Perspektif Perkumpulan Profesi Pengelola Rekod Indonesia (P3RI) tentang Right to be Forgotten dalam Pelindungan Data Pribadi

Problem setting. In order to build an innovative society, it is necessary to develop legal norms and regulators aimed at protecting privacy and controlling personal data. In addition, the need to ensure effective and reliable protection of personal data in the conditions of rapid technological development, globalization and the growing threat of cybercrime is becoming more urgent. The need for the development of legal norms, the introduction of innovative technologies and the raising of public awareness become important tasks for ensuring privacy and protection of personal data. The study also aims to identify and analyze the main challenges facing the field of personal data protection, such as cybercrime, hacker attacks, globalization and cross borders. Legal norms and regulations aimed at protecting privacy are also analyzed, as well as the potential opportunities of new technologies that can increase the level of protection of personal data. Аnalysis of recent researches and publications. The problems of legal protection of personal data have recently become the subject of research by an increasing number of scientists, both lawyers and representatives of other fields of knowledge. In particular, such scientists as: S. Hlibko, T. Egorova-Lutchenko, K. Yefremova, O. Korvat, V. Kokhan, M. Haustova devote their attention to the study of these issues. etc. Purpose of the research is to develop possible ways of legal protection of personal data in view of today’s challenges related to this issue. The article aims to consider the development of technologies and the growth of the volume of personal data as the main factors affecting the need for effective protection of privacy and security of this data. The article is aimed at expanding the understanding of the problem and providing recommendations for improving the protection of privacy and security of personal data in the future. article’s main body. According to the preamble to the Agreement between Ukraine and the European Union on the participation of Ukraine in the European Union program “Digital Europe” (2021-2027), the important supporting role of digital infrastructure, including in the field of cyber security, is recognized to ensure inextricably linked transformation processes and digital leadership of the European Union. The purpose of concluding the Agreement is to establish mutually beneficial cooperation in order to strengthen and support the deployment of reliable and secure digital capabilities in the Union in the field, including cyber security. It is recognized that mutual participation in each other’s programs for the implementation of digital technologies should ensure mutual benefits for the Parties, while observing a high level of data protection, digital rights, etc. In accordance with paragraph 12 of Article 2 of Annex III to the Agreement, the exchange of information between the European Commission or OLAF and the competent state authorities of Ukraine must take place with due consideration of confidentiality requirements. Personal data included in the exchange of information must be transferred in accordance with the current legal norms on data protection of the Party making the transfer. According to paragraph 49 of the preamble of Regulation (EU) 2021/694 of the European Parliament and of the Council of April 29, 2021 on the establishment of the Digital Europe Program, digital transformation should allow citizens to access, use and securely manage their personal data across borders, regardless of their location or data location. According to point 60 of the preamble, by providing a single set of rules that are directly applicable in the legal systems of the Member States, Regulation (EU) 2016/679 guarantees the free flow of personal data between Member States and strengthens the trust and security of individuals, two indispensable elements of a true Digital Single Market . All actions taken within the framework of the Program, which involve the processing of personal data, must contribute to the smooth implementation of this Regulation, for example, in the field of artificial intelligence and distributed ledger technologies (for example, blockchain). These actions should support the development of digital technologies that meet data protection obligations both by design and by default. In addition, according to paragraph 69 of the preamble, this Regulation respects fundamental rights and adheres to the principles recognized in the Charter of Fundamental Rights of the European Union, in particular regarding the protection of personal data, etc. In the Charter of Fundamental Rights of the European Union (2016/C 202/02) dated June 7, 2016, Chapter II “Freedoms” contains Article 8, which is entitled “Protection of personal data”, according to which it is assumed that everyone has the right to the protection of personal data data concerning him. Such data must be processed fairly for specific purposes and on the basis of the consent of the person concerned or on another legal basis established by law. Everyone has the right to access the data that has been collected about him and the right to correct it. Compliance with these rules is subject to control by an independent body. In addition, Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data establishes rules relating to the protection of natural persons with regard to the processing of personal data, as well as rules, relating to the free movement of personal data, and protects the fundamental rights and freedoms of natural persons and, in particular, their right to protection of personal data. Today in Ukraine, the main legislative act in this area is the Law of June 1, 2010 No. 2997-VI “On the Protection of Personal Data”. Article 11 of the Law of Ukraine “On Information” specifies what information about a natural person (personal data) is. In turn, the legal and organizational bases for ensuring the protection of the vital interests of a person and citizen, society and the state, national interests of Ukraine in cyberspace, the main goals, directions and principles of state policy in the field of cyber security, the powers of state bodies, enterprises, institutions, organizations, individuals and citizens in this area, the basic principles of coordination of their cyber security activities are defined in the Law of Ukraine “On Basic Principles of Cyber Security of Ukraine”. In addition, relations in the field of information protection in information, electronic communication and information and communication systems are regulated by the Law of Ukraine “On the Protection of Information in Information and Communication Systems”. In turn, the Concept of the development of e-governance in Ukraine, as well as the Law of Ukraine “On the National Informatization Program” defines e-governance. In addition, in 2021, the Law of Ukraine “On Public Electronic Registers” was adopted, which defines the State electronic platform for maintaining public electronic registers. On April 18, 2023, by a resolution of the Cabinet of Ministers of Ukraine, the Regulation on the information system “Software platform for the deployment and support of state electronic registers” was approved, as well as the Procedure for using the software “Software platform for the deployment and support of state electronic registers”. conclusions and prospects for the development. The protection of digital personal data requires the development of appropriate technical and regulatory tools, as well as judicial practice of prosecution for violations of the order of their use. It is possible to create a database or registry for private electronic/digital platforms, with the help of which or which would control their activities, including regarding the protection of personal data. At the same time, at the regulatory and legal level, it is necessary to provide that a mandatory condition for the creation and functioning of an Internet platform is its registration in such a database / such a register, and a mandatory condition for registration is confirmation of technical capabilities to ensure the protection of personal data of platform users. It is necessary to define at the regulatory level the list and mechanisms of acquisition of digital rights, their implementation, protection, compensation and responsibility for their violation. The protection of personal data should be considered one of the digital rights of a person and a citizen. The development of digitalization in a legal state must inevitably be accompanied by the development of the legal framework, in particular, the emergence, consolidation, definition and protection of digital rights of individuals and legal entities. Digital rights are a multifaceted category, they become connected and interwoven with other rights defined and established in the norms of different branches of law. The multifaceted nature of the “digital rights” category implies the separation and delimitation of various categories of digital rights, their distribution into appropriate types, for example, “personal digital rights”, “financial digital rights”, etc. It should be quite natural to form a separate element in the general system of law, such as digital law, as a set of legal norms regulating social relations related to the circulation of (including personal) data in digital networks.

In the development of China’s Internet industry and digital economy, great importance is attached to the protection of personal data and seriously protects the legitimate rights and interests of citizens’ personal data. Generally speaking, with the development of technology and industry, China’s personal data protection has gone from “indirect protection” to “direct protection” and then to “comprehensive protection”. In the early years of China’s Internet industry, the indirect protection of personal data was mainly achieved through the protection of the “rights to privacy” of citizens. Since the Internet industry of the People’s Republic of China has entered a stage of rapid development, the state began to directly protect personal data in accordance with the provisions of the Chapter “Network Information Security” established in the “Cyber Security Law” of 2016, establishes several principles for the collection and use of personal data, protection requirements information security. Until November 1, 2021, the “Personal Data Protection Law of the People’s Republic of China” (PPD) was adopted to comprehensively protect personal data, reflecting the ideology of development focused on bringing the people to the center, meeting the new needs and aspirations of the people in the new era, and also proposing the creation international digital legal order “Chinese version”. The PPD further expands the scope of the object of personal data protection, comprehensively establishes the rights of individuals to process data, strengthens the obligations to protect personal data processors, creates strict rules for the protection of sensitive personal data and regulates the processing of personal data by public authorities, as well as improving the means of legal protection of personal data, all of which are important points in the legislation. The law incorporates advanced foreign experience, while emphasizing Chinese wisdom, the spirit of the times, and practicality in accordance with the reality of China.

<em>In the era of digital transformation, one prominent model of Fintech is Peer-to-Peer (P2P) lending, which offers alternative financing access through digital platforms. The protection of personal data in P2P lending becomes crucial as sensitive information such as financial and credit history is collected and processed by these platforms. Data protection regulations, like GDPR, play a vital role in maintaining the balance between Fintech innovation and individual privacy rights. This research aims to discuss the legal protection of personal data within the context of Peer-to-Peer (P2P) Lending in the realm of Financial Technology (Fintech) in Indonesia. The research methodology employed is normative law, using descriptive legal analysis. Data is gathered from various sources, including legal statutes, court decisions, legal literature, and government guidelines related to Fintech and personal data protection. Qualitative analysis is conducted to identify relevant legal provisions, explain their legal implications, and formulate improvement recommendations. The research findings reveal that personal data protection within Indonesian Fintech P2P Lending is governed by a range of regulations, including the Electronic Information and Transactions Law (UU ITE), the amended UU ITE, OJK regulations, and the Ministry of Communication and Informatics regulations. Moreover, the Omnibus Law on Job Creation provides a strong foundation for the protection of consumer personal data. Key principles in personal data protection encompass transparency, explicit consent, data security, limited data usage, fair and ethical business practices, individual rights over personal data, and data integration</em>

The article is devoted to the study of the organizational and legal mechanism of personal data protection. The concept of "personal data protection" is developed in detail in domestic jurisprudence. The law regulates legal relations related to the protection and processing of personal data, with the aim of protecting the fundamental rights and freedoms of a person and a citizen, and, first of all, the right to non-interference in personal life, in connection with the processing of personal data. However, the rapid development of information technologies, the digitization of society forces us to improve the organizational and legal mechanism of personal data protection every time, to search for more effective and reliable methods and means of their protection. The actual legal basis for the protection of personal data can be found in the Constitution of Ukraine, the Criminal Code of Ukraine, the Civil Code of Ukraine, the Law of Ukraine "On the Protection of Personal Data", decisions of the Constitutional Court of Ukraine, international legal acts, consent to the mandatory use of which was given by the Verkhovna Rada of Ukraine. It is substantiated that it is the state that acts as the guarantor of the protection of a person's personal data - its task is to create an organizational and legal mechanism that would effectively protect human rights related to personal data, etc. The organizational component of the personal data protection mechanism covers the vertical of state bodies and services, which, in accordance with the powers assigned to them, carry out personal data protection activities. On the basis of the conducted research, we came to the conclusion that the organizational and legal mechanism for the protection of personal data is a set of legal norms and a complex of preventive measures carried out by relevant state bodies and services aimed at protecting personal data, stopping offenses, applying coercion to offenders and restoring violated human rights related to personal data.

The European Council has established the first legal framework for the fundamental right to the protection of personal data, namely the Convention for the Protection of Individuals with Regard to the Automatic Processing of Personal Data (Convention 108). The right to the protection of personal data is closely linked - but not identical - to the right of private life established by Article 8 of the European Convention for the Protection of Human Rights (hereinafter, the ECHR). Article 8 of the Charter of Fundamental Rights of the European Union (hereinafter, the Charter) expressly recognized the right of private life as an autonomous fundamental right. The importance awarded by the EU to the protection of personal data is also highlighted at Article 16 of the TFEU. The protection of personal data arises out of the question of the protection of individual rights by the State and has evolved into the question of how the the State treats and uses its citizens' personal data. On the contrary, in private commercial relationships, the right to the protection of personal data has a horizontal dimension. Does the Charter's fundamental right of personal data protection have direct effect in domestic legal orders? The CJEU has not yet pronounced on the enforceability of this right, however the legal scholar has already considered that Article 16 of the TFEU can be directly invoked. To be directly enforceable in front of domestic jurisdiction, the right to the protection of personal data should be specified by a specific legislation in the EU. To have a full picture it is thus paramount to consider the details of legislation in combination with primary law.Thus, in the next European legislature, a general reform of the data protection framework is envisaged to account for the challenges posed by new technologies of information, globalisation and the increasingly common practice of using personal data to prevent criminal and terrorist actions. The legislative package for the protection of personal data concerns two proposals: a Regulation that generally covers the treatment of personal data within the EU, both in the private and public sectors, and a Directive on Data Retention that aims to prevent, detect or to pursue criminal acts. This contribution not only clarifies the specific content of companies' obligations to respect the European standard for the protection of personal data but also discusses the proposal to revise the general framework to respect the Charter's acknowledgment of the fundamental right of personal data protection. The forthcoming legislative reform will represent an important reference point for countries - such as Switzerland - that are not members of the European Union. This paper assesses whether the European legislative reform on the protection of personal data, in conjunction with national law, responds in a satisfactory manner to the challenges posed by technological evolution and widespread use of the Internet. In recent years, the question of State regulation of the processing of personal data by private companies has become urgent as allegations of unauthorized access to personal data have been hotly debated in the European press. Thus, the paper shall first analyse, the appropriateness of European and States' legislation to properly regulate the effective protection of personal data, in particular of obligations applicable to companies storing and processing personal data on European soil. Does the proposed European legislation in the context of the EU's international agreements with the US provide sufficient legal safeguards to ensure the effective protection of personal data in the post-Snowden era? Specific subparts are devoted to the European reform of companies' criminal liability in cases of cyber-attack (a) and of specific obligations imposed on providers of cloud computing services (b). In the second part, I comment on the interpretation of the European data-protection legislation, provided by the Court of Justice, regarding the obligations imposed upon 'intermediaries' that process personal data, such as the Internet service providers (a) and Internet search engines (b). The Court of Justice has interpreted the European legislation in a manner that allows courts and national authorities to impose on companies a set of safeguards to protect individuals against the infringement of copyright and privacy rights.

This paper discusses the challenges associated with personal data protection in the era of artificial intelligence (AI). While AI technologies enable personalized services by collecting and analyzing large amounts of data, concerns regarding privacy and data protection are growing. The methods AI systems use to process data are often opaque, which poses a potential risk to individual rights and freedoms. Therefore, exploring data protection measures suitable for the AI era is crucial. Personal data protection is essential to comply with legal requirements and maintain individual privacy and trust. In the digital era, personal data is used in various ways, leading to issues such as data breaches, misuse, and discriminatory algorithms. These problems can erode trust and negatively affect innovation and economic growth. Strengthening personal data protection has thus become a socially important task. As AI technologies advance, existing data protection laws are proving insufficient to address new challenges. Regulations such as the European General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA) have been enacted to strengthen personal data protection, but they face limitations in keeping up with the complexities of AI technology. The complexity of AI algorithms makes it difficult to ensure transparency in data collection and processing, hindering trust in the use of personal data.To address these issues, companies must establish clear data protection policies, policymakers to develop flexible regulations, and engineers to adopt principles that consider personal data protection in system design. These efforts will help reinforce personal data protection and enhance the reliability of AI systems. In conclusion, a trust-based data protection framework is necessary for AI technologies to respect privacy and have a positive societal impact. Companies and governments must cooperate to strengthen data protection and build societal trust.

Privacy as a legal concept is an unavoidable part of a modern democratic society and is recognized as one of the fundamental human rights of every citizen. The right to privacy and the protection of personal data are guaranteed by international human rights documents. In librarianship, the right to privacy and protection of personal data is also guaranteed in the documents of international library associations, which clearly emphasize that librarians are obliged in their work to protect the privacy and personal data of their users. Privacy and personal data are increasingly difficult to protect today, as access to data is simpler and easier due to the use of different and new information technologies, electronic communication, social networks, electronic databases, etc. Personal rights are guaranteed by international documents on protection of personal data and protected by national personal data protection laws. The main objectives of the paper are: to problematize the definition of the concept of privacy from several perspectives; problematize the importance of the right to privacy and protection of personal data in the context of the library profession; provide an overview of significant international documents in the field of human rights which also guarantee the right to privacy and protection of personal data; make a review of important international documents guaranteeing the right to protection and confidentiality of personal data; and finally, the paper will provide an overview of documents of international library associations that in their texts indicate the importance of privacy and protection of personal data in the library business.

The Quest for Information Privacy in Africa

The subject of this analysis is the role that regional trade agreements (RTAs) play in balancing between personal data commodification and protection of privacy and personal data, approached from the perspective of Karl Polanyi’s theory of double movement. We analyse provisions on cross-border information transfers and data protection in order to establish the models for balancing between the ideas of personal data commodification and social protection, understood as allowing for the use of measures that ensure privacy and personal data protection. Our analysis indicates that there are two general models concerning the liberalization of cross-border information transfers: one model restricts states’ ability to restrict data flows while the other is more open to such measures. Next, we identify three primary models governing how data protection is treated in the agreements that liberalize data flows: one that is based on the inclusion of substantive standards of protection in the content of the given agreement; one that uses international standards as a proxy for establishing certain level of protection; and one that is based on national data protection laws. Combining identified models of liberalizing data flows with identified models of ensuring data protection allows us to show that the inclusion of seemingly similar provisions on cross-border data transfers in various RTAs has resulted in developing several different models for balancing between commodification of personal data and data protection.

The issue of personal data protection has been one of the focal points of attention in recent decades. This is because the protection of personal data is a form of realizing the right to privacy as a fundamental human right. Personal data refers to information about a specific individual’s characteristics that serves as a means of their identification. Personal data protection in Bosnia and Herzegovina is regulated by the Law on Personal Data Protection. This law governs the principles of personal data processing, the obligations of data controllers and processors, the rights of data subjects, as well as sanctions for violations of the law. Since 2016, the protection of personal data in the European Union has been regulated by the General Data Protection Regulation (GDPR), which has significantly improved the system for protecting personal data. A particularly significant category of personal data is personal health data, which includes identification and identifying information about an individual’s health and medical condition, their medical diagnosis, prognosis, and treatment, as well as information about substances that can identify that individual. Data related to an individual’s health is a crucial and potentially vulnerable aspect of their life. These are the most intimate data about an individual, the unauthorized and unjustified disclosure of which can subject them to shame, ridicule, and stigmatization, causing them significant, primarily non-material, harm. Misuse of patient information not only violates their privacy but also undermines their dignity. Therefore, personal health data can only be processed for health-related purposes, i.e., for the benefit of the individual and society as a whole. Laws regulating patients’ rights in the Federation of Bosnia and Herzegovina (the Law on Healthcare and the Law on the Rights, Obligations, and Responsibilities of Patients) guarantee patients the right to confidentiality of information and privacy, the right to data secrecy, and the right to access their medical records. The provisions of these laws significantly meet the standards for the protection of personal health data. However, in order to improve the situation in this area, there is a need to harmonize the provisions of the general data protection law, which is subsidiarily applied in the protection of personal health data, with the provisions of the General Data Protection Regulation.

Although the protection of personal data is harmonized within the EU by Directive 95/46/EC and will be further harmonized by the General Data Protection Regulation (GDPR) in 2018, there are significant differences in the ways in which EU member states implemented the protection of privacy and personal data in national laws, policies, and practices. This paper presents the main findings of a research project that compares the protection of privacy and personal data in eight EU member states: France, Germany, the UK, Ireland, Romania, Italy, Sweden, and the Netherlands. The comparison focuses on five major themes: awareness and trust, government policies for personal data protection, the applicable laws and regulations, implementation of those laws and regulations, and supervision and enforcement. The comparison of privacy and data protection regimes across the EU shows some remarkable findings, revealing which countries are front runners and which countries are lagging behind on specific aspects. For instance, the roles of and interplay between governments, civil rights organizations, and data protections authorities vary from country to country. Furthermore, with regard to privacy and data protection there are differences in the intensity and scope of political debates, information campaigns, media attention, and public debate. New concepts like privacy impact assessments, privacy by design, data breach notifications and big data are on the agenda in some but not all countries. Significant differences exist in (the levels of) enforcement by the different data protection authorities, due to different legal competencies, available budgets and personnel, policies, and cultural factors.

A comparison of data protection legislation and policies across the EU

The paper deals with the topic of collision between legal regulations on the protection of personal data and the legal regulations on archival work. The legal regulation applied by the Personal Data Protection Agency in Bosnia and Herzegovina often conflicts with the legislation that regulates archival work and lays down retention periods in the Records Schedule for given documentation. Due to this lack of uniformity of regulations, Archives has often been faced with requests for destroying the kind of records which have to be permanently retained. The paper also proposes possible solutions for overcoming this problem by both protecting the rights of individuals and remaining consistent to archival legislation.

Personal data protection regulations have been adopted by 137 countries until the beginning of 2022. In addition to creating a data protection agency, personal data protection regulations have also created new professionalism, namely personal data protection officers. The main role of the data protection officer is to ensure compliance with personal data protection regulations placing the function of a data protection officer as an important factor in the personal data protection ecosystem. It raises the question of how the role of data protection officers in the personal data protection ecosystem when it is analyzed from the attributes attached to the profession. Therefore, using the normative juridical research method, this paper attempts to describe the role of the data protection officer in the personal data protection ecosystem by analyzing the attributes attached to the profession through a comparison of the General Data Protection Regulation (GDPR) in the European Union, Personal Data Protection Act Singapore and the draft of personal data regulation in Indonesia. This paper concluded that the existence of a data protection officer is part of the data protection regulation, whether it appears as an obligation or in terms of certain conditions. Independency of the data protection officer and organizational support is essential to optimize the data protection officer’s role which has been adopted on GDPR. It also noticed the presence of data protection officers as a service to fulfill the needs of data protection officers by organizations. Further research regarding the attribute of data protection officers as studied in this paper is needed since the Indonesia personal data protection bill will impact many sectors, both private and public sectors.

-