The User’s Position as Personal Data Controller in the Utilization of Electronic Systems in the Form of Messaging Applications in Review of Law Number 27 of 2022 concerning Personal Data Protection
DOI:
https://doi.org/10.38035/jlph.v5i4.1682Keywords:
User, Personal Data Controller, Messaging Application, Position, PDP LawAbstract
In its development, privacy as the right to be let alone and privacy right has now been recognized and regulated more comprehensively and specifically in Law Number 27 of 2022 on Personal Data Protection (UU PDP), along with the increasing use of messaging applications as a digital communication medium by the public. In its general use, there is a flow of information, transmitted by and between users, which can be in the form of electronic documents and often simultaneously can contain personal data (privacy). In the transmission of information flows involving personal data, it can be seen that there are users who collect and process personal data (recipients of personal data), and there are users who are interlocutors, who also send personal data to recipients (senders of personal data). This research is conducted using normative juridical method and will discuss the position of the user of the messenger application as the controller of personal data in the utilization of the messenger application and its legal consequences according to the PDP Law. From the results of the research, it can be seen that the user of a messaging application who collects and processes personal data (recipient of personal data) of their interlocutor can act as a personal data controller in the context of the PDP Law, if the user manages personal data and determines the reasons (why and how) for the management. The legal consequences that arise include the regulatory provisions in the PDP Law, especially those relating to the obligations of personal data controllers, which apply to users in their position as personal data controllers, as well as legal liability in the event of unlawful acts against personal data.
References
Annur, C. M. (2024). Ini media sosial paling banyak digunakan di Indonesia awal
Databoks. https://databoks.katadata.co.id/datapublish/2024/03/01/ini-media-sosial-
paling-banyak-digunakan-di-indonesia-awal-2024
Bratman, B. E. (2002). Brandeis and Warren's The Right to Privacy and The Birth of The Right
to Privacy. Tennessee Law Review, 69, 630.
Budhijanto, D. (2023). Hukum Pelindungan Data Pribadi di Indonesia, Cyberlaw &
Cybersecurity (Cetakan Kesatu). Bandung: PT. Refika Aditama
.
Constitutional Court of Indonesia. (2022). Decision No. 108/PUU-XX/2022.
David, B. (2000). Privacy & Human Rights 2000: An International Survey of Privacy Laws and
Developments. Privacy International dan Electronic Privacy Information Center.
Europe Data Protection Board. (2020, September 2). Guidelines 07/2020 on the Concepts of
Controller and Processor in the GDPR. Europe Data Protection Board.
Government Regulation Number 71 of 2019 concerning the Implementation of Electronic
Systems and Transactions.
Hukumonline. (2022). Babak baru dan implementasi UU PDP bagi pelaku usaha
dan masyarakat. Hukumonline. https://www.hukumonline.com/berita/a/babak-baru-dan-
implementasi-uu-pdp-bagi-pelaku-usaha-dan-masyarakat-lt6390028f01b21?page=all
Juniarmi, I. (2024). Analisis Keamanan Data pada Aplikasi Chatting Menggunakan Enkripsi
End-to-End. Technologia Journal, 1(2), 30–31.
Law Number 27 of 2022 concerning Personal Data Protection.
Naskah Akademik Rancangan Undang-Undang Pelindungan Data Pribadi (RUU PDP).
OECD. (2002). OECD Guidelines on the Protection of Privacy and Transborder Flows of
Personal Data. OECD. https://doi.org/10.1787/9789264196391-en
Pangaribuan, T., et al. (2023). Kesadaran Keamanan dan Privasi Data Pengguna
Whatsapp (Studi Kasus di Provinsi Jawa Barat). Jurnal Studi Komunikasi dan Media,
(1), 93–108. https://doi.org/10.17933/jskm.2023.5129
Prabarini, M. A., & Haswanto, N. (2021). Kajian User Interface Aplikasi Pesan Instan Berbasis
Mobile.
Regulation of the Minister of Communication and Information Number 20 of 2016 concerning
Personal Data Protection in Electronic Systems.
Rosadi, S. D. (2017). Cyber Law: Aspek Data Privasi Menurut Hukum Internasional, Regional
dan Nasional.
Rosadi, S. D. (2017). Prinsip-Prinsip Perlindungan Data Pribadi Nasabah Kartu Kredit
dikaitkan dengan Undang-Undang No 11 Tahun 2008 tentang ITE dan Peraturan Bank
Indonesia No 7/6/PBI/2005. Sosiohumaniora, 19(3), 208.
https://doi.org/10.24198/sosiohumaniora.v19i3.11380
Sudjana. (2021). Makna Mediasi dalam Undang-Undang Nomor 28 Tahun 2014 tentang Hak
Cipta. Veritas et Justitia, 7(1), 91–114. https://doi.org/10.25123/vej.v7i1.3716
Soejono, & Abdurahman, H. (2003). Metode Penelitian Hukum. Jakarta: Rineka Cipta.
Warren, S. D., & Brandeis, L. D. (1890). The right to privacy. Harvard Law Review, 4(5), 193.
Yasa, R. N., & Nugraha, A. C. F. (2024). Perbandingan Keamanan Aplikasi Pesan Instan
Android Menggunakan MobSF (Mobile Security Framework) Berdasarkan Beberapa
Standar. Info Kripto, 18(1), 9–14. https://doi.org/10.56706/ik.v18i1.88
Downloads
Published
How to Cite
Issue
Section
License
Copyright (c) 2025 Jonathan Matthew, Sinta Dewi Rosadi, Prita Amalia
This work is licensed under a Creative Commons Attribution 4.0 International License.
Authors who publish their manuscripts in this journal agree to the following conditions:
- The copyright on each article belongs to the author(s).
- The author acknowledges that the Journal of Law, Poliitic and Humanities (JLPH) has the right to be the first to publish with a Creative Commons Attribution 4.0 International license (Attribution 4.0 International (CC BY 4.0).
- Authors can submit articles separately, arrange for the non-exclusive distribution of manuscripts that have been published in this journal into other versions (e.g., sent to the author's institutional repository, publication into books, etc.), by acknowledging that the manuscript has been published for the first time in the Journal of Law, Poliitic and Humanities (JLPH).
