Implementation of Data Protection Authority (DPA) in Indonesia: The Urgency of Legal Protection of Customer's Personal Data in E-Banking Service Transactions

Abstract

The development of science and technology has led to significant changes, shifting global supply chains into the digital and virtual realm. One of the technological advancements that offers new business opportunities, particularly in the banking sector, is e-banking, which transforms the way transactions are conducted, making them cashless. However, substantial progress in digital banking technology also brings high risks, encompassing both tangible and intangible losses, significantly if customer rights are weakened due to the bank's violations. Currently, the ITE Law and the Personal Data Protection Law in Indonesia are inadequate for safeguarding customers in the context of e-banking services. Therefore, this research aims to achieve customer security and protection from personal data leakage and fraud risks by implementing the Data Protection Authority (DPA). This approach also encourages banks to take responsibility for their actions and provides a strong legal basis for customers to seek compensation for potential losses. To address this issue, our research employs a normative juridical research method, which examines legal norms, principles, and doctrines related to protecting customers' data in digital-based banking transactions. The Data Protection Authority (DPA) is proposed as a crucial legal protection concept for safeguarding customer personal data, playing a vital role in preventing cybercrime and the misuse of personal information. With the establishment of a comprehensive DPA, law enforcement against violations in digital-based banking transactions will become more effective, preserving an individual's freedom of expression and supporting the mission of sustainable development.