Analysis of Criminal Liability for Personal Data Violations: Case Studies of the General Elections Commission and E-Commerce from the Perspective of the ITE Law and the PDP Law 2023–2024

Abstract

This study examines criminal liability for personal data violations in Indonesia through a normative juridical analysis of case studies involving the General Elections Commission (KPU) and e-commerce platforms during the 2023–2024 period. The research focuses on the intersection between the Electronic Information and Transactions Law (ITE Law) and the Personal Data Protection Law (PDP Law) to determine how these regulations govern the protection of personal data and the imposition of criminal sanctions. Findings reveal that while the ITE Law provides a legal foundation for addressing electronic crimes, it lacks specificity in handling cases of institutional negligence and corporate responsibility. In contrast, the PDP Law introduces comprehensive provisions, including criminal sanctions for both intentional and negligent violations, but faces enforcement challenges due to limited institutional capacity and overlapping jurisdictions. Analysis of the KPU and e-commerce data breaches shows weak legal enforcement, lack of accountability, and insufficient public awareness. The study concludes that effective personal data protection in Indonesia requires legal harmonization between the ITE and PDP Laws, establishment of a dedicated supervisory authority, and enhancement of institutional and public capacity to ensure compliance and accountability.