Personal data privacy regulation and mitigation are critical in implementing financial technology (fintech). Problems with fintech users’ data might result from data breaches, improper usage, and trade. Issues with personal data will result in financial losses, crimes, and violations of personal information. This legal research used three approaches: conceptual, comparative, and statute-based. In order to implement the statutory method, all laws and regulations pertaining to the legal concerns of information technology, fintech, personal data security, and protection are reviewed. Due to the nature of the sources of data, this study mainly used literature study and document observation to collect the data. Then, legal interpretation, legal reasoning, and legal argumentation are all included in the qualitative juridical analysis. This article recommends two strategies that Indonesia should take to provide personal data protection, including: 1) establishing the Personal Data Protection Commission (PDPC); and 2) improving the financial literacy of consumers.

Addae, J. H., Brown, M., Sun, X., et al. (2017). Measuring attitude towards personal data for adaptive cybersecurity. Information & Computer Security, 25(5), 560–579. https://doi.org/10.1108/ics-11-2016-0085

Da Veiga, A., Vorster, R., Li, F., et al. (2019). Comparing the protection and use of online personal information in South Africa and the United Kingdom in line with data protection requirements. Information & Computer Security, 28(3), 399–422. https://doi.org/10.1108/ics-11-2018-0135

Bank Indonesia. (2021). Payment System Statistics (Indonesian). Available online: https://www.bi.go.id/id/statistik/ekonomi-keuangan/ssp/uang-elektronik-transaksi.aspx (accessed on 22 December 2023).

Bank Indonesia. (2023). Bank Indonesia Annual Meeting 2023: Synergy to Strengthen National Economic Resilience and Revival (Indonesian). Available online: https://www.bi.go.id/id/publikasi/ruang-media/news-release/Pages/sp_2532123.aspx (accessed on 22 December 2023).

Bechara, F. R., & Schuch, S. B. (2020). Cybersecurity and global regulatory challenges. Journal of Financial Crime, 28(2), 359–374. https://doi.org/10.1108/jfc-07-2020-0149

Belwal, R., Al Shibli, R., & Belwal, S. (2020). Consumer protection and electronic commerce in the Sultanate of Oman. Journal of Information, Communication and Ethics in Society, 19(1), 38–60. https://doi.org/10.1108/jices-09-2019-0110

Combe, C. (2009). Observations on the UK transformational government strategy relative to citizen data sharing and privacy. Transforming Government: People, Process and Policy, 3(4), 394–405. https://doi.org/10.1108/17506160910997892

CNN Indonesia. (2022). Endless Personal Data Leaks in RI, read more here (Indonesian). Available online: https://www.cnnindonesia.com/teknologi/20220112191045-185-745842/kebocoran-data-pribadi-yang-tak-berujung-di-ri (accessed on 22 December 2023).

CNN Indonesia. (2020a). Full Chronology of 91 million Tokopedia Accounts Leaked and Sold (Indonesian). Available online: https://www.cnnindonesia.com/teknologi/20200503153210-185-499553/kronologi-lengkap-91-juta-akun-tokopedia-bocor-dan-dijual (accessed on 22 December 2023).

CNBC Indonesia (2020b). 91 million User Data Leaked, Tokopedia Sued for Rp 100 M (Indonesian). Available online: https://www.cnbcindonesia.com/tech/20200507083340-37-156876/91-juta-data-pengguna-bocor-tokopedia-digugat-rp-100-m (accessed on 22 December 2023).

Da Veiga, A., Vorster, R., Li, F., et al. (2019). Comparing the protection and use of online personal information in South Africa and the United Kingdom in line with data protection requirements. Information & Computer Security, 28(3), 399–422. https://doi.org/10.1108/ics-11-2018-0135

Dewi, S. (2016). Concept of Legal Protection of Privacy and Personal Data Associated with the Use of Cloud Computing in Indonesia (Indonesian). Yustisia Jurnal Hukum, 5(1), 22–30. https://doi.org/10.20961/yustisia.v5i1.8712

Dewi Rosadi, S., & Gumelar Pratama, G. (2018). The urgency of protecting private data in the era of digital economy in Indonesia (Indonesian). Veritas et Justitia, 4(1), 88–110. https://doi.org/10.25123/vej.2916

Djafar, W. (2019). Personal Data Protection in Indonesia: Landscape, Urgency, and Need for Update (Indonesian). Jurnal Becoss, 1(1), 147–154. https://doi.org/10.21512/becossjournal.v1i1.6030

GreenLeaf, Graham. (2014). Asian Data Privacy Laws—Trade and Human Rights Perspectives. Oxford University Press.

Gwebu, K., & Barrows, C. W. (2020). Data breaches in hospitality: is the industry different? Journal of Hospitality and Tourism Technology, 11(3), 511–527. https://doi.org/10.1108/jhtt-11-2019-0138

Giakoumopoulos, C., Buttarelli, G., & O’Flaherty, M. (2018). Handbook on European data protection law 2018. Publications Office of the European Union.

Hidajat, T. (2020). Unethical practices peer-to-peer lending in Indonesia. Journal of Financial Crime, 27(1), 274–282. https://doi.org/10.1108/jfc-02-2019-0028

Holtfreter, R. E., & Harrington, A. (2015). Data breach trends in the United States. Journal of Financial Crime, 22(2), 242–260. https://doi.org/10.1108/jfc-09-2013-0055

Juma’h, A. H., & Alnsour, Y. (2020). The effect of data breaches on company performance. International Journal of Accounting & Information Management, 28(2), 275–301. https://doi.org/10.1108/ijaim-01-2019-0006

Kang, J. (2006). Information Privacy in Cyberspace Transactions. Stanford Law Review, 50(4), 1193. https://doi.org/10.2307/1229286

Katadata, Personal Data Theft in the Vortex of Illegal Fintech Business (Indonesian). Available online: https://katadata.co.id/ariayudhistira/analisisdata/609a43a46aa5e/pencurian-data-pribadi-dalam-pusaran-bisnis-fintech-ilegal (accessed on 22 December 2023).

Kharisma, D. B. (2020). Urgency of financial technology (Fintech) laws in Indonesia. International Journal of Law and Management, 63(3), 320–331. https://doi.org/10.1108/ijlma-08-2020-0233

Kharisma, D. B., & Hunaifa, A. (2022). Comparative study of disgorgement and disgorgement fund regulations in Indonesia, the USA and the UK. Journal of Financial Crime, 30(3), 635–649. https://doi.org/10.1108/jfc-01-2022-0022

Kompas, A Series of Cases of Leaked Population Data on Government Servers, click to read (Indonesian). Available online: https://www.kompas.com/tren/read/2022/01/08/163000065/sederet-kasus-kebocoran-data-penduduk-di-server-pemerintah?page=all (accessed on 22 December 2023).

Lokadata.id, More Data Leak Cases, Online Shopping Most Vulnerable (Indonesian). Available online: https://lokadata.id/artikel/kasus-kebocoran-data-semakin-banyak-belanja-daring-paling-rentan (accessed on 22 December 2023).

Makarim, E. (2019). Privacy and Personal Data Protection (Indonesian). Available online: http://www.dpr.go.id/dokakd/dokumen/K1-RJ-20200701-114522-4891.pdf (accessed on 22 December 2023).

Makarim, E. (2020). Legal Liability for Personal Data Leakage (Indonesian). Available online: https://www.hukumonline.com/berita/baca/lt5f067836b37ef/pertanggungjawaban-hukum-terhadap-kebocoran-data-pribadi-oleh--edmon-makarim?page=all (accessed on 22 December 2023).

Marzuki, P.M. (2019). Penelitian Hukum, 14th Book Print. Prenada Media Group.

Muryanto, Y. T., Kharisma, D. B., & Ciptorukmi Nugraheni, A. S. (2022). Prospects and challenges of Islamic fintech in Indonesia: a legal viewpoint. International Journal of Law and Management, 64(2), 239–252. https://doi.org/10.1108/ijlma-07-2021-0162

Murray, A. (2013). Information technology law: The law and society. Oxford University Press.

Ng, A. W., & Kwok, B. K. B. (2017). Emergence of Fintech and cybersecurity in a global financial centre. Journal of Financial Regulation and Compliance, 25(4), 422–434. https://doi.org/10.1108/jfrc-01-2017-0013

Financial Services Authority (OJK). (2023). Press Release: Launch of Fintech P2P Lending Roadmap 2023-2028 (Indonesian). Available online: https://ojk.go.id/id/berita-dan-kegiatan/siaran-pers/Pages/Peluncuran-Roadmap-Fintech-P2P-Lending-2023-2028.aspx (accessed on 22 December 2023).

Financial Services Authority (OJK). (2020). Indonesia’s National Financial Literacy Strategy (SNLKI) 2021-2025 (Indonesian). Available online: https://www.ojk.go.id/id/berita-dan-kegiatan/publikasi/Documents/Pages/Strategi-Nasional-Literasi-Keuangan-Indonesia-2021-2025/Strategi%20Nasional%20Literasi%20Keuangan%20Indonesia%202021-2025.pdf (accessed on 22 December 2023).

Financial Services Authority (OJK). (2021). Fintech Lending Statistics 2020 (Indonesian). Available online: https://www.ojk.go.id/id/kanal/iknb/data-dan-statistik/fintech/Pages/-Statistik-Fintech-Lending-Periode-Desember-2020.aspx (accessed on 22 December 2023).

PUSFID (2024). Data Breach Response Team, Available online: https://forensics.uii.ac.id/data-breach-response-team/ (accessed on 22 December 2023).

Rohendi, A. (2015). Consumer Protection in E-Commerce Transactions from National and International Law Perspectives (Indonesian). Ecodemica, 3(2).

Rohendi, A. (2020). Big Data Legal Protection (Indonesian). Jurnal Sain Manajemen, 2(2), 1–5.

Rohendi, A., Asriani, A., & Kharisma, D. B. (2023). Regulation for startups in Indonesia: Problems and recommendations. Cogent Business & Management, 10(3). https://doi.org/10.1080/23311975.2023.2276993

Secretariat of the President of the Republic of Indonesia. (2020). Remarks by President Joko Widodo at the Indonesia Fintech Summit 2020 and Fintech Week 2020. Available online: https://www.presidenri.go.id/siaran-pers/presiden-jokowi-buka-indonesia-fintech-summit-2020-secara-virtual/ (accessed on 22 December 2023).

Stewart, H., & Jürjens, J. (2018). Data security and consumer trust in FinTech innovation in Germany. Information and Computer Security, 26(1), 109–128. https://doi.org/10.1108/ICS-06-2017-0039

Sudarwanto, A. S., & Kharisma, D. B. B. (2021). Comparative study of personal data protection regulations in Indonesia, Hong Kong and Malaysia. Journal of Financial Crime, 29(4), 1443–1457. https://doi.org/10.1108/jfc-09-2021-0193

Tsavli, M., Efraimidis, P. S., Katos, V., & Mitrou, L. (2015). Reengineering the user: Privacy concerns about personal data on smartphones. Information & Computer Security, 23(4), 80–89. https://doi.org/10.1108/ics-10-2014-0071.

Yayasan Lembaga Konsumen Indonesia (YLKI). (2020). Data on Consumer Personal Data Leaks from January to June 2020 (Indonesian). Available online: http://ylki.or.id/category/beritaliputan-media/ (accessed on 22 December 2023).

Younies, H., & Al-Tawil, T. N. (2020). Effect of cybercrime laws on protecting citizens and businesses in the United Arab Emirates (UAE). Journal of Financial Crime, 27(4), 1089–1105. https://doi.org/10.1108/jfc-04-2020-0055

Yusoff, Z.M. (2011). The Malaysian Personal Data Protection Act 2010: A Legislation Note. New Zealand Journal of Public and International Law, 9(1).

Watson, A., & Lupton, D. (2020). Tactics, affects and agencies in digital privacy narratives: a story completion study. Online Information Review, 45(1), 138–156. https://doi.org/10.1108/oir-05-2020-0174

Wiwoho, J & Kharisma, D. B. (2021). Isu-Isu Hukum di Sektor Fintech. Setara Press.

Wiwoho, J., Kharisma, D. B., & Wardhono, D. T. K. (2021). Financial Crime In Digital Payments. Journal of Central Banking Law and Institutions, 1(1), 47–70. https://doi.org/10.21098/jcli.v1i1.7

Wiwoho, J., Trinugroho, I., Kharisma, D. B., et al. (2023). Islamic crypto assets and regulatory framework: evidence from Indonesia and global approaches. International Journal of Law and Management, 66(2), 155–171. https://doi.org/10.1108/ijlma-03-2023-0051

Zhu, R., Srivastava, A., & Sutanto, J. (2020). Privacy-deprived e-commerce: the efficacy of consumer privacy policies on China’s e-commerce websites from a legal perspective. Information Technology & People, 33(6), 1601–1626. https://doi.org/10.1108/itp-03-2019-0117