According to the Great Dictionary of the Indonesian Language, personal data is information relating to a person's characteristics, such as name, age, gender, education, occupation, address, and family status. The definition of personal data is also stipulated in Article 1, Paragraph 1 of the Minister of Communication and Informatics Regulation Number 20 of 2016 concerning the Protection of Personal Data in Electronic Systems, which states:

"Personal information is information about a specific individual that is stored, managed, and maintained honestly and protected confidentially." Furthermore, Article 2 also states that protection against the collection, collection, processing, analysis, storage, presentation, communication, transmission, dissemination, and destruction of personal data is the protection of personal data in electronic systems related to personal data as protection.

Privacy. This right to privacy is also enshrined in Article 12 of the Universal Declaration of Human Rights (UDHR), which states: "No one shall be subjected to arbitrary interference with his privacy, family, home or correspondence, nor to attacks upon his honor and reputation."

In Indonesia, the protection of personal data as a right to privacy is regulated in Article 28G paragraph (1) of the 1945 Constitution of the Republic of Indonesia, which states that: "everyone has the right to protection of themselves, their family, their honor, their dignity, and their property under their control, and has the right to a sense of security and protection from the threat of fear to do or not do something that is a human right."

We note that these provisions are still general and non-specific and clearly do not offer optimal personal data protection. Recent data leaks and misuse are extremely concerning. Personal data seems to be in the hands of irresponsible parties, especially since the increased use of electronic devices during the COVID-19 pandemic. Some recent cases include: In May 2020, the data of 91 million users and 7 million sellers on Tokopedia was allegedly leaked; the data of 1.2 million Bhinneka.com users was allegedly leaked and traded on the dark web; the personal data of 2.3 million Indonesian citizens from the 2014 Election list was allegedly harvested from the General Elections Commission (KPU) website; in August 2020, the data of approximately 890,000 customers of the financial technology (fintech) company Kreditplus was allegedly leaked and sold on the Raid Forum; in September 2020, the personal data of approximately 5.8 million Reddoorz app users in Indonesia was sold; In April 2021, the personal data of approximately 130,000 Facebook users in Indonesia was allegedly leaked and distributed on an amateur hacker website. In May 2021, the data of hundreds of millions of BPJS Kesehatan members was allegedly hacked and sold on a Raid Forum for around IDR 84 million. There were also cases of data leaks from the Indonesian National Police (Polri) and the hacking of data from a subdomain of the National Cyber ​​and Crypto Agency (BSSN). Most recently, a new case occurred in mid-January 2022, when the cybersecurity platform Dark Tracer uncovered a data leak from Bank Indonesia, hacked by the Conti ransomware group.

Cases of personal data misuse also occur in online lending processes, where data belonging to others is used, data skimming and ATM information are copied, and personal information is disseminated to the public. These actions constitute human rights violations. The issue remains unclear, as it's unclear how others can access personal data in detail, including through data verification. Furthermore, cases of personal data theft are becoming increasingly blatant, especially among illegal online lenders.

The explanation of Article 26 of the ITE Law reveals a weakness, namely the lack of legal protection for data owners, which is exploited by organizers or service providers for profit. The Electronic Information & Transactions Law only regulates personal data protection, but its use of protection applications is unclear because it lacks sanctions. This weakness requires improvement in order to achieve the regulatory objective of maintaining and ensuring security and order. Consequently, amendments to the regulatory framework are necessary. Legal protection against misuse of personal data can be achieved through self-regulation or preventative measures, if existing regulations do not address the system of personal data misuse. Therefore, the numerous cases of personal data leaks and misuse have made regulations regarding personal data protection urgently necessary. Currently, the Personal Data Protection Law (RUU PDP) has not shown any clear path to enactment since its first draft in 2016.

Perlindungan data pribadi untuk menjamin keamanan data pribadi sebagai pemenuhan hak privasi masyarakat Indonesia saat ini belum berjalan maksimal, terbukti dengan banyaknya pelanggaran penyalahgunaan data pribadi sebagai akibat dari meningkatnya penggunaan perangkat digital. Platform yang tidak cukup dilindungi oleh hukum. Oleh karena itu, UU Perlindungan Data Pribadi diharapkan segera disahkan untuk mengisi kekosongan hukum terkait perlindungan data pribadi. Karena undang-undang perlindungan keamanan data pribadi merupakan tugas konstitusional negara yang diatur dalam Undang-Undang Dasar Negara Republik Indonesia dan lahirnya Undang-Undang Perlindungan Data Pribadi merupakan indikasi perlindungan negara untuk memenuhi hak privasinya. . warga Proteksi (RUU PDP) belum menunjukkan titik terang sejak draf awalnya pada 2016.