Administrative and Environmental Law Review is a journal published by Faculty of Law, Universitas Lampung, under a Creative Commons Attribution-ShareAlike 4.0 International License.

Faculty of Law, Universitas Lampung, Bandar Lampung, Indonesia.

http://jurnal.fh.unila.ac.id/index.php/aelr P-ISSN: 2723-2484

E-ISSN: 2745-9330

Conception of An Independent Surveillance Authority in The Efforts to Protect Population Data

Daffa Ladro Kusworo

Pengadilan Tata Usaha Negara Lampung, Indonesia daffalkusworo@gmail.com

Andre Arya Pratama Tabihita Lampung, Indonesia andrearyapratama9@gmail.com

Maghfira Nur Khaliza Fauzi

Pengadilan Tata Usaha Negara Lampung, Indonesia maghfira0601@gmail.com

Maya Shafira

Universitas Lampung, Indonesia mayashafira2@gmail.com

Article’s Information Abstract

Keywords:

Authority; EU GDPR ; Population Data;

Protection.

DOI:

https://doi.org/10.25041/aelr.v3i1.2530

Abstract

The progress of digital transformation requires efforts to protect personal data as a guarantee of individual rights to overcome a large number of data leakage and misuse cases, one of which is population data. The concretization of the government's efforts based on Article 28 G of the 1945 Constitution is realized by providing access to population data to all state and private institutions for data verification. In addition, data user parties must implement a Zero Data Sharing Policy with provisions prohibiting the dissemination or sharing of population data with third parties. However, various fundamental factors are influenced by the limited aspects of legal protection related to the class of personal Submitted: Feb 11, 2022; Reviewed: Apr 20, 2022; Accepted: Jun 28, 2022

10

the user, which makes it imperative to enact the current regulation on personal data protection. In addition, establishing an Independent Surveillance Authority is a must in ensuring the implementation of these regulations because their duties and authorities align with the government's efforts in protecting population data. This study uses a normative legal research method with an approach to legislation and literature study and uses descriptive analysis in managing qualitative data by applying a deductive method. The study results indicate that an element of optimal supervision must accompany the need for legal guarantees by establishing an Independent Surveillance Authority following the European Union General Data Protection Regulation (EU GDPR) standardization. Its independent position will prevent intervention from various parties for specific interests. Functionally, it is considered appropriate to optimize the implementation of the Zero Data Sharing Policy through the conception of investigative authority and collective rights as a guarantee of human rights.

A. Introduction

Various dynamics of the current covid-19 pandemic impact accelerating digital transformation. This rapid development provides easy access to information for individual users and government and private agencies.¹ This must be accompanied by efforts to protect personal data as a fulfillment of constitutional rights guarantees. Human rights are essentially an important part that is constitutionally based on the 1945 Constitution as a general rule, the scope of the protection of human rights for all citizens through the preparation of laws and regulations with provisions oriented to the provision of guarantees of human rights for the protection of human rights. rights that citizens must achieve.² Individuals must have a private place and are entitled to protection through the certainty of legal protection for their personal data so that there are no criminal acts related to the misuse of personal data. Such protection is a form of law harmonization, which has been regulated in the national and international scope.³

Fundamentally that privacy is so fundamental to the rights of everyone in maintaining the integrity and dignity of the individual.⁴ Alan Westin provides a view regarding the rights of individuals, groups, or communities that essentially have the right to regulate restrictions on access to personal information of individuals to others in an important component that underlies the increasing use of technology today, demands for disclosure of information and data control by various parties.⁵ The correlation between personal data and information with security guarantees and supervision in the realization of the concept of confidentiality is one aspect of

1 Kim Sundtoft Hald and Paula Coslugeanu, “The Preliminary Supply Chain Lessons of the COVID-19 Disruption—What Is the Role of Digital Technologies?,” Operations Management Research, 2021, 1–16.

2 Majda El-Muhtaj, Hak Asasi Manusia Dalam Konstitusi Indonesia (Jakarta: Kencana Prenada Media Group, 2015).

3 Christopher Kuner, “A. Court of Justice International Agreements, Data Protection, and EU Fundamental Rights on the International Stage: Opinion 1/15, EU-Canada PNR,” Common Market Law Review 55, no. 3 (2018).

4 Claudia Ogriseg, “GDPR and Personal Data Protection in the Employment Context,” Labour & Law Issues 3, no. 2 (2017):

1–24.

5 Alan F Westin, “Social and Political Dimensions of Privacy,” Journal of Social Issues 59, no. 2 (2003).

11

privacy rights that is integrated with Human Rights. Dicey stated that as one of the elements of implementing the rule of law, the state must provide comprehensive human rights guarantees.⁶ In line with Ali Zaidan's perspective that human rights are fundamental human rights that have innate and universal nature to become later recognized before God Almighty at his creation as a creature. Fundamental rights are necessary for the essential rule of law to become a discourse that guarantees fulfillment and protection. Inclusion in international instruments needs to be further regulated in specific arrangements in Indonesia.⁷

In general, it has been explained in Article 28 G paragraph (1) of the 1945 Constitution with a statement that there is a right granted related to the right to personal protection.

Furthermore, the configuration related to the protection that threatens and creates fear of doing something becomes a critical subject of Human rights.⁸ In fulfilling this, Danriyanto believes that the rights granted to the private and private spheres will give rise to morality and human values. There is a link between improving the relationship between individuals and society, providing independence or autonomy in regulating freely and influences related to tolerance to avoid discrimination and restrictions on power by the government.⁹ The description becomes a reference regarding personal and private data that needs to be regulated as a universal philosophy with written and unwritten rules such as laws.¹⁰ These rights will be related to spiritual needs in respecting feelings and the right to live their lives (the right to be let alone).¹¹

The scope related to personal data is essentially the identity of a person who needs protection, as described in Article 12 of the Universal Declaration of Human Rights.

Sustainability is systemically compiled into information to determine the identity of a person who is either letters or numbers marked with individual characteristics with privacy characteristics called population data. The current acceleration of digital disruption utilizes population data through government efforts to protect personal data.¹² The current form of government priorities is interpreted by providing access to population data to all government and private institutions, hoping to avoid potential data leakage practices.¹³ However, there are weaknesses in the aspect of legal protection, as well as the inadequate technological system.

The absence of regulations related to the categories of personal data that must be protected in the management of population data, as well as the absence of the rights and authority of the data owner in determining the limits of data users, are obstacles for the government in guaranteeing the constitutional rights of citizens.¹⁴

So there is a need for legal codification through the Personal Data Protection Bill's ratification, including population data protection in providing comprehensive clarity and guarantees. In addition, there is an obligation to implement a Zero Data Sharing Policy, which is expected to guarantee data protection through inter-institutional prohibitions to share population data with third parties sourced from government databases as data owners for data access provided to all data user institutions. However, there are limitations to the government's surveillance authority regarding the extent to which the data is managed and follow-up if any

6 Albert Venn Dicey, The Law of the Constitution, vol. 1 (Cambridge: Oxford University Press, 2013).

7 Federico Fabbrini, Fundamental Rights In Europe (Oxford University Press, 2014).

8 Rhona K.M. Smith, Hukum Hak Asasi Manusia (Bantul: PUSHAM UII, 2015).

9 A Gunawan Setiardja, “Hak-Hak Asasi Manusia Berdasarkan Ideologi Pancasila,” 1993.

10 Steve Peers et al., The EU Charter of Fundamental Rights: A Commentary (Bloomsbury Publishing, 2014).

11 Claudia Padovani and Mauro Santaniello, “Digital Constitutionalism: Fundamental Rights And Power Limitation In The Internet Eco-System,” 2018.

12 Maja Brkan, Monica Claes, and Clara Rauchegger, “European Fundamental Rights And Digitalization” (SAGE Publications Sage UK: London, England, 2020).

13 Siti Yuniarti, “Perlindungan Hukum Data Pribadi Di Indonesia,” Business Economic, Communication, and Social Sciences (BECOSS) Journal 1, no. 1 (2019): 147–54.

14 Nurmalasari, “Urgensi Pengesahan Rancangan Undang-Undang Perlindungan Data Pribadi Demi Mewujudkan Kepastian Hukum,” Syntax Idea 3, no. 8 (2021): 1947–66.

12

policy violations are found. Moreover, in the last few years, there has been a significant increase in the number of cases with various methods of theft of personal data by irresponsible persons.¹⁵

Figure 1. Data Theft Case Reports

Source: Cyber Patrol, 2016-2020

The increase in data leakage cases in 2015 – 2020 was caused by limited supervision, lack of adequate technology, and a security system that was very vulnerable in providing guarantees for the protection of personal data.¹⁶ The government's efforts to provide access to population data and implement the Zero Data Sharing Policy have not been considered adequate if legal protection aspects do not accompany them. In this case, it also needs to be based on the existence of supervision through an Independent Authority in ensuring the effectiveness of implementing PDP regulations in the future. These various obstacles, of course, do not only pay attention to the juridical element through the provisions of the established regulations but also need to be accompanied by an element of supervision.¹⁷ The surveillance authority in its conception refers to the EU General Data Protection Regulation (GDPR), which is the guideline for various countries in the international scope in forming functions, powers, and positions that will later affect efforts to protect personal data.¹⁸ The authority to carry out investigations and collective rights is considered to be in harmony with the Zero Data Sharing Policy through the supervision of data users and third parties on access to population data management, as well as ensuring the effectiveness and efficiency of the implementation of the Personal Data Protection Act which is the background of this research. In this case, our topic of discussion is to reflect on The Dynamics of Legal Protection Aspects in the Context of Population Data Management and The Role of Independent Surveillance Authority In The Protection of Population Data.

This research refers to the normative legal research method through the approach of applicable laws and regulations, as well as the use of library research.¹⁹ The approach to legislation is sourced from primary data in the form of the 1945 Constitution of the Republic of Indonesia, the rules for protecting personal data are explicitly only contained in the 1945 Constitution regarding the existence of sectoral rights to privacy in the Administrative Law, the ITE Law and other statutory provisions regarding the guarantee of population data.²⁰ In the explanation regarding the conception of the Authority of an Independent Surveillance Body, it

15 Joseph Fajar Simatupang, “Kriminalisasi Pencurian Data Pribadi Dalam Perspektif Hak Atas Privasi,” Kumpulan Jurnal Mahasiswa Fakultas Hukum, 2021.

16 Anggi Anggraeni Kusumoningtyas and Puspitasari Kajian Ketahanan Nasional, “Dilema Hak Perlindungan Data Pribadi Dan Pengawasan Siber: Tantangan Di Masa Depan,” Law Review 66 (1997): 177–205.

17 Amangku Putradewa Bagaskoro Satiman, “Analisis Yuridis Mengenai Lembaga Pengawas Independen Dalam Perlindungan Data Pribadi Di Indonesia Dan Uni Eropa Berdasarkan General Data Protection Regulation.= Judicial Review Regarding Independent Supervisory Institution Of Personal Data Protection In,” 2021.

18 Wan Indy Azka Arbella, “Perbandingan Hukum Terhadap Perlindungan Data Pribadi Menurut Hukum Positif Indonesia Dan General Data Protection Regulation (GDPR) Uni Eropa,” 2020.

19 Nurul Qamar et al., Metode Penelitian Hukum (Legal Research Methods) (CV. Social Politic Genius (SIGn), 2017).

20 Depri Liber Sonata, “Metode Penelitian Hukum Normatif Dan Empiris: Karakteristik Khas Dari Metode Meneliti Hukum,”

Fiat Justisia Jurnal Ilmu Hukum 8, no. 1 (2014): 15–35.

2 0 1 6 2 0 1 7 2 0 1 8 2 0 1 9 2 0 2 0

20 47 88

143 182

13

refers to the General Data Protection Regulation (GDPR) in the legal realm of the European Union (EU) which is the legal reference for the establishment of the authority of the agency, and other statutory regulations. Regarding the literature study, which will be sourced from secondary materials in the form of books, journals, and other legal materials. The author will use descriptive analysis in qualitative data management accompanied by a deductive method, through the acquisition of the data which will be processed descriptively in order to conclude general questions into specific conclusions. It can be proven in this study that there is an urgency in the aspect of legal protection in overcoming various problems in providing access to population data and implementing the Zero data sharing policy as a government priority in fulfilling the guarantee of citizens' constitutional rights. In addition, there is an obligation to establish an Independent Surveillance Agency Authority which in its authority can ensure the effectiveness of the implementation of the Personal Data Protection Law in Indonesia.

The author examines the relationship between personal data and personal information with security guarantees in the legal protection of personal data. This research's novelty is expected to significantly contribute to efforts to protect population data.

B. Discussion

1. The Dynamics of Legal Protection Aspects in The Context of Population Data Management

The scope of human rights rules in the constitution of our country is one of the efforts to crystallize the basic values contained in the fundamental norms (Grundnorms) in the content of Pancasila.²¹ The primary position of Pancasila regarding the level of rules for applying the constitution can be followed up into a juridical aspect which is impressively contained in the constitution through the applicable rules.²² Furthermore, in-depth that the constitutional rights guaranteed by the state on Human Rights relating to the right to protect personal data, which is contextually correlated with private rights.²³ There is a statement by Warren and Brandeis in their thinking that related to privacy is a right that is used to deal with the dynamics of life that cannot be separated from demands for legal recognition through instruments and forms of supervision that are determined.²⁴

In this case, personal data becomes one of the essential points in fulfilling personal rights because, in general, it becomes inherent in human identity.²⁵ It is appropriate that personal data information has relevance to the conception of human rights that existentially can overcome arbitrary actions in accessing personal data protection by various parties.²⁶ The granting of recognition of constitutional rights through the fulfillment of individual rights to obtain data security and protection against errors in managed data (data habeas), especially in the protection of the current population data management.²⁷ In line with the statement that the basic guarantees related to the management of population data as personal data have been regulated in Law

21 Jimly Asshiddiqie, Konstitusi Dan Konstitusionalisme Indonesia, Ed. 3 (Jakarta: Sinar Grafika, 2004).

22 Taufiqurrohman Syahuri, Tafsir Konstitusi Berbagai Aspek Hukum (Jakarta: Kencana Prenada Media Group, 2011).

23 Stefano Rodotà, “Data Protection As a Fundamental Right,” in Reinventing Data Protection? (Springer, 2009), 77–82.

24 Hin-Yan Liu, The Digital Disruption Of Human Rights Foundations, Human Rights, Digital Society and the Law (Routledge, 2019).

25 David Banisar and Simon Davies, “Global Trends in Privacy Protection: An International Survey of Privacy, Data Protection, and Surveillance Laws and Developments,” J. Marshall J. Computer & Info. L. 18 (1999): 1.

26 Fanny Priscyllia, “Perlindungan Privasi Data Pribadi Perspektif Perbandingan Hukum,” Jatiswara 34, no. 3 (2019): 239–49.

27 Daniela Ježová, “Fundamental Rights in the European Union–Perspective of the Digital Era,” JEZOVA, D.: Fundamental Rights in the European Union-Perspective of the Digital Era, In: Human Rights in EU External Relations: Between Law and Politics.-Bratislava: Vydavateľstvo UK, Univerzita Komenského, 2017, 79–86.

14

Number 23 of 2006 concerning Population Administration regarding amendments to Law Number 24 of 2013 with the material contents, namely²⁸:

“certain personal data that is stored, maintained, and kept true and protected by confidentiality.”

An embodiment of the government's efforts contained in the policy is through the provision of access and use of population information to integrate related to managing occupation data.²⁹ The granting of such access becomes the validity of the digital data utilization program in all public service sectors to optimize the development of the digital era, later based on Permendagri No. 61 of 2015. There is an arrangement regarding the granting of permits between the Director General of Population and Civil Registration as the data owner and the user institution through an MoU agreement followed by a Cooperation Agreement.³⁰ The Minister of Home Affairs grants access to population data to various organizing parties and agencies that are given access to population data following the permission given.³¹ Utilization of access to data verification through a functional technology system, one which can minimize the misuse of personal data, which has an impact on financial losses and individual dignity.³² As in the current modus operandi, in cases of data theft, used to break into accounts and other fictitious things without the data subject's consent.³³ The concretization of prevention through systemic access to population data will reduce the risk of data misuse.³⁴

Provisions regarding restrictions on the access of these institutions through managed data can only be used for relevant purposes relating to verification related to whether or not the data provided by the community is related to the population database of the Department of Population and Civil Registration. Systemically, it will minimize the collection and use of user or institutional data outside the provisions of the applicable agreement following the Data Minimization principle of the General Data Protection Regulation (GDPR).³⁵ Concerning the scope of the user, the institution gains access to and uses population data. There is a rule that government and private institutions can have such access rights with great opportunities.

However, it needs to be accompanied by various considerations regarding the minimum aspect of guaranteeing optimal personal data protection.³⁶ The vulnerability of cooperation agreements between the government and user institutions, especially to the private sector, creates the potential for data misuse by specific individuals. Ardi Sutedja, Chair of the Indonesian Cyber Security Forum (ICSF), stated in a virtual discussion on August 10, 2020, with the theme "The Urgency of an Independent Supervisory Authority in the Protection of Personal Data, that the capability of personal data in Indonesia is still very minimal in cooperation in managing

28 Undang-Undang Republik Indonesia Nomor 24 Tahun 2013 Tentang Administrasi Kependudukan (Lembaran Negara Republik Indonesia Nomor 232 Tahun 2013, Tambahan Lembaran Negara Republik Indonesia Nomor 5475).

29 Ilsta Masrukah, Ari Subowo, and Dyah Lituhayu, “Studi Implementasi Undang-Undang Nomor 23 Tahun 2006 Tentang Administrasi Kependudukan Dalam Pelaksanaan Program e-KTP Di Kabupaten Pati,” Journal of Public Policy and Management Review 5, no. 1 (2016): 238–47.

30 Peraturan Kementerian Dalam Negeri Nomor 61 Tahun 2015 Tentang Persyaratan, Ruang Lingkup Dan Tata Cara Pemberian Hak Akses Serta Pemanfaatan Nomor Induk Kependudukan, Data Kependudukan Dan Kartu Tanda Penduduk Elektronik.

31 Stefanus Arwandi Jai, Dody Setyawan, and Ignatius Adiwidjaja, “Implementasi Sistem Informasi Administrasi Kependudukan,” JISIP: Jurnal Ilmu Sosial Dan Ilmu Politik 5, no. 1 (2016).

32 Sri Handriana Dewi Hastuti, “Pentingnya Pemanfaatan Data Kependudukan Di Era Digital,” TEKNIMEDIA: Teknologi Informasi Dan Multimedia 1, no. 1 (2020): 18–21.

33 Muhamad Hasab Rumlus and Hanif Hartadi, “Kebijakan Penanggulangan Pencurian Data Pribadi Dalam Media Elektronik,”

Jurnal HAM 11, no. 2 (2020): 285.

34 Edhy Sutanta and Ahmad Ashari, “Distribusi Basis Data Kependudukan Untuk Optimalisasi Akses Data: Suatu Kajian Pustaka,” Jurnal Ilmu Komputer 5, no. 1 (2012): 1–9.

35 Paul Voigt and Axel Von dem Bussche, “The Eu General Data Protection Regulation (GDPR),” A Practical Guide, 1st Ed., Cham: Springer International Publishing 10 (2017): 3152676.

36 Indra Rahmatullah, “Pentingnya Perlindungan Data Pribadi Dalam Masa Pandemi Covid-19 Di Indonesia,” Adalah 5, no. 1 (2021).

15

population data.³⁷ These efforts do not guarantee protection against misuse of personal data because current digital advances in Deep Data Mining technology will continuously become more sophisticated. To find loopholes in the personal data hacking system. Moreover, the number of institutions that use data verification access rights, totaling 3,856 ministries and institutions across sectors, is currently accompanied by many cases of data theft that require priority efforts to handle the current government.

Table 1. Personal Data Leak Case

Source: Classification of Personal Data Leakage Cases 2020-2021

Based on the data above, the prevalence of data leakage cases in the past two years, both in state and private institutions, is a form of the government's failure to anticipate. Regarding the type of user data stolen, it is susceptible, such as names, home addresses, and work data, to Family Cards, which are still in the personal data category. The discovery evidences the potential for misuse of the data that the hacked results will be sold on hacker forums as a means of exchange and database transactions such as RaidForums.³⁸ The government's obligation to deal with data leakage is the urgency of establishing special rules regarding the protection and the existence of a sketch that guarantees the right to privacy of a person regarding personal data in specifically regulating the scope and granting authority to owners and users of personal data.³⁹ The need to map the risk of granting access rights based on the reference to the

37 Achmad Nasrudin Yahya, “Keamanan PeduliLindungi Disorot, ICSF: Tak Ada Aplikasi Yang 100 Persen Aman,” Kompas, 2021, https://nasional.kompas.com/read/2021/09/07/14201521/keamanan-pedulilindungi-disorot-icsf-tak-ada-aplikasi- yang-100-persen-aman?page=all.

38 Ririn Aswandi, Putri Rofifah Nabilah Muchsin, and Muhammad Sultan, “Perlindungan Data Dan Informasi Pribadi Melalui Indonesian Data Protection System (Idps),” Jurnal Legislatif 3, no. 2 (2020): 167–90.

39 Erlina Maria Christin Sinaga and Mery Christian Putri, “Formulasi Legislasi Perlindungan Data Pribadi Dalam Revolusi Industri 4.0,” Jurnal Rechts Vinding: Media Pembinaan Hukum Nasional 9, no. 2 (2020): 237.

Type of

Institution Institution Number of Data Leaks

1 Government

e-HAC Kementerian

Kesehatan

1,3 Million BPJS Kesehatan 279 Million BRI Life 2 Million Komisi Pemilihan

Umum 2,3 Million

2 Private

Tokopedia 91 Million Bhinneka.com 1,2 Million

Kreditplus 890 Thousand RedDoorz 5,8 Million

Cermati[ 2,9 Million

16

Population Administration Law with the necessity to continue to pay attention to aspects of personal data protection.⁴⁰

In the essential explanation regarding the definition and scope of personal data, there is a requirement for personal data to be treated, stored, and protected the truth of the data and to keep the confidentiality of specific individual data or in large numbers based on the Population Administration Law and Government Regulation Number 40/ 2019.⁴¹ However, there are limitations regarding the scope of the data, which concretely only includes biometric data such as fingerprints, irises, and a person's physical and/or mental disabilities, signatures, and other data elements considered a person's disgrace. Personal data should also include Name, KK, NIK, Date of Birth, to the address of an individual who needs protection for his confidentiality.⁴² So that, later, will cause new problems, considering that the data is still used as a criterion for accessing population data by other institutions.⁴³ Explicit rules are only contained in the 1945 Constitution regarding the existence of sectoral rights to privacy in the Administrative Law, ITE Law, and other statutory provisions regarding population data security.⁴⁴

In addition, no rules significantly explain the various regulations regarding granting access to ministries or institutions as a public service sector.⁴⁵ Such ambiguity cannot provide certainty of protection for parties who gain access not to take actions outside the provisions of the cooperation agreement, such as processing and collecting population data.⁴⁶ So it can be concluded that comprehensively there is a need for regulations governing the provision of information on failures and data processing actions outside the provisions, unilateral data deletion in guaranteeing the constitutional rights of individuals as data subjects in the formation of the personal data management according to valid principles and criteria, as well as specific arrangements, regarding the rights and obligations of controllers and data owners in their fulfillment in the form of accurate data verification.⁴⁷

Currently, there is a Zero Data Sharing Policy implemented by the Ministry of Home Affairs through the obligation for users to comply with the policy through a prohibition on data sharing and its use by third parties sourced from Dukcapil population data.⁴⁸ There are restrictions on access rights to population data by the data users; namely, they are only allowed to access the data to verify its suitability of the data. In this case, it was motivated by the leakage of population data by the General Elections Commission, which allegedly came from a third party.⁴⁹ Whereas population data is static, it is feared that changes will occur in the database.

The government's efforts are not accompanied by optimal legal instruments for the rights or authorities of data owners (rights of data subjects). So there is ambiguity regarding the position and legitimate interest of the Ministry of Home Affairs in determining who can use access.

40 Ani Sri Rahayu, “Pentingnya Regulasi Perlindungan Data Pribadi,” Arsip Publikasi Ilmiah Biro Administrasi Akademik, 2020.

41 “Kerentanan Perlindungan Data Pribadi Dalam Pengelolaan Data Kependudukan,” E L S A M, 2019, https://elsam.or.id/kerentanan-perlindungan-data-pribadi-dalam-pengelolaan-data-kependudukan/.

42 I Putu Bhisama Labdajaya and Ni Made Ari Yuliartini Griadhi, “Pengelolaan Data Kependudukan Terhadap Perlindungan Data Pribadi,” Jurnal Kertha Negara 8, no. 10 (2020): 16–38.

43 Setyawati Fitri Anggraeni, “Polemik Pengaturan Kepemilikan Data Pribadi: Urgensi Untuk Harmonisasi Dan Reformasi Hukum Di Indonesia,” Jurnal Hukum & Pembangunan 48, no. 4 (2018): 814–25.

44 Sahat Maruli Tua Situmeang, “Penyalahgunaan Data Pribadi Sebagai Bentuk Kejahatan Sempurna Dalam Perspektif Hukum Siber,” SASI 27, no. 1 (2021): 38–52.

45 Nur Utami Hadi Putri Rezkia, “Perlindungan Hukum Terhadap Data Pribadi Konsumen Dalam Registrasi Sim Card,” 2020.

46 Roida Nababan and Nelson Persada Sinaga, “Perlindungan Hukum Bagi Konsumen Yang Data Pribadinya Diperjual Belikan Di Aplikasi Fintech Peer-To-Peer Lending,” NOMMENSEN JOURNAL OF LEGAL OPINION 2, no. 02 (2021): 156–67.

47 I Wayan Atmanu Wira Pratana, “Urgensi Pengaturan Mekanisme Pemanfaatan Data Pribadi Dalam Rancangan Undang- Undang Perlindungan Data Pribadi,” Jurnal Hukum Lex Generalis 2, no. 8 (2021): 701–21.

48 Sasongko Sasongko et al., “Konsep Perlindungan Hukum Data Pribadi Dan Sanksi Hukum Atas Penyalahgunaan Data Pribadi Oleh Pihak Ketiga,” in Conference on Law and Social Studies, vol. 1, 2020, 16–27.

49 Farida Yulianti, “Contoh Kasus Cyber Crime Dan Penyelesaiannya,” 2021.

17

Moreover, until now, there is no rule regarding the rights of the data owner to refuse (Right to object) the granting of third-party access rights to personal data.⁵⁰

The urgency regarding the formulation until the ratification of the Personal Data Protection Bill is essentially a fulfillment of Human Rights to use legal instruments to prevent and overcome cases of personal data theft.⁵¹ The government should first apply the Personal Data Protection Law rather than the rules regarding cooperation in managing population data which are only contained in the Cooperation Agreement which causes the inability to find violat ions of the restrictions on the cooperation pattern so that there are clear and comprehensive guidelines to protect and minimize the potential for misuse of Indonesian population data.⁵² In addition, the ratification of the Personal Data Protection Law needs to be accompanied by a Personal Data Protection supervisory agency through an independent authority as a fulfillment of guarantees in implementing the Personal Data Protection Law.⁵³ The increase in cases of data leakage and misuse does not only require a juridical element in the formulation of laws and regulations as legal certainty but also needs to prioritize aspects of supervision of personal data.⁵⁴ Specific surveillance authority that can provide effectiveness and efficiency in implementing the Zero Data Sharing Policy through comprehensive monitoring of the operation of population data access management.⁵⁵

2. The Role of Independent Surveillance Authority in The Protection of Population Data The establishment of the PDP Independent Monitoring authority refers to international juridical rules such as the UN Guidelines for the Regulation of Computerized Personal Data Files 1990, which are based on the general guarantee principle through the interpretation of the establishment of an independent surveillance body.⁵⁶ The statement contained in the rules of the European convention regarding the processing of personal data explains that there is a responsibility to establish a supervisory agency in law enforcement. Efforts to ensure the protection of personal data are a must contained in the rules of the European Union General Data Protection Regulation (EU GDPR).⁵⁷ Intrinsically, personal data is a relationship between a person's personal life and human rights. Establishing a surveillance authority will provide innovative anticipatory procedures by the government to fulfill constitutional rights guarantees.⁵⁸

The UK's relevance in protecting personal data is contained materially to integrate personal data based on a protection rule called The Data Protection Act 1998. One of the important points explained in the law is data control for parties who control the database and personal data management through the authority absolutely by an implementing agency, namely The Data

50 Maulana Yusup and Neni Ruhaeni, “Peraturan Perlindungan Data Pribadi Berdasarkan Instrumen Hukum Internasional Dan Implementasinya Di Indonesia,” 2019.

51 Rodes Ober Adi Guna Pardosi and Yuliana Primawardani, “Perlindungan Hak Pengguna Layanan Pinjaman Online Dalam Perspektif Hak Asasi Manusia (Protection of the Rights of Online Loan Customers from a Human Rights Perspective),” n.d.

52 Upik Mutiara and Romi Maulana, “Perlindungan Data Pribadi Sebagai Bagian Dari Hak Asasi Manusia Atas Perlindungan Diri Pribadi,” Indonesian Journal of Law and Policy Studies 1, no. 1 (2020): 42–54.

53 Florianus Yudhi Priyo Amboro and Viona Puspita, “Perlindungan Hukum Atas Data Pribadi (Studi Perbandingan Hukum Indonesia Dan Norwegia),” in CoMBInES-Conference on Management, Business, Innovation, Education and Social Sciences, vol. 1, 2021, 415–27.

54 Veronica Novinna, “Perlindungan Konsumen Dari Penyebarluasan Data Pribadi Oleh Pihak Ketiga: Kasus Fintech ‘Peer to Peer Lending,’” Jurnal Magister Hukum Udayana 9, no. 1 (2020): 92–110.

55 Sania Mashabi, “Dukcapil Wajibkan Lembaga Pengguna Terapkan Zero Data Sharing Policy,” KOMPAS, 2021, https://www.dukcapil.kemendagri.go.id/berita/baca/882/dukcapil-wajibkan-lembaga-pengguna-terapkan-zero-data-sharing- policy.

56 U N OHCHR, “Guidelines for the Regulation of Computerized Personal Data Files,” Adapted by General Assembly Resolution 45 (1990): 95.

57 I T Governance Privacy Team, Eu General Data Protection Regulation (GDPR)–An Implementation And Compliance Guide (IT Governance Ltd, 2020).

58 Antonio Cassese, Hak Asasi Manusia Di Dunia Yang Berubah (Yayasan Obor Indonesia, 1994).

18

Protection Commissioner.⁵⁹ The agency is considered to have an essential role in monitoring information regarding personal data that is used for various purposes online, in terms of being the main factor determining the success of the PDP regulation by the government to tackle various cases of misuse of personal data independently. However, Indonesia does not have regulations regarding the commissioner body.⁶⁰

The international standardization reference substantially influences the formulation of the PDP Bill, which is a factor in forming independent surveillance authority in providing functions, duties, and positions related to the data protection authority that has authority over the government.⁶¹ Although some time ago, there were obstacles regarding an order to the Jokowi government that stated a prohibition on the creation of new institutions with efficiency factors, in the context of the affordability of the PDP Law, it must include supervision of state and private-public bodies. Establishing an independent surveillance authority is crucial in increasing data leakage and misuse, accompanied by many personal data whose access is granted to various institutions/agencies.⁶² In addition, the need for adequacy or equality between personal data protection laws and other countries is the government's task in implementing the principle of extraterritorial jurisdiction in statutory provisions. The independence of the surveillance authority is assessed following the principle that a single authority will obtain certainty of data control, or on individual rights, they can claim rights with the involvement of the current independent commission to stakeholders within the government, namely the Ministry of Communication and Information and outside government elements, namely private institutions in the business and business sectors and other.⁶³

The decision-making model of authority through an independent position is fundamental in its compatibility with protecting personal data.⁶⁴ The continuity of the development of the position model can essentially be placed in non-ministerial institutions, both in the form of special agencies in the realm of executive power (Executive branch agencies), as well as in independent regulatory agencies. The harmonization of the functions of independent data protection authorities in the public sphere will ensure protection through the compliance of processors and controllers of personal data, both for individuals, public bodies, and institutions in the private sector based on the provisions of laws and regulations later. Not only implementing a privacy policy but as an effort to provide awareness, provide consultation, and develop technology governance. It is expected that later entities in ministries/state and private institutions will be monitored in a complex manner, such as in financial and business companies and other government institutions concerning personal data protection.⁶⁵

59 Sharon McLaughlin, “Ireland: Independence of Data Protection Commissioner Challenged by Digital Rights Ireland,” Eur.

Data Prot. L. Rev. 2 (2016): 114.

60 Annetje Ottow, “Independent Supervisory Authorities: A Fragile Concept,” Legal Issues of Economic Integration 39, no. 4 (2012).

61 Sinta Dewi, “Konsep Perlindungan Hukum Atas Privasi Dan Data Pribadi Dikaitkan Dengan Penggunaan Cloud Computing Di Indonesia,” Yustisia Jurnal Hukum 5, no. 1 (2016): 35–53.

62 Farah Naurah Khansa, “Penguatan Hukum Dan Urgensi Otoritas Pengawas Independen Dalam Perlindungan Data Pribadi Di Indonesia” 2, no. 8 (2021): 649–62.

63 Laura Drechsler, “What Is Equivalent? A Probe into GDPR Adequacy Based on EU Fundamental Rights,” A Probe into GDPR Adequacy Based on EU Fundamental Rights (February 21, 2019). Jusletter IT 21 (2019).

64 Stefan Handke, “A Problem of Chief and Indian—The Role of the Supervisory Authority BaFin and the Ministry of Finance in German Financial Market Policy,” Policy and Society 31, no. 3 (2012): 237–47.

65 Imas Novita Juaningsih et al., “Rekonsepsi Lembaga Pengawas Terkait Perlindungan Data Pribadi Oleh Korporasi Sebagai Penegakan Hak Privasi Berdasarkan Konstitusi,” SALAM: Jurnal Sosial Dan Budaya Syar-I 8, no. 2 (2021): 469–86.

19

The conception of the current government's efforts through the Zero Data Sharing Policy substantially regulates all institutions or agencies that have access to population data related to interests, including data verification, not to disseminate or share with third parties.⁶⁶ Government supervision through the Ministry of Home Affairs tends to have limitations on its authority, which has not been regulated in various laws and regulations. Systemic supervision only looks at the suitability of access to population data and overcomes technical obstacles without knowing the extent to which the data is accessed directly. Monitoring implementation is only carried out through submitting reports by various data user institutions, which tend to appear reactive.

Efforts to limit access rights to the users of population data conceptually require an essential component, namely an independent surveillance Agency Authority in achieving the optimization of the Zero Data Sharing Policy. The draft of the establishment relating to its powers and duties can be adjusted to the standardization of international agreements, one of which is stated in the EU GDPR. The regulation can be used as a reference for the government as a manifestation of the harmonization of supervision on its authority as a whole following Article 58 of the EU GDPR, such as its authority to investigate various dispute problems and their resolution, then the collective authority to carry out supervision and actions between actions against discretion taken between users. And the data owner, and as an advisory power in recommending advice on efforts to improve in managing population data.⁶⁷

Furthermore, the explanation of the conception of the author's perspective in adjusting the EU GDPR can carry out investigations with third parties through their right to review certifications held by user institutions as criteria for granting population data access rights, requesting any information needed from users and data owners regarding the implementation of supervision, and complete access to the entire system following the provisions of the applicable legislation later.⁶⁸ Then, in their collective authority, they can give warnings or warnings regarding the tendency to violate the provisions of the Zero Data Sharing Policy, give orders regarding the fulfillment of subject data rights as a guarantee of individual constitutional rights, and carry out data management following the provisions of the legislation. Furthermore, it can provide sanctions for violations regarding data misuse through operational prohibitions and fines to the relevant institutions and withdraw the certification of population data access requirements if the applicable regulatory provisions are no longer met.⁶⁹ Regarding its obligations in adjusting standard contract clauses, the context of cooperation through a memorandum of understanding (MoU) which is followed up by a Cooperation Agreement, needs to be adjusted to the authority of the Independent Surveillance Agency Authority related to requirements, technology governance, and periodic monitoring in assuring personal data protection.⁷⁰

66 Disdukcapil, “Kemendagri Wajibkan Lembaga Pengguna Data Kependudukan Dari Dukcapil Terapkan Zero Data Sharing Policy,” accessed November 2, 2021, https://nasional.kompas.com/read/2021/10/22/12330861/kemendagri-wajibkan- lembaga-pengguna-data-kependudukan-dari-dukcapil.

67 Welderufael B Tesfay et al., “Privacy Guide: Towards An Implementation Of The EU GDPR On Internet Privacy Policy Evaluation,” in Proceedings of the Fourth ACM International Workshop on Security and Privacy Analytics, 2018, 15–21.

68 Bocong Yuan and Jiannan Li, “The Policy Effect Of The General Data Protection Regulation (GDPR) On The Digital Public Health Sector In The European Union: An Empirical Investigation,” International Journal of Environmental Research and Public Health 16, no. 6 (2019): 1070.

69 David Barnard-Wills, Cristina Pauner Chulvi, and Paul De Hert, “Data Protection Authority Perspectives On The Impact Of Data Protection Reform On Cooperation In The EU,” Computer Law & Security Review 32, no. 4 (2016): 587–98.

70 Nurul Jannah Lailatul Fitria and Husni Mubaroq, “Pemanfaatan Database Kependudukan Untuk Daftar Pemilih Tetap Dengan Sistem Nota Kesepahaman Dan Perjanjian Kerja Sama,” Musamus Journal of Public Administration 4, no. 1 (2021):

22–32.

20

C. Conclusion

The impact of digital transformation currently requires the protection of personal data, considering that currently, there are an increasing number of cases of data leakage, both in state public institutions and the private sector. The current weakness of the government's technology system has become the potential for various data misuse practices for the interests of certain parties. The current concretization of the government's efforts focuses on providing access to population data to minimize irregularities that result in losses to one's dignity and finances. In addition, there is an obligation to implement the Zero Data Sharing Policy, which is expected to ensure optimal data protection through inter-institutional prohibitions against sharing population data with third parties. However, there are limitations to the protection of personal data due to government authority and inadequate technology to determine the scope of population data used by data users.

The tendency leads to ambiguity in the boundaries of data protection so that the authorities and duties of the government require the codification of laws regarding the protection of personal data in providing clarity and effectiveness of protection. In addition, the urgency of ratifying the Personal Data Protection Bill needs to be accompanied by considerations of establishing an Independent Monitoring Authority following European Union General Data Protection Regulation (EU GDPR) standards. Its independent position will prevent intervention from various parties that affect the implementation of supervision. Functionally it is considered appropriate to implement the Zero Data Sharing Policy through the conception of investigative authority and collective rights as a guarantee of citizens' constitutional rights in fulfilling human rights.

Acknowledgments

The authors would like to thank all those who have helped in the process of completing this article. Hopefully, it can provide benefits for readers in terms of the urgency of the Personal Data Protection Bill and its form of supervision, as well as for other authors to be used as research references on the conception of the role of Independent Surveillance Authority in the Efforts to Protect Population Data in Indonesia.

Bibliography

A. Book

Asshiddiqie, Jimly. Konstitusi Dan Konstitusionalisme Indonesia. Cetakan Ke. Jakarta: Sinar Grafika, 2004.

Cassese, Antonio. Hak Asasi Manusia Di Dunia Yang Berubah. Yayasan Obor Indonesia, 1994.

Dicey, Albert Venn. The Law of the Constitution. Vol. 1. Cambridge: Oxford University Press, 2013.

El-Muhtaj, Majda. Hak Asasi Manusia Dalam Konstitusi Indonesia. Jakarta: Kencana Prenada Media Group, 2015.

Fabbrini, Federico. Fundamental Rights In Europe. Oxford University Press, 2014.

Liu, Hin-Yan. The Digital Disruption Of Human Rights Foundations. Human Rights, Digital Society and the Law. Routledge, 2019.

21

Peers, Steve, Tamara Hervey, Jeff Kenner, and Angela Ward. The EU Charter of Fundamental Rights: A Commentary. Bloomsbury Publishing, 2014.

Setiardja, A Gunawan. “Hak-Hak Asasi Manusia Berdasarkan Ideologi Pancasila,” 1993.

Simatupang, Joseph Fajar. “Kriminalisasi Pencurian Data Pribadi Dalam Perspektif Hak Atas Privasi.” Kumpulan Jurnal Mahasiswa Fakultas Hukum, 2021.

Smith, Rhona K.M. Hukum Hak Asasi Manusia. Bantul: Pusham UII, 2015.

Syahuri, Taufiqurrohman. Tafsir Konstitusi Berbagai Aspek Hukum. Jakarta: Kencana Prenada Media Group, 2011.

Team, I T Governance Privacy. Eu General Data Protection Regulation (GDPR)–An Implementation And Compliance Guide. IT Governance Ltd, 2020.

B. Journal

Amboro, Florianus Yudhi Priyo, and Viona Puspita. “Perlindungan Hukum Atas Data Pribadi (Studi Perbandingan Hukum Indonesia Dan Norwegia).” In CoMBInES-Conference on Management, Business, Innovation, Education and Social Sciences, 1:415–27, 2021.

Anggraeni, Setyawati Fitri. “Polemik Pengaturan Kepemilikan Data Pribadi: Urgensi Untuk Harmonisasi Dan Reformasi Hukum Di Indonesia.” Jurnal Hukum & Pembangunan 48, no. 4 (2018): 814–25.

Aswandi, Ririn, Putri Rofifah Nabilah Muchsin, and Muhammad Sultan. “Perlindungan Data Dan Informasi Pribadi Melalui Indonesian Data Protection System (Idps).” Jurnal Legislatif 3, no. 2 (2020): 167–90. https://doi.org/10.20956/jl.v3i2.14321

Banisar, David, and Simon Davies. “Global Trends in Privacy Protection: An International Survey of Privacy, Data Protection, and Surveillance Laws and Developments.” J.

Marshall J. Computer & Info. L. 18 (1999): 1.

Barnard-Wills, David, Cristina Pauner Chulvi, and Paul De Hert. “Data Protection Authority Perspectives On The Impact Of Data Protection Reform On Cooperation In The EU.”

Computer Law & Security Review 32, no. 4 (2016): 587–98.

Dewi, Sinta. “Konsep Perlindungan Hukum Atas Privasi Dan Data Pribadi Dikaitkan Dengan Penggunaan Cloud Computing Di Indonesia.” Yustisia Jurnal Hukum 5, no. 1 (2016): 35–

53. https://doi.org/10.20961/yustisia.v5i1.8712

Fitria, Nurul Jannah Lailatul, and Husni Mubaroq. “Pemanfaatan Database Kependudukan Untuk Daftar Pemilih Tetap Dengan Sistem Nota Kesepahaman Dan Perjanjian Kerja Sama.” Musamus Journal of Public Administration 4, no. 1 (2021): 22–32.

https://doi.org/10.35724/mjpa.v4i1.3786

Hald, Kim Sundtoft, and Paula Coslugeanu. “The Preliminary Supply Chain Lessons of the COVID-19 Disruption—What Is the Role of Digital Technologies?” Operations Management Research, 2021, 1–16.

Handke, Stefan. “A Problem of Chief and Indian—The Role of the Supervisory Authority BaFin and the Ministry of Finance in German Financial Market Policy.” Policy and Society 31, no. 3 (2012): 237–47.

Hastuti, Sri Handriana Dewi. “Pentingnya Pemanfaatan Data Kependudukan Di Era Digital.”

TEKNIMEDIA: Teknologi Informasi Dan Multimedia 1, no. 1 (2020): 18–21.

https://doi.org/10.46764/teknimedia.v1i1.9

22

Jai, Stefanus Arwandi, Dody Setyawan, and Ignatius Adiwidjaja. “Implementasi Sistem Informasi Administrasi Kependudukan.” JISIP: Jurnal Ilmu Sosial Dan Ilmu Politik 5, no. 1 (2016). https://doi.org/10.33366/jisip.v5i1.216

Ježová, Daniela. “Fundamental Rights in the European Union–Perspective of the Digital Era.”

JEZOVA, D.: Fundamental Rights in the European Union-Perspective of the Digital Era, In: Human Rights in EU External Relations: Between Law and Politics.-Bratislava:

Vydavateľstvo UK, Univerzita Komenského, 2017, 79–86.

Juaningsih, Imas Novita, Rayhan Naufaldi Hidayat, Kiki Nur Aisyah, and Dzakwan Nurirfan Rusli. “Rekonsepsi Lembaga Pengawas Terkait Perlindungan Data Pribadi Oleh Korporasi Sebagai Penegakan Hak Privasi Berdasarkan Konstitusi.” Salam: Jurnal Sosial Dan Budaya Syar-I 8, no. 2 (2021): 469–86.

Khansa, Farah Naurah. “Penguatan Hukum Dan Urgensi Otoritas Pengawas Independen Dalam Perlindungan Data Pribadi Di Indonesia” 2, no. 8 (2021): 649–62.

https://doi.org/10.56370/jhlg.v2i8.114

Kuner, Christopher. “A. Court of Justice International Agreements, Data Protection, and EU Fundamental Rights on the International Stage: Opinion 1/15, EU-Canada PNR.”

Common Market Law Review 55, no. 3 (2018).

Kusumoningtyas, Anggi Anggraeni, and Puspitasari Kajian Ketahanan Nasional. “Dilema Hak Perlindungan Data Pribadi Dan Pengawasan Siber: Tantangan Di Masa Depan.” Law Review 66 (1997): 177–205.

Labdajaya, I Putu Bhisama, and Ni Made Ari Yuliartini Griadhi. “Pengelolaan Data Kependudukan Terhadap Perlindungan Data Pribadi.” Jurnal Kertha Negara 8, no. 10 (2020): 16–38.

Masrukah, Ilsta, Ari Subowo, and Dyah Lituhayu. “Studi Implementasi Undang-Undang Nomor 23 Tahun 2006 Tentang Administrasi Kependudukan Dalam Pelaksanaan Program e-KTP Di Kabupaten Pati.” Journal of Public Policy and Management Review 5, no. 1 (2016): 238–47. 10.14710/jppmr.v5i1.10438

McLaughlin, Sharon. “Ireland: Independence of Data Protection Commissioner Challenged by Digital Rights Ireland.” Eur. Data Prot. L. Rev. 2 (2016): 114.

Mutiara, Upik, and Romi Maulana. “Perlindungan Data Pribadi Sebagai Bagian Dari Hak Asasi Manusia Atas Perlindungan Diri Pribadi.” Indonesian Journal of Law and Policy Studies 1, no. 1 (2020): 42–54. http://dx.doi.org/10.31000/ijlp.v1i1.2648.g1629

Nababan, Roida, and Nelson Persada Sinaga. “Perlindungan Hukum Bagi Konsumen Yang Data Pribadinya Diperjual Belikan Di Aplikasi Fintech Peer-To-Peer Lending.”

Nommensen Journal of Legal Opinion 2, no. 02 (2021): 156–67.

Novinna, Veronica. “Perlindungan Konsumen Dari Penyebarluasan Data Pribadi Oleh Pihak Ketiga: Kasus Fintech ‘Peer to Peer Lending.’” Jurnal Magister Hukum Udayana 9, no. 1 (2020): 92–110.

Nurmalasari. “Urgensi Pengesahan Rancangan Undang-Undang Perlindungan Data Pribadi Demi Mewujudkan Kepastian Hukum.” Syntax Idea 3, no. 8 (2021): 1947–66.

Ogriseg, Claudia. “GDPR and Personal Data Protection in the Employment Context.” Labour

& Law Issues 3, no. 2 (2017): 1–24.

OHCHR, U N. “Guidelines for the Regulation of Computerized Personal Data Files.” Adapted by General Assembly Resolution 45 (1990): 95.

23

Ottow, Annetje. “Independent Supervisory Authorities: A Fragile Concept.” Legal Issues of Economic Integration 39, no. 4 (2012).

Pratana, I Wayan Atmanu Wira. “Urgensi Pengaturan Mekanisme Pemanfaatan Data Pribadi Dalam Rancangan Undang-Undang Perlindungan Data Pribadi.” Jurnal Hukum Lex Generalis 2, no. 8 (2021): 701–21. https://doi.org/10.56370/jhlg.v2i8.106

Priscyllia, Fanny. “Perlindungan Privasi Data Pribadi Perspektif Perbandingan Hukum.”

Jatiswara 34, no. 3 (2019): 239–49. https://doi.org/10.29303/jatiswara.v34i3.218

Rodotà, Stefano. “Data Protection As a Fundamental Right.” In Reinventing Data Protection?, 77–82. Springer, 2009.

Rumlus, Muhamad Hasab, and Hanif Hartadi. “Kebijakan Penanggulangan Pencurian Data Pribadi Dalam Media Elektronik.” Jurnal HAM 11, no. 2 (2020): 285. : http://dx.doi.org/10.30641/ham.2020.11.285-299

Sasongko, Sasongko, Dimas Pramodya Dwipayana, Danar Yuda Pratama, Jumangin Jumangin, and Cindy Prastika Risky Roselawati. “Konsep Perlindungan Hukum Data Pribadi Dan Sanksi Hukum Atas Penyalahgunaan Data Pribadi Oleh Pihak Ketiga.” In Conference on Law and Social Studies, 1:16–27, 2020.

Sinaga, Erlina Maria Christin, and Mery Christian Putri. “Formulasi Legislasi Perlindungan Data Pribadi Dalam Revolusi Industri 4.0.” Jurnal Rechts Vinding: Media Pembinaan Hukum Nasional 9, no. 2 (2020): 237. http://dx.doi.org/10.33331/rechtsvinding.v9i2.428 Situmeang, Sahat Maruli Tua. “Penyalahgunaan Data Pribadi Sebagai Bentuk Kejahatan

Sempurna Dalam Perspektif Hukum Siber.” SASI 27, no. 1 (2021): 38–52.

Sonata, Depri Liber. “Metode Penelitian Hukum Normatif Dan Empiris: Karakteristik Khas Dari Metode Meneliti Hukum.” Fiat Justisia Jurnal Ilmu Hukum 8, no. 1 (2014): 15–35.

Sutanta, Edhy, and Ahmad Ashari. “Distribusi Basis Data Kependudukan Untuk Optimalisasi Akses Data: Suatu Kajian Pustaka.” Jurnal Ilmu Komputer 5, no. 1 (2012): 1–9.

Tesfay, Welderufael B, Peter Hofmann, Toru Nakamura, Shinsaku Kiyomoto, and Jetzabel Serna. “Privacy Guide: Towards An Implementation Of The EU GDPR On Internet Privacy Policy Evaluation.” In Proceedings of the Fourth ACM International Workshop on Security and Privacy Analytics, 15–21, 2018.

Voigt, Paul, and Axel Von dem Bussche. “The Eu General Data Protection Regulation (GDPR).” A Practical Guide, 1st Ed., Cham: Springer International Publishing 10 (2017):

3152676.

Westin, Alan F. “Social and Political Dimensions of Privacy.” Journal of Social Issues 59, no.

2 (2003).

Yuan, Bocong, and Jiannan Li. “The Policy Effect Of The General Data Protection Regulation (GDPR) On The Digital Public Health Sector In The European Union: An Empirical Investigation.” International Journal of Environmental Research and Public Health 16, no. 6 (2019): 1070.

Yuniarti, Siti. “Perlindungan Hukum Data Pribadi Di Indonesia.” Business Economic, Communication, and Social Sciences (BECOSS) Journal 1, no. 1 (2019): 147–54.

https://doi.org/10.21512/becossjournal.v1i1.6030

24

C. Regulation

Undang-Undang Republik Indonesia Nomor 24 Tahun 2013 Tentang Administrasi Kependudukan (Lembaran Negara Republik Indonesia Nomor 232 Tahun 2013, Tambahan Lembaran Negara Republik Indonesia Nomor 5475), 53 § (2017).

Peraturan Kementerian Dalam Negeri Nomor 61 Tahun 2015 Tentang Persyaratan, Ruang Lingkup Dan Tata Cara Pemberian Hak Akses Serta Pemanfaatan Nomor Induk Kependudukan, Data Kependudukan Dan Kartu Tanda Penduduk Elektronik (Berita Negara Tahun 2015 Nomor 1, Nomor 65 § (2015).

D. Internet

Arbella, Wan Indy Azka. “Perbandingan Hukum Terhadap Perlindungan Data Pribadi Menurut Hukum Positif Indonesia Dan General Data Protection Regulation (GDPR) Uni Eropa,”

2020.

Brkan, Maja, Monica Claes, and Clara Rauchegger. “European Fundamental Rights And Digitalization.” SAGE Publications Sage UK: London, England, 2020.

Drechsler, Laura. “What Is Equivalent? A Probe into GDPR Adequacy Based on EU Fundamental Rights.” A Probe into GDPR Adequacy Based on EU Fundamental Rights (February 21, 2019). Jusletter IT 21 (2019).

Disdukcapil. “Kemendagri Wajibkan Lembaga Pengguna Data Kependudukan Dari Dukcapil Terapkan Zero Data Sharing Policy.” Accessed November 2, 2021.

https://nasional.kompas.com/read/2021/10/22/12330861/kemendagri-wajibkan-lembaga- pengguna-data-kependudukan-dari-dukcapil.

E L S A M. “Kerentanan Perlindungan Data Pribadi Dalam Pengelolaan Data Kependudukan,”

2019. https://elsam.or.id/kerentanan-perlindungan-data-pribadi-dalam-pengelolaan-data- kependudukan/.

Mashabi, Sania. “Dukcapil Wajibkan Lembaga Pengguna Terapkan Zero Data Sharing Policy.”

KOMPAS, 2021. https://www.dukcapil.kemendagri.go.id/berita/baca/882/dukcapil- wajibkan-lembaga-pengguna-terapkan-zero-data-sharing-policy.

Padovani, Claudia, and Mauro Santaniello. “Digital Constitutionalism: Fundamental Rights And Power Limitation In The Internet Eco-System,” 2018.

Pardosi, Rodes Ober Adi Guna, and Yuliana Primawardani. “Perlindungan Hak Pengguna Layanan Pinjaman Online Dalam Perspektif Hak Asasi Manusia (Protection of the Rights of Online Loan Customers from a Human Rights Perspective),” n.d.

Qamar, Nurul, Muhammad Syarif, Dachran S Busthami, M Kamal Hidjaz, Aan Aswari, Hardianto Djanggih, and Farah Syah Rezah. Metode Penelitian Hukum (Legal Research Methods). CV. Social Politic Genius (SIGn), 2017.

Rahayu, Ani Sri. “Pentingnya Regulasi Perlindungan Data Pribadi.” Arsip Publikasi Ilmiah Biro Administrasi Akademik, 2020.

Rahmatullah, Indra. “Pentingnya Perlindungan Data Pribadi Dalam Masa Pandemi Covid-19 Di Indonesia.” ADALAH 5, no. 1 (2021).

Rezkia, Nur Utami Hadi Putri. “Perlindungan Hukum Terhadap Data Pribadi Konsumen Dalam Registrasi Sim Card,” 2020.

25

Satiman, Amangku Putradewa Bagaskoro. “Analisis Yuridis Mengenai Lembaga Pengawas Independen Dalam Perlindungan Data Pribadi Di Indonesia Dan Uni Eropa Berdasarkan General Data Protection Regulation.= Judicial Review Regarding Independent Supervisory Institution Of Personal Data Protection In,” 2021.

Yahya, Achmad Nasrudin. “Keamanan PeduliLindungi Disorot, ICSF: Tak Ada Aplikasi Yang

100 Persen Aman.” Kompas, 2021.

https://nasional.kompas.com/read/2021/09/07/14201521/ keam anan-pedulilindungi- disorot-icsf-tak-ada-aplikasi-yang-100-persen-aman?page=all.

Yulianti, Farida. “Contoh Kasus Cyber Crime Dan Penyelesaiannya,” 2021.

Yusup, Maulana, and Neni Ruhaeni. “Peraturan Perlindungan Data Pribadi Berdasarkan Instrumen Hukum Internasional Dan Implementasinya Di Indonesia,” 2019.

26