Data Protection Framework Research Articles

Cross-Jurisdictional data privacy compliance in the U.S.: developing a new model for managing AI data across state and federal laws

The fragmented landscape of data privacy laws in the United States poses significant challenges for organizations utilizing artificial intelligence (AI) systems that process sensitive and large-scale data. Variations in state laws and the absence of a comprehensive federal framework exacerbate compliance complexities, limiting AI innovation and creating legal uncertainties. This paper proposes a conceptual model to harmonize privacy compliance across U.S. jurisdictions, integrating key interoperability principles, consistency, transparency, and scalability. The framework emphasizes standardized practices for data classification, consent management, risk assessment, and enforcement mechanisms supported by technological enablers such as privacy-enhancing technologies and AI compliance tools. Through case studies in healthcare, e-commerce, and finance, the paper demonstrates the framework’s practical application and effectiveness in resolving multi-jurisdictional compliance challenges. Actionable recommendations for policymakers, organizations, and AI developers are provided to facilitate implementation alongside future research directions to refine the model and address emerging privacy risks. This study offers a roadmap for navigating the complexities of U.S. privacy laws, promoting trust, accountability, and responsible AI innovation. Keywords: AI data governance, U.S. privacy laws, Cross-jurisdictional compliance, Privacy-enhancing technologies, Data protection framework, Ethical AI.

LEGAL SOLUTIONS ON PERSONAL DATA PROTECTION FOR ELECTRONIC HEALTH RECORDS: IN DIGITAL TRANSFORMATION IN VIETNAM

Abstract: Digital transformation is a key driver in modern healthcare systems. In Vietnam, transitioning from paper-based to electronic health records (EHR) offers improved efficiency and quality in healthcare services. However, safeguarding personal data within EHRs is paramount due to the sensitivity of the information involved. This paper explores the existing legal framework on personal data protection for EHRs in Vietnam, identifies critical gaps, and provides actionable recommendations for enhancing legal mechanisms. The study underscores the necessity of a comprehensive law on personal data protection and the development of uniform standards and enforcement mechanisms. Objective: The aim of this study is to examine the legal framework for personal data protection in electronic health records (EHRs) within the context of Vietnam's digital transformation. The aim is to identify existing gaps and propose actionable solutions to enhance data protection and foster trust in digital healthcare. Theoretical Framework: This research draws on concepts from data protection regulations such as the General Data Protection Regulation (GDPR) and relevant Vietnamese legal texts, including Decree No. 13/2023/ND-CP. These frameworks provide a basis for analyzing the current state of personal data protection and its implications for healthcare. Method: The study adopts a qualitative approach, using document analysis and comparative methodologies. Primary sources include Vietnamese legal documents, international standards, and case studies. We incorporated insights from legal experts and healthcare practitioners to contextualize findings. Results and Discussion: The analysis reveals significant gaps in Vietnam's legal framework, including the absence of a comprehensive data protection law, inconsistent standards for EHR data processing, and insufficient sanctions for violations. Recommendations include enacting a unified law, establishing standardized practices, and enhancing public awareness. Discussion highlights the alignment of these proposals with international best practices and their potential to strengthen trust in EHR systems. Research Implications: Findings underscore the need for a robust legal framework to safeguard sensitive personal data in healthcare. Practical implications include improved regulatory consistency and greater public confidence in digital health initiatives. Originality/Value: This study contributes by providing a structured evaluation of Vietnam’s data protection mechanisms in EHRs, offering innovative solutions tailored to local challenges while incorporating global insights.

Between data and damages: the (im)possibility of imposing non-material/moral damages in cases of personal leaks in the information society

The advancement of the internet has brought along the constant concern about the leakage of personal data, for both individuals and companies. This unease is amplified by the frequent news of inappropriate exposure of private information, notably in cases of leaks within the Austrian postal service company (Österreichische Post AG), the Bulgarian National Revenue Agency, and the Brazilian electricity company (Enel). Considering this backdrop, researchers have been dedicating themselves to exploring the possibility of accountability for non-material damages arising from data breaches. The study initiates with a review of the concept of the Information Society, explores the legal frameworks for data protection in the European Union and Brazil, and analyzes concepts of non-material and moral damages. Subsequently, the text investigates cases of data breaches and, finally, examines judicial decisions on accountability in similar situations, both in the European Union and Brazil.

Data protection and privacy in e-commerce environment: Systematic review

The rapid expansion of e-commerce has revolutionized how businesses and consumers interact, but it has also raised significant concerns regarding data protection and privacy. This systematic review examines existing research on data protection and privacy in the e-commerce environment, with a focus on identifying key challenges, solutions, and trends. A comprehensive search of academic databases was conducted, covering studies published over the last two decades. The findings highlight the vulnerabilities inherent in e-commerce systems, including data breaches, identity theft, and inadequate compliance with evolving privacy regulations such as General Data Protection Regulation (GDPR) and California Consumer Privacy Act (CCPA). Emerging technologies such as blockchain, artificial intelligence, and privacy-preserving algorithms are explored as potential solutions to enhance data security and consumer trust. Additionally, the review underscores the critical role of user awareness, organizational practices, and regulatory enforcement in creating a robust data protection framework. This paper aims to provide researchers, policymakers, and industry stakeholders with a consolidated understanding of current practices and future directions for safeguarding data privacy in the e-commerce sector.

AI Rx: Revolutionizing Healthcare Through Intelligence, Innovation, and Ethics

The integration of artificial intelligence (AI) in healthcare presents significant promise to enhance clinical procedures and patient outcomes. This research examines the setting, methodology, conclusions, and issues associated with AI in healthcare. The swift proliferation of digital health data, encompassing medical imaging and clinical records, has generated substantial prospects for AI applications. Artificial intelligence methodologies, including machine learning, natural language processing, and computer vision, facilitate the derivation of significant insights from intricate datasets, hence improving clinical decision-making. A thorough literature review examines the practical applications of AI, encompassing its roles in medical diagnostics, treatment planning, and patient outcome prediction. The report also examines ethical issues, data protection, and legal frameworks, which are crucial for the responsible application of AI in healthcare. The results illustrate AI's capacity to enhance diagnostic precision, facilitate administrative efficiency, and optimise resource distribution, resulting in tailored therapies and improved healthcare administration. Nonetheless, obstacles persist, such as data integrity, algorithm transparency, and ethical considerations, which must be resolved to guarantee the secure and efficient deployment of AI. Continuous research, cooperation between healthcare and AI experts, and the establishment of comprehensive regulatory frameworks are essential for optimising the advantages of AI while minimising hazards. This research highlights AI's capacity to transform healthcare, stressing the necessity for a multidisciplinary strategy to effectively harness its benefits and tackle the associated ethical and regulatory dilemmas.

Innovative Security Framework for Enhancing Data Protection in Mobile Cloud Environments

Abstract: There is especially a challenging problem for secure communications in the last few years among the resource-poor environments like IoT devices and embedded systems which had driven the research to lightweight cryptography algorithms, performing wonderfully on the constraints of computations, memory, as well as also energy resources. It involves the implementation along with performance analysis of probably the most impressive lightweight block ciphers, such as SIMON, SPECK, and HIGHT. It also encompasses ECC as a safe alternative substitute to the traditional ones that contain AES. SIMON and SPECK are new-generation lightweight block ciphers developed by NSA for hardware efficiency so that performance is maximized at low speeds with very high levels of security. Also included are the performance characteristics of HIGHT, which is a specially designed block cipher for environments with very low resources. ECC is presented as the asymmetric encryption algorithm that provides at least some level of security yet its key sizes are dramatically smaller than the counterparts making it well applicable within these environments. In addition, an overall comparison in the aspect of the computational cost, usage of the memory, and the security level among the algorithms is made

GDPR vs. Weakly Protected Parties in Other Countries

The General Data Protection Regulation (GDPR) establishes strong privacy rights for EU residents. However, many countries, including the United States, Asia, and Africa, lack similar protections. This creates challenges for multinational corporations and individuals navigating fragmented global data protection frameworks. This study examines the evolution, principles, and extraterritorial effects of GDPR, comparing it with weaker regulatory frameworks globally. Using qualitative and doctrinal research and document analysis, it identifies enforcement gaps, compliance costs, and operational difficulties in cross-border data transfers. Findings emphasize the need for consistent global standards to address the digital divide and ensure fair data practices. Recommendations highlight multilateral cooperation to develop an interoperable and ethical digital ecosystem. While GDPR offers a foundational model, achieving global harmonization requires collective international commitment. The study concludes with actionable suggestions to strengthen global privacy frameworks and protect vulnerable parties in weakly regulated regions.

OECD COUNTRIES' EXPERIENCE IN TRANSFORMATION OF PUBLIC SERVICE DELIVERY SYSTEMS

The article discusses the growing importance of digital transformation in public administration, with a focus on the experiences of various countries like South Korea, the U.S., and Sweden. It examines how governments worldwide are leveraging new technologies such as artificial intelligence, cloud computing, and mobile applications to enhance public service delivery. Key objectives include improving efficiency, transparency, and citizen satisfaction while fostering stronger government-citizen interactions. The article also touches on challenges faced during the digital transformation, such as data protection, coordination, and legal frameworks. The research highlights successful strategies in digital governance, such as South Korea’s leadership in e-government, which enabled it to excel in global rankings. It underscores the significance of strong leadership and comprehensive strategies, including the use of a "control room" to manage inter-departmental coordination. Kazakhstan, which has adopted a new Concept of the development of civil service for 2024-2029, is seeking to apply these international best practices to develop proactive, citizen-centered public services and enhance government efficiency through digitalization.

A novel framework for privacy and data protection in internet of things-based energy management systems

A novel framework for privacy and data protection in internet of things-based energy management systems

Efektivitas Kebijakan Perlindungan Data Pribadi di Indonesia: Analisis Hukum Perdata dengan Pendekatan Studi Kasus

The protection of personal data has emerged as a critical concern in the digital era, particularly in Indonesia, where data breaches are increasing at an alarming rate. This study investigates the effectiveness of Indonesia's data protection policies, focusing on the implementation of Law No. 27 of 2022, and identifies the factors affecting its enforcement. Employing a qualitative approach with a case study methodology, the research analyzes three major data breach incidents involving Tokopedia, BRI Life, and BPJS Kesehatan. Data collection methods included in-depth interviews with legal practitioners and document analysis of relevant regulations and reports. The findings reveal significant gaps in the enforcement of Law No. 27 of 2022, including weak sanctions, inadequate oversight mechanisms, and limited public awareness of data privacy rights. Although the law provides a foundational framework, its effectiveness is hindered by insufficient penalties and the absence of an independent supervisory authority. For instance, while Tokopedia implemented policy revisions post-breach, similar incidents remain likely due to inadequate deterrent measures. Comparatively, the European Union's General Data Protection Regulation (GDPR) demonstrates higher effectiveness through stringent sanctions and robust enforcement mechanisms. This study contributes to the discourse on data privacy by highlighting the shortcomings of Indonesia’s current policies and proposing strategic recommendations. These include harmonizing domestic regulations with international standards, strengthening enforcement through independent oversight bodies, and enhancing public education on data privacy rights. By addressing these challenges, Indonesia can establish a more robust data protection framework, fostering trust in its digital ecosystem and ensuring alignment with global practices.

Advanced Data Analytics and Machine Learning Driven Fraud Detection and Data Loss Prevention for Automated Incident Response in the US Healthcare Corporations

Fraud detection and data loss prevention are critical challenges facing US healthcare corporations as they strive to safeguard sensitive patient information and comply with stringent data protection regulations. The integration of advanced data analytics and machine learning has emerged as a powerful approach to enhance the efficiency and accuracy of detecting fraudulent activities and preventing data breaches. This study explores the application of machine learning-driven solutions in automating incident response for healthcare data security. The research begins by examining the current landscape of data analytics and machine learning in fraud detection, emphasizing the limitations of traditional methods. Through an extensive literature review and analysis of case studies within the US healthcare industry, the paper identifies key areas where advanced technologies can bridge existing gaps. The methods section outlines the data collection process, the machine learning algorithms implemented, and the evaluation metrics used to measure model performance. Results demonstrate the enhanced detection accuracy and prompt response capabilities of machine learning models compared to conventional techniques. The discussion delves into the implications of these findings, showcasing the transformative potential of automated incident response systems in reducing response times and mitigating data loss risks. Although promising, the study acknowledges limitations in data variability and model generalizability, suggesting avenues for further research. The paper concludes with strategic recommendations for adopting machine learning solutions in healthcare security protocols. By highlighting best practices and policy recommendations, this research aims to provide a roadmap for healthcare corporations seeking to strengthen their data protection frameworks. The insights presented underscore the pivotal role of advanced data analytics and machine learning in fortifying healthcare data security against evolving cyber threats.

GDPR Compliance of Hospital Management Systems in the UAE

While the UAE is making strides in healthcare digitalization and adopting global best practices, the absence of a unified data protection framework equivalent to the GDPR poses significant challenges for hospital management systems (HMS) in the region. This gap creates uncertainties in compliance, especially regarding cross-border data transfers, third-party vendor management, and the protection of patients' privacy rights. The lack of clear regulations tailored to the UAE’s unique healthcare landscape hinders the implementation of robust data protection measures, raising concerns about potential data breaches, legal liabilities, and the overall trustworthiness of healthcare institutions. Addressing these challenges is crucial for aligning the UAE’s healthcare sector with international standards while ensuring the security and privacy of patient data in a rapidly evolving digital environment. The General Data Protection Regulation (GDPR) has significantly impacted hospital management systems (HMS) by setting strict data protection requirements. This study provides a systematic literature review of GDPR compliance in HMS, focusing on key challenges such as regulatory complexity, permission management, data subject rights, data breaches, third-party vendor management, and cross-border data transfers. Suggested mitigation measures include privacy by design, data protection impact assessments, improved consent management, robust breach detection, and efficient vendor management. Legislative reforms are needed to clarify GDPR's application to healthcare. The study also highlights increased investments in privacy technologies, improved patient trust, and the demand for advanced solutions. Future research should explore the effectiveness of these mitigations, GDPR's impact on patient satisfaction, ethical data processing, and standardized data protection frameworks in healthcare. Achieving GDPR compliance is crucial for protecting patient data, building trust, and ensuring secure and ethical use of healthcare information. This study aims to guide healthcare organizations, particularly hospitals, along with regulators and researchers, in navigating these challenges and implementing effective solutions. Received: 17 June 2024 | Revised: 10 September 2024 | Accepted: 13 November 2024 Conflicts of Interest The authors declare that they have no conflicts of interest to this work. Data Availability Statement Data sharing is not applicable to this article as no new data were created or analyzed in this study. Author Contribution Statement Inas Al Khatib: Conceptualization, Methodology, Formal analysis, Investigation, Writing - original draft, Visualization, Project administration. Norhan Ahmed: Methodology, Formal analysis, Writing - original draft, Supervision, Funding acquisition, Project administration. Malick Ndyiaye: Writing - review & editing, Supervision.

Vulnerability of personal data of Kazakhstani citizens and the need to implement the European experience

The modern period of time is very painful for the privacy of an individual and the preservation of his personal data, as the rapid growth of digitalization and the in-troduction of information and communication technologies have threatened the confidentiality of information. The paradigm of attitude to information in general, and especially to personal data, which is perceived by modern society as a product for trade, is changing. And if earlier the confidentiality of personal information about a person was recognized as something absolute and unshakeable, today there are new views on the ways to evaluate personal data. Of course, this gives rise to the emergence in the sale of personal data not only by illegal means, but al-so the formation of specialized markets of personal information. Despite the ef-forts of the state to ensure legal regulation of digitalization processes, the desire to involve the process of information technology use in the legal field, it must be ad-mitted that the pace of legislation development does not keep pace with the rapid formation of an open information space. Consequently, the citizens of these coun-tries have many questions how to keep their personal data confidential, and the state has very few answers how to solve the emerging problems and fight against data leaks into the open space. The purpose of the article was decided to deter-mine the development of recommendations to improve the regulatory and legal framework of personal data protection in Kazakhstan.

No One Reads Privacy Notices. So Why Do We Have Them?

Under the GDPR, controllers must be transparent and provide individuals with details about the way in which they process those individuals’ personal data. This is typically done using a privacy notice. The transparency obligation is often described as being fundamental to the operation of the wider data protection framework. This article analyses the results of a new study that used freedom of information laws to obtain information from a range of UK public authorities about traffic on their website. The study shows that few individuals in the UK read website privacy notices and, those that do, do not read them properly. In particular, only 1 in 200 website visitors looked the privacy notice for the site and those that did only spent 48 seconds on that page on average. This would only allow them to read a maximum of 5% of that notice. These findings are consistent with many previous studies. The article considers whether privacy notices still provide a valuable function due to the effect of the “informed minority”. It also considers why regulatory action is driving controllers to produce longer and longer privacy notices, and what steps controllers can take to provide meaningful and useful information to individuals.

Double edged tech: navigating the public health and legal challenges of digital twin technology

Abstract This research addresses the legal challenges posed by the implementation of digital twin technology in public health. Digital twins are advanced computational models which aim to replicate human organ functions and biological processes. Their goal is to enable the simulation of the entire human body and to personalize the outputs with individual patient’s health data. Digital twin technology promises to bridge gap between personalized medicine and precision public health. This research is based on a comprehensive review of the current European and Swiss legal frameworks for medical devices and data protection that apply to digital twin technology. Within these frameworks, digital twins are in a grey area, as they are only considered as medical device software when applied to individuals. They also incorporate artificial intelligence, machine learning, and data analytics, which are already a source of legal concern in a healthcare setting, but their effective use in public health raises additional issues. Preliminary findings suggest significant shortcomings in the legal frameworks regarding data privacy, and the potential for increased surveillance by health insurance systems, which could lead to human rights violations. The public health application of digital twins would require global data analysis of sensitive personal information, raising further questions about the secure storage, transmission, and processing of this data. The study concludes that current legal frameworks must be future proofed to manage the complexities introduced by digital twins in public health. In particular, it suggests that regulatory oversight of medical devices needs to be significantly improved in order to safely harness the potential of digital twin technologies for public health. Finally, the new European Union health data space and the forthcoming EU AI act will also play important roles in the implementation of digital twin technologies. Key messages • Applying digital twin technology in public health faces considerable challenges, particularly the issues around data privacy, potential discrimination, and increased surveillance. • We need to adapt and strengthen existing legal frameworks to effectively manage the complexities introduced by digital twins, ensuring that these technologies can be safely used for public health.

Deployment of in-body wearable devices in healthcare and at work: closing the EU regulatory gap

Abstract Background In-body wearable devices can protect workers’ health and safety. Moreover, they might provide data that could be capitalized on in the context of the European Health Data Space (EHDS), which aims at fostering a single market for medical devices and high-risk AI systems. Yet, neither EU legislation nor national law regulates the use of in-body wearables at the workplace and the related data protection and safety issues. This regulatory gap impacts on workers’ rights. Methods The study explores whether the EU regulatory framework used in the healthcare sector for medical devices could fit the in-body wearables’ application in employment. The legal and policy analysis takes the perspective of workers’ rights and discusses the application of a key GDPR principle: lawfulness. The research discusses the potential transformations in the EU health data protection framework that could close the regulatory gap. Results The EU regulatory framework for medical devices (focused on product safety, performance, and quality) is not equipped to address the data protection challenges linked to the use of in-body wearables for occupational health and safety purposes. The GDPR’s principle of lawfulness and the related guidance by EU and national data protection authorities lack clarity on employers’ possibilities to apply in-body wearables for occupational health purposes. Filling the regulatory gap is conducive to appropriate qualification and risk-based classification of in-body wearables, which affect pre- and post-market requirements and impact on data protection. Conclusions a. The EU legislator could use its social policy competence to regulate the use of in-body wearables to protect workers’ health while safeguarding their data. b. EU authorities should clarify whether and how the data collected by in-body wearables at the workplace could be shared and (re)used within the EHDS. c. Further input by data protection authorities is needed to close the regulatory gap. Key messages • The EU should regulate the use of in-body wearables to protect workers’ health and safety. • Health data gathered through the application of in-body wearables at the workplace may be an asset for the EHDS.

Rethinking FinTech Regulation Under the Indian Data Protection Framework

This article examines the substantial implications of the Digital Personal Data Protection Act, 2023 (DPDPA) on the developing FinTech industry in India. With a principlebased approach, the DPDPA emphasises user control, accountability, and transparency in addressing critical issues in the data-driven FinTech sector. Combining doctrinal analysis and an exploratory methodology, this study meticulously investigates the Act's insight into obligations, focusing on the intricate distinctions between data processors and data fiduciaries. The objective of this doctrinal and exploratory analysis is to thoroughly comprehend the legal structure established by the Act, thereby clarifying the consequences for participants in the FinTech ecosystem. This study explores the DPDPA's impact on managing and safeguarding financial data within the dynamic FinTech sector. It accomplishes this through an evaluation of legal instruments and literature reviews. The paper concludes by suggesting changes to be taken by the financial regulator as a way to address concerns related to data security. Additionally, it initiates a discourse on the regulation of FinTech in India. It emphasises the significance of the collaboration between the Reserve Bank of India and the Ministry of Information Technology on data protection.

Digital Innovations and Competitive Advantage of Commercial Banks in Kenya

Purpose: The purpose of the study was to ascertain the role of digital banking technological innovations in enhancing competitive advantage among commercial banks in Kenya. Specifically, the study sought to examine the influence of digital technological innovations for market, digital banking innovations for differentiation, digital innovations for customer satisfaction and the influence of ICT infrastructure on competitive advantage of commercial banks in Kenya Methodology: Descriptive research design was adopted for the present study. The study was carried out in Kenya, covering all the 39 solvent commercial banks in Kenya as of 31st March 2024. The study adopted the census data collection method from the headquarters of the 22 solvent commercial banks belonging to Tier 3. Four key officers including the sales manager, loan officer, relationship manager, and risk manager totaling to 88 were sampled to participate in the study. Findings: The findings indicate that there is a significant relationship between market positioning and competitive advantage (B = 0.292, p = 0.003). On the other hand, Differentiation is established to have a negligible influence on competitive advantage in this model (B = 0.027, p = 0.852). Customer Satisfaction comes out strongly, as a factor that defines competitive advantage (Coefficient = 0.247, P = 0.046). Unique Contribution to Theory, Policy and Practice: The study recommends that Kenyan commercial banks invest in continuous digital innovation, particularly in mobile and Internet banking, to strengthen market positioning, improve brand perception, and offer personalized services. Banks should also enhance their ICT frameworks for better service delivery, data protection, and adaptability to market changes. Emphasizing mobile banking innovations and staying updated with emerging digital trends will help banks reduce customer acquisition costs, expand their customer base, and maintain a competitive edge in a dynamic industry.

Artificial Intelligence in Education Management: Opportunities, Challenges, and Solutions

Education management, as an integral part of management science, encompasses core functions such as organizing, planning, coordinating, and controlling educational resources, which closely align with the management concepts used in business administration. Whether in the field of education or business, managers need to improve organizational performance through effective strategy development, resource allocation, and decision-making support. The emergence of Artificial Intelligence (AI) has profoundly transformed several industries, and its impact on education is progressively gaining prominence.This paper explores the opportunities, challenges, and solutions associated with the integration of AI in the education sector. AI offers substantial benefits such as personalized learning experiences, automated educational management, and global access to shared educational resources, revolutionizing the traditional educational landscape. However, its application also presents significant challenges, including concerns over data privacy, the widening of the digital divide, and the evolving role of teachers.Through an analysis of both opportunities and challenges, this paper emphasizes the need for strategic measures to ensure the ethical and equitable use of AI in education. These measures include stronger policy frameworks for data protection, comprehensive teacher training programs for AI integration, and the promotion of global cooperation to bridge technological gaps in underdeveloped regions. Furthermore, the paper projects the potential future developments in AI-driven education, highlighting the importance of balancing technology with human interaction in the learning environment.By addressing both the benefits and risks associated with AI, this paper provides actionable insights for educators, policymakers, and technologists, aimed at creating a more inclusive, efficient, and innovative educational system. Future research should continue to examine AI's ethical implications and strive for solutions that ensure education remains accessible and fair in an increasingly AI-driven world.

Legal Politics and Data Protection in Indonesia: A Case Study of the National Data Center Hacking

Introduction: This article analyzes the politics of law and data protection in Indonesia through a case study of the hacking of the National Data Center. The incident highlights significant vulnerabilities within the national data protection framework and the legal implications arising from such breaches, emphasizing the urgent need for robust legal measures to safeguard sensitive information.Purposes of the Research: The purpose of this article is to thoroughly evaluate legal policies related to data protection in Indonesia, examining the challenges and opportunities for improvement. By focusing on the hacking incident of the National Data Center, the study aims to provide insights into potential policy enhancements to better protect data in an increasingly digital world.Methods of the Research: This research employs normative research methods with a comprehensive case study approach. Data is obtained through detailed analysis of legal documents, pertinent regulations, and relevant literature. This methodology aims to offer an in-depth understanding of the current state of data protection policies in Indonesia and identify areas requiring legislative and regulatory improvements.Results of the Research: The findings reveal that current data protection policies in Indonesia are insufficient to counter advanced hacking threats. This study offers recommendations for strengthening regulatory frameworks and implementing tighter supervision to enhance national data security. It introduces a new perspective on the dynamics of data protection law politics in Indonesia, contributing to the broader discourse on data security.