Personal data protection regulations are also regulated in the Regulation of the Minister of Communication and Information Technology of the Republic of Indonesia concerning Personal Data Protection in Electronic Systems No. 20 of 2016. regulates:
Dispute Resolution
Article 29:
(1) Every Personal Data Owner and Electronic System Operator can file a complaint to the Minister regarding the failure to protect the Personal Data's confidentiality.
(2) The complaint, as referred to in paragraph (1), is intended as an effort to resolve disputes by deliberation or through other alternative resolution efforts.
Article 32
(1) To resolve disputes by deliberation or through other alternative resolution efforts, they have not been able to resolve the dispute over the failure to protect the confidentiality of Personal Data, each Personal Data Owner and Electronic System Operator can file a lawsuit for the failure to protect the confidentiality of Personal Data.
(2) The lawsuit, as referred to in paragraph (1), is only in the form of a civil suit and is filed by the statutory regulations' provisions.
However, The Electronic Information and Transactions Act No. 19 of 2016 (UU ITE) and Regulation of the Minister of Communication and Information Technology of the Republic of Indonesia concerning Personal Data Protection in Electronic Systems No. 20 of 2016 (Permenkominfo) are still considered insufficient in scope. In the ITE Law, most criminal threats are only imposed on people who commit a tort against electronic data, namely hackers. Hackers carry out activities in the form of hacking, cracking, phishing, identity theft, and others.
In this problem, users use an electronic platform, then the data entered on the platform is stolen by hackers. But Indonesian regulations only provide criminal threats to hackers. If this happens, law enforcers will find it challenging to find thieves because they are not always in Indonesia and challenging to catch quickly and easily. Consumer data also has the potential to spread to the public. So that consumers are less protected from this problem.
Perkominfo is also less effective because it is not coercive and cannot contain criminal sanctions because only laws are coercive and have criminal sanctions. It also shows that the settlement of disputes over personal data leaks is filing a complaint to the Ministry of Communication and Information Technology with the Alternative Dispute Resolution mechanism. When it does not find a solution, the victim can file a civil claim.