Legal Protection of Personal Data Against Phishing in Indonesia: A Pancasila-Based Approach

DOI:

https://doi.org/10.25041/plr.v6i1.4138

Abstract

Phishing in Indonesia presents significant risks to privacy and data security. This study employs a normative juridical approach to analyze the protection of personal data, with attention to both preventive and repressive legal mechanisms. It assesses the effectiveness of Law No. 27 of 2022 on Personal Data Protection in combating phishing, alongside measures of digital literacy and law enforcement. The findings indicate notable progress but highlight persistent challenges in enforcement capacity, public awareness, and international cooperation. The study recommends strengthening enforcement, expanding cybersecurity education, and enhancing cross-border collaboration to advance data protection.

Keywords:

Personal Data Protection, Phishing Crimes, Cybersecurity, Legal Protection

References

A. Aco Agus dan Riskawati. 2016, “Penanganan Kasus Cybercrime Di Kota Makassar (Studi Pada Kantor Kepolisian Resort Kota Besar Makassar)”, Jurnal Supremasi, Vol. 10.

Alexandra Gronow, 2021, "Identifying Victims of Sexual Harassment in the Age of #MeToo: Time for the Media to Prioritise a Victim’s Right to Privacy", Alternative Law Journal 46, no. 2 (2021): 120–27, https://doi.org/10.1177/1037969X211003681.

Andrea M. Matwyshyn, 2005, Material Vulnerabilities: Data Privacy, Corporate Information Security, and Securities Pegulation, Berkeley Business Law Journal 3, no. 1 (2005): 129.

Ardi Saputra Gulo, Sahuri Lasmadi, Kabib Nawawi, 2020, “Cyber Crime dalam Bentuk Phising Berdasarkan Undang-Undang Informasi dan Transaksi Elektronik”, PAMPAS: Journal Of Criminal, Volume 1 Nomor 2.

Arief Sidharta, 2004, “Kajian Kefilsafatan tentang Negara Hukum”, Jentera (Jurnal Hukum), Rule of Law, Pusat Studi Hukum dan Kebijakan (PSHK), Jakarta, edisi 3 Tahun II, November.

Branscomb, Information is the Lifeblood that sustain political, social and business decision, dalam Anne W. Branscomb, “Global Governance of Global Networks: A survey of Transborder Data Flows in Transition”, Vanderbilt Law Review, Vol. 36, 1983, hlm. 985.

Case No D-, 2012, "The Royal Bank of Scotland Group Plc", International Directory of Company Histories 904736, no. 2012 (2020): 1–5.

Criminal Practice Report, 2023, "Phishing", no. 9 (2023): 1–2.

Daniel J. Solove. 2004, “The Digital Person. Technology and Privacy in the Information Age”, West Group Publication, New York University Press. New York.

David Banisar and Simon davies, 1999, “Global trend in privacy protection: an International Survey of Privacy, Data Protection and Surveillance Law and Development”, Journal Computer & Information 1.

Dewan Perwakilan Rakyat, 2006-2013, UU No.23/2006 tentang Administrasi Kependudukan, UU No.24/2013 tentang Perubahan Atas UU No.23/2006, dan UU No.23/2006 tentang Administrasi Kependudukan, dan UU No.14/2008 tentang Keterbukaan Informasi Publik.

Diniyah, K.J., 2022, “Perlindungan Hukum Bagi Korban Tindak Pidana Cyber Crime Phishing”, Dinamika, 28(5), pp.3756-3775.

Djafar, W., Sumigar, B.R.F., And Setianti, B.L, 2016, “Personal Data Protection in Indonesia-Policy Institutionalization Perspectives from a Human Rights Perspective”, Institute for Policy Research and Advocacy

Dewan Perwakilan Rakyat, 2016, “Risalah Rapat Komisi I dari Dewan Perwakilan Rakyat Republik Indonesia” tanggal 14 Maret.

Dewi, Sinta, 2015, “Privasi atas Data Pribadi: Perlindungan Hukum dan Bentuk Pengaturan diIndonesia”, Jurnal De Jure 15 (2): 165.

Edmon Makarim, 2003, Kompilasi Hukum Telematika, PT. Raja Grafindo Perkasa, Jakarta hlm. 3. Lihat juga M. Arsyad Sanusi, Teknologi Informasi & Hukum E-commerce, PT. Dian Ariesta : Jakarta, 2004, hlm. 9. Menurut Branscomb, Information is the Lifeblood that sustain political, social and business decision, dalam “Anne W. Branscomb, Global Governance of Global Networks: A survey of Transborder Data Flows in Transition”, Vanderbilt Law Review, Vol. 36, 1983.

E. Fernando Siregar, H. Helvis, and M. Markoni, “Analisa Yuridis Eksekusi Sita Jaminan Terhadap Tindak Pidana Pencucian Uang (TPPU) First Travel,” Jurnal Syntax Transformation, vol. 2, no. 11, pp. 1560–1573, Nov. 2021, doi: 10.46799/jst.v2i11.454.

Erna P, 2019, “Pentingnya Perlindungan Data Pribadi Dalam Transaksi Pinjaman Online (The Urgency of Personal Protection in Peer to Peer Lending)”, Majalah Hukum Nasional, No.2.

Gary D Brown and Andrew O. Metcalf, 2014, "Easier Said than Done: Legal Reviews of Cyber Weapons", SSRN Electronic Journal, https://doi.org/10.2139/ssrn.2400530.

Graham Greenleaf, 2011, Global Data Protection Laws, Privacy Laws and Business Special Report, September.

Hanifan N, 2020, “Perlindungan Data Pribadi Sebagai Bagian Hak Asasi Manusia Atas Perlindungan Diri pribadi Suatu Tinjauan Komparatif Dengan Peraturan Perundang-undangan Di Negara Lain”, Selisik, Vol.6 No.1. Hlm 2685-6816

Hariyono, A.G. and Simangunsong, F., 2023, “Perlindungan Hukum Korban Pencurian Data Pribadi (Phishing Cybercrime) Dalam Perspektif Kriminologi”, Bureaucracy Journal: Indonesia Journal of Law and Social-Political Governance, 3(1).

Human Rights Committee General Comment No. 16 .1988, “on the right to respect of privacy, family, home and correspondence, and protection of honour and reputation” (art. 17) seperti yang dikutip dalam Privacy International Report, 2013

Hsuan Ting Chen, 2018, "Revisiting the Privacy Paradox on Social Media With an Extended Privacy Calculus Model: The Effect of Privacy Concerns, Privacy Self-Efficacy, and Social Capital on Privacy Management", American Behavioral Scientist 62, no. 10 (2018): 1392–1412, https://doi.org/10.1177/0002764218792691.

H. Zuhir, A.Selmat and M. Salleh, 2015, “The Effect of Feature Selection on Phish Website Detection an Empirical Study on Robust Feature Subset Selection for Effective Classification”, International Journal of Advanced Computer Science and Applications, vol.6, no.10, https://www.onetrust.com/blog/principles-of-privacy-by-design/

Isaac Taylor, 2017, "Data Collection, Counterterrorism and the Right to Privacy", Politics, Philosophy and Economics 16, no. 3 (2017): 326–46, https://doi.org/10.1177/1470594X17715249,

Joesoef, I. E, 2021, “Legal Protection of Personal Data against Customers in Technology. Based Money Lending Services”, International Journal of Social Science and Human Research, 04(08). https://doi.org/10.47191/ijsshr/v4-i8-01.

Kyu Ho Youm and Ahran Park, 2016, "The Right to Be Forgotten in European Union Law: Data Protection Balanced with Free Speech?", Journalism and Mass Communication Quarterly 93, no. 2 (2016): 273–95, https://doi.org/10.1177/1077699016628824.

Lydia K. Saragih, 2020, “Perlindungan Hukum Data Pribadi terhadap Penyalahgunaan Data Pribadi pada Platform Media Sosial”, Jurnal Hukum De’rechtstaat, Vol. 6, No. 2.

M. Al-diabat, 2016, “Detection and Prediction of Phishing Websites using Classification Mining Techniques”, International Journal of Computer Applications, vol.147, no.5, pp.5-11.

Marcy E.Peek, 2006, “Information Privacy and Corporate Power: Toward a Reimagination of Information Privacy Law”, Seton Hall Law Review, Vol 37.

Marta Otto, 2015, "The Right to Privacy in Employment: In Search of the European Model of Protection", European Labour Law Journal 6, no. 4 (2015): 343–63, https://doi.org/10.1177/201395251500600404.

Maulia Jayantina Islami, 2017, “Tantangan Dalam Implementasi Strategi Keamanan Siber Nasional Indonesia Ditinjau Dari Penilaian Global Cybersecurity Index,” Jurnal Masyarakat Telematika Dan Informasi, Vol. 8.

N. Abdelhamid, A. Ayesh and F. Thabtah, 2014, “Phishing Detection based Associative Classification Data Mining”, Expert System with Applications, vol.41(13), pp.5948-5959

Nadezhda Purtova, 2010, "Private Law Solutions in European Data Protection: Relationship to Privacy, and Waiver of Data Protection Rights", Netherlands Quarterly of Human Rights 28, no. 2 (2010): 179–98, https://doi.org/10.1177/016934411002800203.

Oleg Gennadievich Danilyan, Alexander Petrovich Dzeban, Yury Yurievich Kalinovsky, Eduard Anatolievich Kalnytskyi Et Svetlana Borisovna Zhdanenko, “Personal Information Rights And Freedoms Within The Modern Society”, Informatologia, 30 Juin 2018, Volume 51, Nomor 1‑2.

Pamungkas, W.C. and Saputra, F.T., 2020, “Analisa Mobile Phishing Dengan Incident Response Plan dan Incident Handling, JURIKOM (Jurnal Riset Komputer), 7(4).

Rudi Natamiharja, 2018, “A Case Study on Facebook Data Theft in Indonesia”, Fiat Justisia: Jurnal Ilmu Hukum, Volume 12 Issue 3.

Rudi Natamiharja, M Stefany, 2019, “Perlindungan Hukum Atas Data Pribadi Di Indonesia (Studi Terhadap Pelaksanaan Pelayanan Jasa Telekomunikasi Pt. Telekomunikasi Selular”, Prodigy Jurnal Perundang undangan. Volume 7 Issue 2.

Rosadi, SD, 2017, “Implikasi Penerapan program E-Health Dihubungkan Dengan Perlindungan Data Pribadi”, Arena Hukum, Vol.9 No.3

Sautunnida, L, 2018, “Urgensi Undang-Undang Perlindungan Data Pribadi Di Indonesia;Studi perbandingan Hukum Inggris dan Malaysia”, Kanun Jurnal Ilmu Hukum, Vol. 20 No.2

Siallagan, H, 2016, “Penerapan Prinsip Negara Hukum Di Indonesia, Sosiohumaniora”, 18(2), 122–128. https://doi.org/10.24198/SOSIOHUMANIORA.V18I2.9947.

Shilling, C. G. 2011, “Privacy and Data Security: New Challenges of The Digital Age”, New Hampshire Bar Journal, 52 (2): 28.

Slamet Suhartono, 2019, “Hukum Positif Problematik Penerapan Dan Solusi Teoritiknya”, DiH: Jurnal Ilmu Hukum 15, no. 2 (2019): 201–11, https://doi.org/10.30996/dih.v15i2.2549.

Suhail Amin Tarafdar and Michael Fay, 2018, Freedom of Information and Data Protection Acts, InnovAiT: Education and Inspiration for General Practice 11, no. 1 (2018): 48–54, https://doi.org/10.1177/1755738017735139.

S Yuniarti, AM Ramli, SD Rosadi, D Budhijanto, 2023, “The New Chapter Of Indonesia’s Data Protection On Digital Economy Perspective”, Journal of Southwest Jiaotong University 58 (3).

Sinta Dewi Rosadi, 2018, “Perlindungan Privasi Dan Data Pribadi Dalam Era Ekonomi Digital Di Indonesia”, Veritas et Justitia, Volume 4 Nomor 1.

Stephen J. Schulhofer, 2016, “An international right to privacy? Be careful what you wish for”, International Journal of Constitutional Law, Vol. 14.

The Max Schrems Litigation, “A Personal Account Mohini Mann dalam Elaine Fahey Editor Institutionalisation beyond the Nation State Transatlantic Relations: Data, Privacy and Trade Law Studies”, European Economic Law and Regulation, Volume 10.

Thomas Yeon and Yuan Shang Mathilda Kwong, 2021, "Warrantless Searches of a Mobile Phone’s Digital Contents and Privacy Interests in Hong Kong", Common Law World Review 50, no. 2–3 (2021): 95–102, https://doi.org/10.1177/14737795211010822.

Wahid, A., 2018, “Keadilan Restoratif: Upaya Menemukan Keadilan Substantif?”, Jurnal Hukum Responsif, 5(5), M.Yasir Said and Yati Nurhayati, 2021, “A Review on Rawls Theory of Justice”, International Journal of Law, Environment, and Natural Resources 1, no. 1; 29–36,

Wibowo, M.H. and Fatimah, N., 2017, “Ancaman phishing terhadap pengguna sosial media dalam dunia cyber crime”, JOEICT (Jurnal of Education and Information Communication Technology), 1(1), pp.1-2

Andi Hamzah. 2015 ,Delik-Delik Tertentu (Speciale Delicten) Didalam KUHP Edisi Kedua, Jakarta:Sinar Grafika.

Alan F. Westin (Ed), 1971, Information Technology in a Democracy, Massachusetts: Harvard University Press.

Arif, B. N. 2005, Pembaharuan Hukum Pidana Dalam Perspektif Kjian Perbandingan. Bandung: Citra Aditya Bakti

Bagir Manan, 2004, Hukum Positif Indonesia (Satu Kajian Teoritik), Jakarta:FH UII Press.

Bayu Sujadmiko, 2017, Pengantar Hukum Teknologi Informasi Internasional, Bandar Lampung: Zam-zam Tower.

Daniel J. Solove, 2004, The Digital Person. Technology and Privacy in the Information Age, West Group Publication, New York: New York University Press.

Deddy Ismatullah dan Asep A. Sahid Gatara Fh, 2017, Ilmu Negara: Dalam Multiperspektif Kekuasaan, masyarakat, Hukum dan Agama, Bandung: Pustaka Setia.

Edmon Makarim. 2003, Kompilasi Hukum Telematika, Jakarta: PT. Raja Grafindo Perkasa.

Edmon Makarim, 2010, Tanggung Jawab Hukum Penyelenggara Sistem Elektronik, Jakarta: Rajawali Pers.

European Union Agency for Fundamental Rights and Council of Europe, 2014, Handbook on European Data Protection Law, Belgium.

J Wagner DeCew, 1997, In Pursuit of Privacy: Law, Ethics and the Rise of Technology, Ithaca: Cornell University Press.

Kamus Besar Bahasa Indonesia memberikan pengertian privasi berarti kebebasan dan keleluasaan diri, Kamus Besar Bahasa Indonesia. 2001, Edisi 3, Departemen Pendidikan Nasional, Jakarta: PT. Balai Pustaka.

Lili Rasjidi dan I.B Wysa Putra, 2010, Hukum Sebagai Suatu Sistem, Bandung: Remaja Rusdakarya.

M. Arsyad Sanusi, 2004, Teknologi Informasi & Hukum E-commerce, Jakarta: PT. Dian Ariesta.

Moh Kusnadi dan Bintan R. Saragih, 2008, Ilmu Negara, Jakarta: Gaya Media Partama.

Muchsin, 2003, Perlindungan dan Kepastian Hukum bagi Investor di Indonesia, Surakarta: Universitas Sebelas Maret.

Muhammad Tholhah Hasan, 2001, Perlindungan Terhadap Korban Kekerasan Seksual (Advokasi atas Hak Asasi Perempuan), Bandung: PT. Refika Aditama.

Natamiharja, Rudi and Mindoria, Stefany, 2019, Perlindungan Data Privasi dalam Konstitusi Negara Anggota ASEAN, Project Report. Bandar Lampung: Aura.

Phillipus M. Hadjon, 1987, Perlindungan Hukum Bagi Rakyat Indonesia, Surabaya: PT Bina Ilmu.

Sanusi, M. Arsyad, 2004, Teknologi Informasi & Hukum E-Commerce. Jakarta:PT. Dian Ariesta.

Satjipto Raharjo, 2000, Ilmu Hukum, Bandung: PT Citra Aditya Bakti.

Schoeman, F. D (Ed), 1984, Philosophical Dimensions of Privacy: an Anthology, Cambridge: Cambridge University Press.

Sinta Dewi Rosadi, 2023, Pembahasan UU Perlindungan Data Pribadi (UU RI Nomor 27 Tahun 2022), Jakarta:Sinar Grafika.

Shinta Dewi, 2009, Cyberlaw Perlindungan Privasi Atas Informasi Pribadi Dalam E-Commerce Menurut Hukum Internasional, Bandung : Widya Padjadjaran.

Soeroso, 2006, Pengahantar Ilmu Hukum, Cetakan Kedelapan, Jakarta: Sinar Grafika.

Setiono, 2004. Supremasi Hukum, Surakarta: UNS.

Teguh Prasetyo, 2013, Hukum Pidana, Jakarta : PT. RajaGrafindo Persada.

Wahyudi Djafar dan Asep Komarudin, 2014, Perlindungan Hak Atas Privasi di Internet-Beberapa Penjelasan Kunci. Jakarta: Elsam

Undang -Undang Dasar Negara Republik Indonesia Tahun 1945.

Undang-Undang Nomor 36 Tahun 1999 tentang Telekomunikasi.

Undang-Undang Nomor 39 Tahun 1999 tentang Hak Asasi Manusia.

Undang-Undang Nomor 24 Tahun 2013 tentang Perubahan atas Undang-Undang Nomor 23 Tahun 2006 tentang Administrasi Kependudukan.

Undang-Undang Nomor 36 Tahun 2009 tentang Kesehatan.

Undang-Undang Nomor 19 Tahun 2016 tentang Perubahan Atas Undang-Undang Nomor 11 Tahun 2008 Tentang Informasi Dan Transaksi Elektronik.

Undang-Undang Nomor 27 Tahun 2022 tentang Pelindungan Data Pribadi.

Undang-Undang Nomor 14 Tahun 2008 tentang Keterbukaan Informasi Publik.

Undang-Undang Nomor 10 Tahun 1998 tentang Perbankan.

Undang-Undang Nomor 8 Tahun 1999 tentang Perlindungan Konsumen.

Peraturan Pemerintah Nomor 82 Tahun 2012 tentang Penyelenggaraan Sistem dan Transaksi Elektronik (PPPSTE).

Peraturan Presiden Nomor 26 Tahun 2009 sebagaimana telah beberapa kali diubah, terakhir dengan Peraturan Presiden Nomor 126 Tahun 2012 tentang Perubahan Ketiga atas Peraturan Presiden Nomor 26 Tahun 2009 tentang Penerapan Kartu Tanda Penduduk Berbasis Nomor Induk Kependudukan Secara Nasional (Perpres KTP).

Naskah Akademik Undang-undang Perlindungan Data Pribadi, 2022

Australian Press Council, 2014, "Statement of General Principles: Standards’ (Statement of General Principles)", https://www.presscouncil.org.au/uploads/% 0A52321/ufiles/GENERAL_-_PRIVACY_PRINCIPLES_-_July_2014. Diakses pada tanggal 29 September 2023

APWG Phishing Activity Trends Report, 2022, “Phishing Activity Trends Report, 4th Quarter 2022”, https://apwg.org. Diakses pada tanggal 28 Agustus 2023

Chandra, Mayank & Quraishi, Suhail, 2019, “Phishing Website Classification using Least Square Twin Support Vector Machine”, https://www.djkn.kemenkeu.go.id /kpknl-purwakarta/baca-artikel/14851/Waspada-Kehajatan-Phising-Mengintai-Anda.html, diakses pada tanggal 27 Agustus 2023

CNN Indonesia, 2022, “RI Dihantam 700 Juta Serangan Siber di 2022, Modus Pemerasan Dominan”, https://www.cnnindonesia.com/teknologi, diakses pada 27 Agustus 2023.

D. Rachmawati, 2020, “Phising sebagai salah satu bentuk ancaman dalam dunia cyber”, http://www.it-artikel.com/, diakses 18 Desember 2023.

Direktorat Tindak Pidana Siber (Dittipidsiber) Bareskrim Polri, 2019, “Phising : Apakah Anda Salah Satu Korbannya?”, https://www.patrolisiber.id/, diakses pada 27 Agustus 2023.

Ensign rilis laporan soroti tren ancaman siber di Indonesia, 2023, https://www.antaranews.com/berita/3664086/ensign-rilis-laporan-soroti-tren-ancaman-siber-di-indonesia, diakses pada 27 Agustus 2023.

Guidelines 07/2020, “on the Concepts of controller and processor in the RDPR Verion 2.1”,http://edpb.europa.eu/system/files/202107/eppb_guidelines_202007_controllerprocessor_final_en.pdf, diakses pada tanggal 29 September 2023.

Jonathan Patrick, 2022, “Ahli: Big Data Jadi Komoditas Utama di Era Digital Indonesia”, https://www.cnnindonesia.com, diakses pada 24 September 2023.

Mark F. Kightlinger, E. Jason Albert, and Daniel P. Cooper, 1981, “Convention for the Protection of Individuals with Regard to Automatic Processing of Personal Data of 28 January”, http://conventions.coe.int/treaty/EN/Treaties/HTML/108.htm, diakses pada tanggal 5 Oktober 2023

Ni G. A. P. Nitayanti dan Ni M. A. Y. Griadhi, “Perlindungan Hukum terhadap Informasi Pribadi terkait Privacy Right Berdasarkan Undang-Undang Nomor 11 Tahun 2008 tentang Informasi dan Transaksi Elektronik”, https://ojs.unud.ac.id/index.php/Kerthanegara/article/download/10713/7619, diakses pada tanggal 5 Oktober 2023.

Paul Voht, “The worlds Biggest data Breaches”, http: //www.thalesgroup.com/ en/markets/digital-identity-and-security/magazine/worlds-biggest-data-breaches, diakses pada tanggal 10 Oktober 2023.

Pusiknas Bareskrim Polri, 2023, “Kejahatan Siber di Indonesia Naik Berkali-kali Lipat”, https://pusiknas.polri.go.id/detail_artikel/kejahatan_siber_di_indonesia_naik_berkali-kali_lipat, diakses pada 27 Agustus 2023.

Shilvina Widi, 2023, “Deret Kasus Kebocoran Data RI pada 2023, dari BSI hingga Paspor”, https://dataindonesia.id/internet/detail/deret-kasus-kebocoran-data-ri-pada-2023-dari-bsi-hingga-paspor, diakses pada 27 Agustus 2023.

Vika Azkiya Dihni, “Jumlah Akun yang Mengalami Kebocoran Data di Indonesia (Kuartal I2020-KuartalII2022)”, https://databoks.katadata.co.id/datapublish/ 2022/08/09/kasus-kebocoran-data-di-indonesia-melonjak-143-pada-kuartal-ii-2022, diakses 23 September 2023.

Z. Ramzan and C. Wuest, 2007, “Phishing Attacks: Analyzing Trends in 2006”, CEAS 2207- 4th Conference on Email and Anti-spam, Mountain View, California USA, https://www.researchgate.net/publication/220271835_Phishing_Attacks_Analyzing_Trends_in_2006, diakses pada tanggal 29 Agustus 2025.

Downloads

Download data is not yet available.
Total Abstract Views: 1 | Total Downloads: 0

Downloads

Authors

Published

2025-08-25

How to Cite

Nurmansyah, Gunsu, Rudi Natamiharja, and Ikhsan Setiawan. 2025. “Legal Protection of Personal Data Against Phishing in Indonesia: A Pancasila-Based Approach”. Pancasila and Law Review 6 (1):15-44. https://doi.org/10.25041/plr.v6i1.4138.

Issue

Vol. 6 No. 1 (2025): Issue In progress (January 2025)

Section

Articles

Copyright

Copyright (c) 2025 by the Auhtor(s) Published by Development Centre Research of Law and Scientific Publication on behalf of the Faculty of Law, Universitas Lampung

License

Creative Commons License

This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.

Author Biography

Rudi Natamiharja, Universitas Lampung

Sinta Profil Page

Google Scholar Page