| dc.description.abstract | The growing number of personal data leaks in Indonesia, exacerbated by the viral
2020 Tokopedia incident, raises important questions regarding the civil liability
and responsibility of corporations and related agencies, as well as the remedies
available to users whose data is compromised. This thesis examines (i) the civil
liability and responsibility of corporations and related agencies for personal data
breaches, and (ii) the legal remedies that can be pursued by data subjects under
Indonesian law. This research applies a normative legal method with statutory and
conceptual approaches, analyzing the Civil Code, the Electronic Information and
Transactions Law, and Law No. 27 of 2022 on Personal Data Protection (PDP
Law), together with it a case study analysis of the Tokopedia data leaks. The
findings indicate that corporations as data controllers bear civil liability for
damages caused by negligence or violations of statutory duties, while related
agencies such as data processors may also share liability. The supervisory
authority, currently the Ministry of Communication and Informatics, carries
preventive responsibility but not direct liability. Users may pursue civil claims,
alternative dispute resolution (ADR), or rely on administrative sanctions, though
civil remedies remain the most effective. However, challenges remain in the clarity
of compensation procedures, supervisory independence, and practical ADR
mechanisms. | en_US |
