.org/10.3390/smartcities6020042
Sangaroonsilp et al. (2022). Mining and Classifying Privacy and Data Protection Requirements in Issue Reports. SSRN Electronic Journal, 14(8), 1–24. https://doi.org/10.2139/ssrn.4246523
Smirnova, Y., & Travieso-Morales, V. (2024). Understanding Challenges of GDPR Implementation in Business Enterprises: A Systematic Literature Review. International Journal of Law and Management, 66(3), 326–344. https://doi.org/10.1108/ijlma-08-2023-0170
Sultana, N., & Turkina, E. (2023). Collaboration for Sustainable Innovation Ecosystem: The Role of Intermediaries. Sustainability (Switzerland), 15(10), 1–18. https://doi.org/10.3390/su15107754
Thomas Gegenhuber et al. (2023). Orchestrating Distributed Data Governance in Open Social Innovation. Information and Organization, 33(1), 1175–1189. https://doi.org/10.1016/j.infoandorg.2023.100453.
4.png)
