Cybercrime and Data Protection: A Comparative Analysis of Indonesian and International Regulations

Authors

  • Muhammad Ruslan Afandi Afandi Universitas Harkat Negeri

Keywords:

cybercrime, data protection, Indonesian regulation, GDPR, Budapest Convention

Abstract

This article examines the development, structure, and remaining weaknesses of Indonesian cybercrime and personal data protection law in comparison with selected international regulatory standards. The urgency of the study arises from the rapid growth of digital services, cross-border electronic evidence, data breaches, online fraud, phishing, and AI-enabled cybercrime, while Indonesia's regulatory framework is still distributed across the Electronic Information and Transactions Law, the Personal Data Protection Law, electronic system regulations, and institutional cybersecurity mandates. Using a normative juridical method supported by systematic legal literature review and comparative legal analysis, the study evaluates Indonesian law against the GDPR, the Budapest Convention, the NIS 2 Directive, ASEAN cybersecurity cooperation instruments, and comparative models from Singapore and Australia. The findings show that Indonesia has moved beyond a legal vacuum, especially after Law Number 27 of 2022 and Law Number 1 of 2024, but still faces gaps in institutional independence, cyber incident reporting, cross-border cooperation, digital evidence procedures, risk-based obligations, and integrated supervision. The article argues that reform should prioritize harmonization among cybercrime, data protection, and cybersecurity governance instruments; establishment of a strong personal data protection authority; clearer incident-reporting duties; and structured international cooperation for electronic evidence and transnational enforcement. The novelty of the study lies in integrating cybercrime enforcement and data protection analysis into one regulatory-harmonization framework rather than treating them as separate legal regimes.

References

[1] Republic of Indonesia. (2024). Law Number 1 of 2024 on the Second Amendment to Law Number 11 of 2008 on Electronic Information and Transactions. Available: https://peraturan.bpk.go.id/details/274494/uu-no-1-tahun-2024

[2] Republic of Indonesia. (2022). Law Number 27 of 2022 on Personal Data Protection. Available: https://peraturan.bpk.go.id/Details/229798/uu-no-27-tahun-2022

[3] Republic of Indonesia. (2019). Government Regulation Number 71 of 2019 on the Operation of Electronic Systems and Transactions. Available: https://peraturan.bpk.go.id/Details/122030/pp-no-71-tahun-2019

[4] Republic of Indonesia. (2021). Presidential Regulation Number 28 of 2021 concerning the National Cyber and Crypto Agency. Available: https://peraturan.bpk.go.id/Details/165493/perpres-no-28-tahun-2021

[5] European Parliament and Council. (2016). Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation). Available: https://eur-lex.europa.eu/eli/reg/2016/679/oj/eng

[6] European Parliament and Council. (2022). Directive (EU) 2022/2555 on measures for a high common level of cybersecurity across the Union (NIS 2 Directive). Available: https://eur-lex.europa.eu/eli/dir/2022/2555/oj/eng

[7] Council of Europe. (2001). Convention on Cybercrime (Budapest Convention, ETS No. 185). Available: https://www.coe.int/en/web/cybercrime/the-budapest-convention

[8] Council of Europe. (2021). Second Additional Protocol to the Convention on Cybercrime on enhanced co-operation and disclosure of electronic evidence. Available: https://www.coe.int/en/web/cybercrime/t-cy-drafting-group

[9] ASEAN Secretariat. (2022). ASEAN Cybersecurity Cooperation Strategy 2021-2025. Available: https://asean.org/wp-content/uploads/2022/02/01-ASEAN-Cybersecurity-Cooperation-Paper-2021-2025_final-23-0122.pdf

[10] OECD. (2019). Recommendation of the Council on Digital Security of Critical Activities, OECD/LEGAL/0456. Available: https://legalinstruments.oecd.org/en/instruments/OECD-LEGAL-0456

[11] UNODC. (2013). Comprehensive Study on Cybercrime. Available: https://www.unodc.org/unodc/en/organized-crime/comprehensive-study-on-cybercrime.html

[12] Cyber Security Agency of Singapore. (2026). Cybersecurity Act. Available: https://www.csa.gov.sg/legislation/cybersecurity-act/

[13] Australian Government. (2026). Security of Critical Infrastructure Act 2018. Available: https://www.legislation.gov.au/Series/C2018A00029

[14] Fuady, A., Hasibuan, F. Y., & Kotto, Z. (2025). Strengthening cybersecurity and data protection legal framework in Indonesia: A normative analysis of current challenges and future directions. Law and Justice Research Journal. https://doi.org/10.70062/ljrj.v1i3.87

[15] Maesaroh, R. S. (2025). Tantangan keamanan siber dan implikasinya terhadap hukum kenegaraan: Tinjauan atas peran negara dalam menjamin ketahanan digital. Staatsrecht: Jurnal Hukum Kenegaraan dan Politik Islam. https://doi.org/10.14421/3n8bxw79

[16] Mulyana, Y. (2025). Cybercrime and transnational criminal law: Tackling online fraud and identity theft. Ipso Jure. https://doi.org/10.62872/zep90829

[17] Judijanto, L., & Nugroho, B. (2025). Regulasi keamanan siber dan penegakan hukum terhadap cybercrime di Indonesia. Sanskara Hukum dan HAM. https://doi.org/10.58812/shh.v3i03.544

[18] Kennedy, A. (2025). Tantangan implementasi dan perkembangan hukum telematika di Indonesia. Ethics and Law Journal: Business and Notary. https://doi.org/10.61292/eljbn.262

[19] Darmawan, C. K., Sebastian, E., Notokusumo, F. L., & Loprang, J. R. (2025). Urgensi penguatan regulasi pelindungan data dan keamanan siber di Indonesia terhadap ancaman hacking dalam sistem pemerintahan berbasis elektronik. Jurnal Suara Keadilan. https://doi.org/10.24176/sk.v26i1.14752

[20] Fikri, A. (2024). Kebijakan hukum dalam pemberantasan pelaku online romance fraud di ruang maya. JCIC: Jurnal CIC Lembaga Riset dan Konsultan Sosial. https://doi.org/10.51486/jbo.v6i2.219

[21] Mardisontori. (2025). Legal review of personal data regulations in the Personal Data Protection Law. Proceedings of the First International Cyber Law Conference. https://doi.org/10.4108/eai.11-11-2023.2351324

[22] Erikha, A., & Saptomo, A. (2024). Dilemma of legal policy to address cybercrime in the digital era. Asian Journal of Social and Humanities, 3(3). https://doi.org/10.59888/ajosh.v3i3.452

[23] Abidah, S. Q., Faturrahman, M. R., Khoirunnisa, N., Wicaksono, S. S., & Wulandari, S. (2025). Criminal policy of Indonesian criminal law in combating the crime of phishing. SHS Web of Conferences, 221, 03006. https://doi.org/10.1051/shsconf/202522103006

[24] Nurmansyah, G., Wiranata, G. A. B., Fardiansyah, A., & Mladenov, S. V. (2024). Preventing AI-based phishing crimes across national borders through the reconstruction of personal data protection laws. Jurnal Hukum Novelty, 15(2). https://doi.org/10.26555/jhn.v15i2.27558

[25] Wicaksono, S. S., & Yasin, I. F. (2024). Criminal law reformulation through omnibus law as a solution to sectoral cyber protection. Al-Jinayah: Jurnal Hukum Pidana Islam, 10(2), 237-261. https://doi.org/10.15642/aj.2024.10.2.237-261

Downloads

Published

2026-06-28

How to Cite

Afandi, M. R. A. (2026). Cybercrime and Data Protection: A Comparative Analysis of Indonesian and International Regulations. Jurnal Hukum Siber Dan Regulasi Teknologi, 1(2), 43–49. Retrieved from https://journal.sah.co.id/index.php/JHSRT/article/view/39

Issue

Section

Articles