Analisis Kebijakan Undang-Undang Perlindungan Data Pribadi Sebagai Pemenuhan Hak Asasi Manusia

Abstract

This reseacrh discusses the Personal Data Protection Law policy as a fulfillment of human rights, using the case of a data breach on the Tokopedia platform in 2020. A total of 91 million Tokopedia user accounts were leaked and sold on a dark web forum by a bad actor with the username “whysodank” for 74 million Rupiah. The personal data of users, including passwords, email addresses, birth dates, names and genders, were at risk. The study aims to identify and analyze personal data protection policies applied to online platforms in Indonesia and analyze the personal data breach of users on the Tokopedia e-commerce platform. The research method used is qualitative research with a descriptive approach. The data collection technique used is structured intervies. The data analysis techniques used are data condensation, which is the process of filtering data, data display, and conclusions. The result of the study indicate that the data breach that occured on the Tokopedia platform in 2020 is evidence of the weak government laws regarding personal data protection and the weak data security system at Tokopedia in 2020. The creation and content of the Personal Data Protection Law itself are still weak and unclear. The creation of laws that do not involve the private sector, such as companies is a weakness of the law itself because it does not explain to what extent in the private sector can access public data.