Insecurity to Consumer Data Protection in The eHealth Sector

Abstract

In Indonesia, the eHealth application has been widely used. It has also been recognized by World Health Organization (WHO) that Information and Communication Technology (ICT) provides a cost-effective and secure value to support various health sectors. The research method uses normative research which more emphasizes the use of positive law and comparisons of law with other countries. Meanwhile, the approach used in this study is a “qualitative empirical”. A primary legal material implementing statutory regulation in the field of Cyber law, and practically discusses how it is implemented in eHealth. This research examines two things in depth. Firstly; Is a “Data breach” committed by the electronic service providers? Secondly; Is a “Data theft” modus operandi achieved by the perpetrator? This study concludes that a “data breach” can occur due to “carelessness” or “bad faith” on the part of the service provider. Thus, bad faith behavior may intentionally process the data for illegal commercial purposes, either by processing it alone or by cooperating with other parties who use the data. Meanwhile, “Data theft” caused by “illegal access” activities there are carried out by the perpetrator, causing data can be changed, damaged, and deleted. Data related to eHealth is included in the category of special data that is protected by the laws and regulations in Indonesia. Thus, service providers should participate in providing data protection efforts by making “self-regulation” and providing training to service users, in an effort to avoid crime under Law Number. 27 of 2022 on Personal Data Protection.