TANGGUNG JAWAB HUKUM PSE ATAS KEBOCORA DATA KONSUMEN E-COMMERCE

Abstract

The acceleration of the digital economy within Indonesia's e-commerce sector has transformed personal data into a crucial economic commodity while simultaneously increasing vulnerability to data breach incidents. This study examines the legal liability qualifications of platform providers regarding data protection failures and evaluates the effectiveness of national regulatory instruments. Utilizing a normative legal research method with statutory and conceptual approaches, this research reveals that Law No. 27 of 2022 (PDP Law) designates e-commerce actors as Personal Data Controllers. This legal standing implies a civil liability burden based on the principle of presumption of liability, alongside administrative sanctions including fines of up to 2% of annual revenue. Although the ITE Law and the Government Regulation on PSTE have previously regulated systemic accountability, the PDP Law serves as a more progressive lex specialis through the standardization of risk mitigation and incident reporting. This study concludes that the class action mechanism represents the most representative consumer protection instrument for recovering both material and immaterial losses resulting from the unequal bargaining position between consumers and digital corporations.