Strengthening Cybersecurity and Data Protection Legal Framework in Indonesia: A Normative Analysis of Current Challenges and Future Directions

Authors

  • Ahmad Fuady Universitas Jayabaya
  • Fauzie Yusuf Hasibuan Universitas Jayabaya
  • Zulkarnaen Kotto Universitas Jayabaya

DOI:

https://doi.org/10.70062/ljrj.v1i3.87

Keywords:

Cybersecurity law, Data protection, Digital transformation, Indonesia, Legal reform, Normative legal analysis

Abstract

Indonesia's digital transformation has accelerated dramatically, creating unprecedented opportunities alongside significant cybersecurity challenges. This article examines the current state (das sein) and normative expectations (das sollen) of Indonesia's cybersecurity and data protection legal framework through a comprehensive normative legal analysis. The study reveals critical gaps in existing legislation, particularly the Information and Electronic Transactions Law (UU ITE). It evaluates the potential impact of emerging regulatory frameworks, including the Draft Law on Personal Data Protection (RUU PDP). Using normative legal research methodology, this analysis draws from statutory regulations, policy documents, and comparative legal studies to assess Indonesia's legal preparedness for evolving cyber threats. The findings indicate that while foundational legal instruments exist, significant normative reforms are required to address sophisticated cybercrime, protect individual privacy rights, and maintain national digital security. The research concludes with actionable recommendations for legislative enhancement, institutional strengthening, and public-private collaboration to establish a robust, adaptive cybersecurity legal regime that meets international standards while addressing Indonesia's unique socio-legal context.

Downloads

Download data is not yet available.

References

Adiningsih, S. (2019). Indonesia's digital-based economic transformation: The emergence of new technological, business, economic, and policy trends in Indonesia. Jakarta, Indonesia: Gramedia Pustaka Utama.

Ajayi, E. F. G. (2016). Challenges to enforcement of cybercrime laws and policy. Journal of Internet and Information Systems, 6(1). https://doi.org/10.5897/JIIS2015.0089

Amoo, O. O., Osasona, F., Atadoga, A., Ayinla, B. S., Farayola, O. A., & Abrahams, T. O. (2024). Cybersecurity threats in the age of IoT: A review of protective measures. International Journal of Science and Research Archive, 11(1). https://doi.org/10.30574/ijsra.2024.11.1.0217

Arliman, L. (2017). Undang-undang Nomor 17 Tahun 2016 tentang Penetapan Perppu 1 Tahun 2016 sebagai wujud perlindungan anak ditinjau dari perspektif hukum tata negara. Jurnal Hukum POSITUM, 1(2). https://doi.org/10.35706/positum.v1i2.846

Boeke, S. (2018). National cyber crisis management: Different European approaches. Governance, 31(3). https://doi.org/10.1111/gove.12309

Bunse, S., & Fritz, V. (2012). Making public sector reforms work: Political and economic contexts, incentives, and strategies. World Bank Policy Research Working Paper, 6174. https://doi.org/10.1596/1813-9450-6174

Gustryan, M., & Sulaiman, A. (2025). The urgency of regulatory reformulation and strengthening the capacity of law enforcers in combating cybercrime through a criminal law approach in Indonesia. Greenation International Journal of Law and Social Sciences, 3(2). https://doi.org/10.38035/gijlss.v3i2.416

Haber, E., & Zarsky, T. (2016). Cybersecurity for infrastructure: A critical analysis. Florida State University Law Review.

Hidayat, T. (2024). Juridical review article 27A of Law number 1 of 2024 concerning the second amendment to Law number 11 of 2008 concerning information and electronic transactions. Jurnal Hukum Samudra Keadilan, 19(2). https://doi.org/10.33059/jhsk.v19i2.10650

Hoofnagle, C. J., Van Der Sloot, B., & Zuiderveen Borgesius, F. (2019). The European Union general data protection regulation: What it is and what it means. Information & Communications Technology Law, 28(1). https://doi.org/10.1080/13600834.2019.1573501

Hutchinson, T., & Duncan, N. (2012). Defining and describing what we do: Doctrinal legal research. Deakin Law Review, 17(1). https://doi.org/10.21153/dlr2012vol17no1art70

Ihsan, F., & Bintarsari, N. K. (2021). Internet governance forum analysis on artificial intelligence in cybersecurity. Insignia: Journal of International Relations.

Imran, M. F. (2023). Preventing and combating cybercrime in Indonesia. International Journal of Cyber Criminology, 17(1).

International Organization for Standardization. (2013). ISO/IEC 27001:2013 Information security management systems. https://www.iso.org/standard/54534.html

IT Governance Privacy Team. (2025). EU General Data Protection Regulation (GDPR): An implementation and compliance guide. Packt Publishing Ltd.

Jeelan, P. M., Saini, R., Parida, S., Minhas, D., & Agarwal, A. (2025). The threat landscape of ransomware in critical infrastructure: An optimization perspective. In Proceedings of the 2025 International Conference on Automation and Computation (AUTOCOM) (pp. 917–922). IEEE. https://doi.org/10.1109/AUTOCOM64127.2025.10957218

Jiwantara, F. A., & Maksudi, K. (2020). How are government's liability in Indonesia and Netherland?: Juridical-normative study with a comparative approach. Prof. (Dr) RK Sharma, 20(4). https://doi.org/10.37506/mlu.v20i4.2018

Judijanto, L., Solapari, N., & Putra, I. (2024). An analysis of the gap between data protection regulations and privacy rights implementation in Indonesia. The Easta Journal Law and Human Rights, 3(1). https://doi.org/10.58812/eslhr.v3i01.351

Litman, J. (1989). Copyright legislation and technological change. Oregon Law Review.

Melaku, H. M. (2023). A dynamic and adaptive cybersecurity governance framework. Journal of Cybersecurity and Privacy, 3(3). https://doi.org/10.3390/jcp3030017

Nansi, M. (2024). Bridging legal theory and comparative law: Implications for cyber law and its role in modern society.

Neta, Y., Awanisa, A., & Melisa, M. (2022). The urgency of establishing independent supervisory authority for personal data protection in Indonesia. Constitutionale, 3(1). https://doi.org/10.25041/constitutionale.v3i1.2535

Norris, D. F., Mateczun, L. K., & Forno, R. F. (2022). Cybersecurity and local government. John Wiley & Sons. https://doi.org/10.1002/9781119788317

Praditya, E., et al. (2023). National cybersecurity policy analysis for effective decision-making in the age of artificial intelligence. Journal of Human Security, 19(2).

Rahman, F. (2025). Safeguarding personal data in the public sector: Unveiling the impact of the new personal data protection act in Indonesia. UUM Journal of Legal Studies, 16(1). https://doi.org/10.32890/uumjls2025.16.1.1

Ristovska, T., Gospodinov, G., Gotsev, L., Syarova, S., & Angelova, V. (2025). A review on AI in cybersecurity: Ethical challenges and regulatory frameworks. In Proceedings of the International Scientific and Practical Conference: Environment. Technology. Resources (Vol. 2, pp. 285–291).

Riswanih, I., & Aridhayandi, M. R. (2025). Effectiveness of the Ministry of Communication and Information in handling the misuse of personal data. Jurnal Hukum De'Rechtsstaat (JHD).

Santoso, P. A. (2024). The role of threat intelligence sharing in strengthening collective cyber defense across organizations. Global Research Perspectives on Cybersecurity Governance, Policy, and Management, 8(12).

Shidiqque, M. R., & Juned, M. (2023). Human capital development for cybersecurity: Examining BSSN's contributions in the Indonesia-Australia Cyber Policy Dialogue (2018–2020). Journal of Social and Political Sciences, 6(4). https://doi.org/10.31014/aior.1991.06.04.457

Sulich, A., Rutkowska, M., Krawczyk-Jezierska, A., Jezierski, J., & Zema, T. (2021). Cybersecurity and sustainable development. Procedia Computer Science, 192, 3217–3225. https://doi.org/10.1016/j.procs.2021.08.003

Susanto, D. (2022a). Sharia-based legal formula for personal data protection in the financial services industry post-COVID-19 pandemic. BULLET: Jurnal Multidisiplin Ilmu, 1(4).

Susanto, D. (2022b). Urgensi pengaturan data digital/elektronik pribadi. Bureaucracy Journal: Indonesia Journal of Law and Social-Political Governance, 2(3). https://doi.org/10.53363/bureau.v2i3.110

Tan, E. E. G., & Ang, B. (2022). ASEAN ambiguity on international law and norms for cyberspace. Baltic Yearbook of International Law Online, 20(1). https://doi.org/10.1163/22115897_02001_008

Widiatno, M. I. F. R., & Gunadi, A. (2022). Electronic operator's legal responsibility for personal data leakage. The Seybold Report.

Xi, W. (2024). Regulatory changes and compliance challenges. In Strategic financial management: A managerial approach (pp. 119–134). Emerald Publishing Limited. https://doi.org/10.1108/978-1-83608-106-720241008

Downloads

Published

2025-07-31

How to Cite

Ahmad Fuady, Fauzie Yusuf Hasibuan, & Zulkarnaen Kotto. (2025). Strengthening Cybersecurity and Data Protection Legal Framework in Indonesia: A Normative Analysis of Current Challenges and Future Directions. Law and Justice Research Journal, 1(3), 15–27. https://doi.org/10.70062/ljrj.v1i3.87

Issue

Vol. 1 No. 3 (2025): July : Law and Justice research journal

Section

Articles

License

Copyright (c) 2025 Law and Justice research journal

Creative Commons License

This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.

Similar Articles

<< < 1 2 

You may also start an advanced similarity search for this article.