Law and Ethics in The Use of Information Technology: A Study on Privacy and Data Security

Authors

  • Muhammad Abdurrohman Sholih Borobudur University Author
  • Rika Santina Universitas Sang Bumi Ruwa Jurai Author

Keywords:

Law; Ethics; Information Technology; Privacy; Artificial Intelligence.

Abstract

This paper critically analyzes Indonesia's legal and ethical framework for privacy and data security amid rapid digital transformation, using a juridical-normative approach and case studies to evaluate the effectiveness of Law Number 27 of 2022 concerning Personal Data Protection (PDP Law) in addressing contemporary challenges. The research addresses a significant paradox where Indonesia's accelerating digital economic growth and high internet penetration contrast sharply with escalating cyber threats reported by the National Cyber and Encryption Agency (BSSN) and increasing large-scale data breach incidents causing public concern. The central research question examines: To what extent is the PDP Law effective in protecting citizens' privacy and data security in Indonesia's digital transformation era, and what are the key legal, technical, and ethical challenges that hinder its optimal implementation? The analysis examines key PDP Law provisions, comparing them with the EU's General Data Protection Regulation (GDPR) as a global benchmark, while presenting case studies of major data breaches at Tokopedia (2020), BPJS Kesehatan (2021), and the General Elections Commission (2023) to illustrate gaps between regulatory frameworks and practical implementation. The discussion extends to complex ethical dilemmas including state digital surveillance and AI-driven personal data analysis threatening citizens' privacy rights. Findings reveal that while the PDP Law establishes a strong legal foundation and represents a significant milestone, its effectiveness remains limited by weak enforcement, institutional cybersecurity vulnerabilities, and unresolved ethical issues, leading to strategic recommendations for government, organizations, and the public to collectively build a comprehensive, adaptive, and sustainable national data protection ecosystem for future digital challenges.

References

Adila, N., & Putri, L. D. M. (2024). Digitalisasi Tata Kelola SDM Aparatur di Indonesia. Jurnal ISO: Jurnal Ilmu Sosial, Politik Dan Humaniora, 4(2).

Aprilianti, A. (2024). Efektivitas dan Implementasi Undang-Undang Informasi dan Transaksi Elektronik sebagai Hukum Siber di Indonesia: Tantangan dan Solusi. Begawan Abioso, 15(1), 41–50.

Armaini, E., & Khalid, K. (2024). General Election Commission’s Responsibility for Personal Data Leaks in the Election Database System. LEGAL BRIEF, 13(4), 969–975.

Ayu, S. S., & Nasution, M. I. P. (2023). Analisis kebocoran data privacy pada e-commerce tokopedia. JUEB: Jurnal Ekonomi Dan Bisnis, 2(3), 21–24.

Bernatt, M. (2016). Administrative sanctions: between efficiency and procedural fairness. Review of European Administrative Law, 9(1), 5–32.

Bertino, E. (2016). Data security and privacy: Concepts, approaches, and research directions. 2016 IEEE 40th Annual Computer Software and Applications Conference (COMPSAC), 1, 400–407.

Floridi, L. (2008). Foundations of information ethics. The Handbook of Information and Computer Ethics, 1–23.

Hermawan, A. (2024). Mengintip Celah antara Potensi dan Tantangan Big Data pada Layanan Jaminan Sosial Ketenagakerjaan Indonesia. Jurnal Jamsostek, 2(2), 185–206.

Hermawati, N., & Santiago, F. (2023). Law Enforcement Against Cybercrime in Online Activities. Edunity: Social and Educational Studies, 2(1), 28–37.

Kementerian Keuangan (2024). & Badan Pusat Statistik (BPS).(2024). Survei Nasional: Literasi Dan Inklusi Keuangan (SNLIK) Tahun 2024.

Kosseff, J. (2017). Defining cybersecurity law. Iowa L. Rev., 103, 985.

Martin, Y.-S., & Kung, A. (2018). Methods and tools for GDPR compliance through privacy and data protection engineering. 2018 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW), 108–111.

Meltwater, W. A. S. (2024). Digital 2023 Global Overview Report. DataReportal. URL: Https://Datareportal. Com/Reports/Digital-2023-Global-Overview-Report.

Muhammad, F., & Akbar, A. (2024). METODE KUALITATIF DAN KUANTITATIF PADA STUDI ISLAM. 2(2), 2986–5034. https://jurnal.staimi.ac.id/index.php/arrasyiid/DOI:https://doi.org/10.70367/arrasyiid.v2i2.23

Phillips, M. (2018). International data-sharing norms: from the OECD to the General Data Protection Regulation (GDPR). Human Genetics, 137(8), 575–582.

Riswandi, B. A., & SH, M. (2020). Protection of Data Privacy in the Digital Era (Comparative Approach Between Indonesian Law and European Union Law).

Sipiorski, E., & Somsen, H. (2024). Digital Trade in Indonesia: A Question of E-commerce Tax Revenues in International Trade Law.

Sorisa, C., Kiareni, C. L., & Parhusip, J. (2024). Etika Keamanan Siber: Studi Kasus Kebocoran Data BPJS Kesehatan di Indonesia. JOURNAL SAINS STUDENT RESEARCH, 2(6), 586–593.

Wolters, P. T. J. (2018). The control by and rights of the data subject under the GDPR.

Downloads

Published

2025-08-31

Issue

Vol. 1 No. 1 (2025): August 2025

Section

Articles

License

Copyright (c) 2025 Muhammad Abdurrohman Sholih, Rika Santina (Author)

Creative Commons License

This work is licensed under a Creative Commons Attribution 4.0 International License.