Analysis of Legal Protection for Tokopedia Consumer Data in Data Leakage Cases in Indonesia

Authors

  • La Sirajuddin Universitas Muhammadiyah Sorong
  • Dwi Pratiwi Markus Universitas Muhammadiyah Sorong

DOI:

https://doi.org/10.33506/jlj.v4i1.5199

Keywords:

Personal Data, E Commerce, Consumer Protection, Data Breachs, Breach of Contract

Abstract

The aim of this study is to examine the strength of legal protection for Tokopedia customers' personal data following the leak of 91 million accounts in May 2020, as well as to explain Tokopedia's obligations and responsibilities as a data controller under PDP Law 27/2022, UUPK 8/1999, ITE Law 11/2008, PP 71/2019, and the breach of contract provisions of Article 1234 of the Civil Code. This study uses a normative legal approach, which involves examining written regulations through laws, scientific journals, and official reports from the Ministry of Communication and Information Technology, then analyzing them conceptually and comparing them to assess legal certainty, fairness, and benefits for the community. The novelty of this research lies in combining classical civil law (breach of contract in the Civil Code) with new regulations in the PDP Law to assess Tokopedia's responsibility as a private PSE in the case of the leak of 91 million accounts, something that is still rarely discussed comprehensively in Indonesian literature. The results of the study show that the rules on personal data protection are actually quite strong on paper, but their implementation is still weak because Tokopedia has not maximized its assessment of data protection, encryption, and incident reporting; the public's level of understanding of their personal data rights is still low; and the government's response has only been in the form of warnings, so there is still the possibility of administrative sanctions, fines, or criminal penalties being imposed based on the PDP Law and the ITE Law. The conclusion of the study emphasizes the need to strengthen personal data protection through mandatory information security standards such as ISO 27001, the application of the principle of privacy by design from the outset of system design, the provision of features (dashboards) for rapid data deletion, increased public education, and better coordination between Kominfo, OJK, and the PDP Council so that e-commerce transactions in Indonesia are safer for hundreds of millions of users.

References

Afip et al., “Analisis Insiden Kebocoran Data 91 Juta Akun Tokopedia: Dampak dan Upaya Penanganannya,” Integrative Perspectives of Social and Science Journal 2, no. 3 (2025): 4858–65, https://ipssj.com/index.php/ojs/article/view/578.

Alif Rinoko Fajar, “Analisis Kebijakan Undang-Undang Perlindungan Data Pribadi Sebagai Pemenuhan Hak Asasi Manusia: Studi Kasus Tokopedia,” Jipolis: Jurnal Ilmu Politik dan Ilmu Sosial 1, no. 3 (2024): 1–15, https://ejournal.fisip.unjani.ac.id/index.php/jipolis/article/view/2543.

Dipo Abdila Rasyid. “Analisis Legal Standing Komunitas Konsumen Indonesia Selaku Lembaga Perlindungan Konsumen Swadaya Masyarakat dalam Permasalahan Perlindungan Data Pribadi Konsumen Pengguna E-Commerce Tokopedia (Studi Kasus Putusan Nomor 235/Pdt.G/2020/PN.Jkt.Pst).” Skripsi S1, Universitas Indonesia, 2023. https://lib.ui.ac.id/abstrakpdf?id=20518191&lokasi=lokal.

Fadli Sutarli, Shelly Kurniawan, dan Tim. “Meningkatkan Kesadaran Remaja Terhadap Phishing Melalui Sosialisasi Literasi Digital.” Jurnal Pengabdian Literasi Digital Indonesia 2, no. 1 (2024): 1–11. https://jurnal.relawantik.or.id/abdimas/article/view/122.

Gerbang Pelindungan Data Pribadi Indonesia. "Data Protection By Design and By Default." June 8, 2024. https://gerbangpelindungandatapribadi.id/ensiklopedia-pdp/data-protection-by-design-and-by-default.

Gomulia, O., et al. “Implementation of Consumer Personal Data Protection in Ecommerce from the Perspective of Law No. 27 of 2022.” Journal of World Science 3, no. 4 (2022): 4234–4243. https://jws.rivierapublishing.id/index.php/jws/article/view/584.

Hukumonline. "Tanggung Jawab E-Commerce atas Kebocoran Data Pribadi." Klinik Hukumonline, November 2, 2022. https://www.hukumonline.com/klinik/a/tanggung-jawab-ie-commerce-i-atas-kebocoran-data-pribadi-lt63638331d18f0.

I Wayan Cenik Ardika. “Tinjauan Hukum terhadap Perlindungan Data Pribadi di Era Digital: Kasus Kebocoran Data Pengguna Layanan E-Commerce.” Indonesian Journal of Law and Justice 2, no. 3 (2025): 1–11. https://journal.pubmedia.id/index.php/lawjustice/article/view/3601.

Inas Nurfadia Futri, Fifi Afisah, dan Muhammad Sholahuddin. “Tokopedia's Strategy in Helping Indonesia's Economic Recovery during the Covid-19 Pandemic through the Digitalization of MSMEs.” Sebelas Maret Business Review 6, no. 1 (2021): 1–15. https://jurnal.uns.ac.id/SMBR/article/download/55644/33864.

Kitab Undang-Undang Hukum Perdata (KUHPerdata). Pasal 1234, 1238, 1243.

Maichle Delpiero, Farah Azzahra Reynaldi, Istiawati Utami Ningdiah, dan Nafisah Muthmainnah. “Legal Analysis of Online Marketplace Privacy Policy and Accountability in Protection of Users’ Personal Data on Data Leakage Cases.” Padjadjaran Law Review 9, no. 1 (2021): 1–23. https://doi.org/10.23920/plr.v9i1.509.

Muhammad Arifin Rinjani. “Hambatan Implementasi UU No. 27 Tahun 2022 tentang Perlindungan Data Pribadi dan Strategi Penguatan Pengawasannya.” Jurnal Administratum 13, no. 1 (2025): 45–60. https://journal.undiknas.ac.id/index.php/JAH/article/view/6793.

Muhammad Gilang. “Pengawasan dan Penegakan Hukum E-Commerce oleh KPPU dalam Mengatasi Persaingan Usaha Tidak Sehat.” Rewang Rencang: Jurnal Hukum Lex Generalis 5, no. 4 (2024): 275–290. https://ojs.rewangrencang.com/index.php/JHLG/article/download/604/275/2192.

Muhammad Iqbal dan Tim Penulis. “Prinsip Akuntabilitas dalam Undang-Undang Perlindungan Data Pribadi.” Jurnal Innovative: Journal of Social Science Research 6, no. 2 (2025): 13476–13490. https://j-innovative.org/index.php/Innovative/article/view/13476.

Muhammad Ridwan Arifin dan R. Ahmad Syahroni. “Urgency of Private Data Protection in the Digital Communication Era.” International Journal of Global Community 1, no. 2 (2018): 123–140. https://journal.riksawan.com/index.php/IJGC-RI/article/view/49.

Benny Martha Dinata, “Implementasi Hak Subjek Data dalam Undang-Undang Pelindungan Data Pribadi: Tantangan dan Efektivitas,” Quantum Juris: Jurnal Hukum Modern 8, no. 1 (Januari 2026): 446–53, https://journalversa.com/s/index.php/jhm/article/view/5080.

Putri E. Sembiring. “Implementasi Desain Privasi sebagai Bentuk Perlindungan Data Pribadi Pengguna Aplikasi PeduliLindungi.” Veritas: Jurnal Teknik Hukum dan Masalah-Masalah Hukum 20, no. 1 (2024): 1–20. https://doi.org/10.28999/veritas.v10i1.7622.

Ragil Putri Anindya dan Achmad Edi Subiyanto. “Tanggung Jawab Platform Tokopedia dalam Kasus Kebocoran Data Menurut Undang-Undang tentang Perlindungan Data Pribadi.” Journal of Artificial Intelligence and Digital Business (RIGGS) 4, no. 3 (2025): 1105–1112. http://journal.ilmudata.co.id/index.php/RIGGS/article/view/2105.

Downloads

Published

23-02-2026

How to Cite

La Sirajuddin, and Dwi Pratiwi Markus. 2026. “Analysis of Legal Protection for Tokopedia Consumer Data in Data Leakage Cases in Indonesia”. Journal of Law Justice (JLJ) 4 (1):42-51. https://doi.org/10.33506/jlj.v4i1.5199.

Issue

Vol. 4 No. 1 (2026): Journal of Law Justice (Inpress)

Section

Articles

License

Copyright (c) 2026 La Sirajuddin, Dwi Pratiwi Markus

Creative Commons License

This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.

Similar Articles

<< < 1 2 3 4 

You may also start an advanced similarity search for this article.