The rapid advancement of digital technology has transformed the nature of crime and evidence, requiring legal systems to accommodate electronic forms of proof. This study analyzes the admissibility of electronic evidence in Indonesian criminal procedure law and its implications for the protection of privacy, particularly in cases involving the dissemination of sexual content. Using a normative juridical approach, this research examines statutory frameworks, including the ITE Law and its 2024 amendment, the 1945 Constitution, Law No. 20 of 2025 on the new Criminal Procedure Code, and Law No. 27 of 2022 on Personal Data Protection. It also employs a case study of the Pandeglang District Court Decision No. 71/Pid.Sus/2023/PN Pdl to assess the gap between das sollen and das sein. The findings indicate that Indonesia has normatively established a clear legal basis recognizing electronic evidence as valid and binding. However, judicial practice, particularly in cases decided prior to the enactment of the new KUHAP and the Personal Data Protection Law, tends to prioritize evidentiary validity over the protection of victims’ privacy. The Pandeglang case demonstrates that although electronic evidence was lawfully admitted, the absence of procedural safeguards created risks of re-victimization and undermined the victim’s dignity. This study concludes that while the issue of admissibility has been resolved under the current legal framework, challenges remain in ensuring privacy protection in judicial practice. Therefore, courts must adopt rights-sensitive approaches, including closed hearings, anonymization, and proportional use of evidence, to balance evidentiary effectiveness with the protection of fundamental rights in the digital era.

Abstract The rapid proliferation of Artificial Intelligence (AI) across healthcare, finance, e-commerce, and public governance has introduced unprecedented challenges to data privacy. AI systems rely on vast quantities of personal and sensitive data to train, optimize, and deploy predictive models, creating complex tensions between utility and individual privacy rights. This comprehensive review explores the intersection of AI capabilities and data privacy obligations, examining the technical mechanisms through which privacy can be compromised, the regulatory frameworks that govern data handling, and the emerging technologies designed to reconcile AI performance with privacy preservation. The paper surveys Privacy-Enhancing Technologies (PETs) such as federated learning, differential privacy, homomorphic encryption, and secure multi-party computation. It further examines the adequacy of global regulatory regimes including GDPR, CCPA, and India's Digital Personal Data Protection Act, and critically evaluates their enforcement in AI-driven environments. The findings highlight persistent trade-offs between model accuracy and privacy guarantees, scalability barriers in cryptographic approaches, and the need for standardized privacy metrics. Future directions include privacy-aware AI architectures, explainable privacy controls, and unified international governance frameworks. Keywords: Artificial Intelligence, Data Privacy, Federated Learning, Differential Privacy, GDPR, Privacy-Enhancing Technologies, Homomorphic Encryption, Trustworthy AI

Evolving from Gender Equality Plans (GEP) to inclusive Gender Equality Plans (iGEP) requires the incorporation of an intersectional approach capable of addressing complex and structural inequalities, attending not only to formal equality but also to the power relations that shape experiences within scientific organizations. Intersectionality, as an analytical and political framework, recognizes that gender does not operate in isolation but rather interacts with other social categories -such as ethnicity, class, age, disability or sexual orientation- producing overlapping and interdependent systems of discrimination and disadvantage. In Research Performing Organizations (RPOs), there is often a tension between the scarcity of systematic intersectional data – often caused by personal data protection policies – and the need for evidence to inform institutional policies and practices. However, these constraints cannot obviate persistent inequalities, even in environments that may seem homogeneous. Drawing on the experience of the Institute of Marine Science, this paper presents the various efforts made to obtain intersectional data and evidence of staff perceptions and experiences of discrimination and privilege related to their specific identities. The findings reveal diverse forms of exclusion, as well as dynamics of power, privilege and resistance that continue to shape organisational culture and affect the participation, recognition and career trajectories of specific groups. Addressing intersectional disadvantage requires both methodological sensitivity and ethical accountability. The paper highlights the contextual nature of intersectionalities, repositions marginalised voices within institutional analysis, and reflects on the positionality of those leading the process. It recognises the limits of perspectives and imaginaries constructed from outside marginalised groups, emphasising the importance of reflexivity and validation. The results of this process, shared and collectively validated within the institution, provide the foundation for the formulation of a GEP+ reinforcing its legitimacy and institutional relevance. The iGEP articulates inclusive policies aimed not only at addressing discrimination and inequalities, but at fostering deep and sustainable structural and cultural transformation. Through this comprehensive and intersectional approach, the iGEP advances substantive equality within the ICM, moving beyond compliance towards structural change, enhanced inclusion, and the recognition of diverse identities and lived experiences across the organisation.

The development of digital financial services has encouraged the massive growth of electronic wallet users in Indonesia, but at the same time opens up serious vulnerabilities in the form of leakage of users' personal data. This study examines the civil liability of business entities operating electronic wallets for the leakage of users' personal data based on Law Number 27 of 2022 concerning Personal Data Protection (PDP Law) and its enforcement mechanisms. The research uses normative juridical methods with a statutory approach and a conceptual approach. The results of the study show that electronic wallet operators as data controllers can be held to civil liability based on fault (Article 1365 of the Civil Code jo. Article 50 of the PDP Law) as well as strict liability in the context of fundamental information asymmetry between operators and users. The PDP Law requires the implementation of adequate technical and organizational safety standards; Failure to comply with them is the basis for a valid civil lawsuit. The conclusion of the study emphasizes that the gap between das sollen and das sein in personal data protection requires the strengthening of derivative regulations, reverse proof mechanisms, and independent supervisory institutions that are immediately operational

Implementing technologies of Internet of Things (IoT) across core economic sectors of Russia’s regions, including industry, utilities, logistics and health, entails considerable legal challenges for the security of data to be processed. The article provides a comprehensive analysis of the legal specifics of corporate implementation of IoT systems in Tatarstan as one of the leaders of digital transformation in Russia. The research was undertaken to identify legal problems arising from processing smart device data and make evidence-based proposals to improve regional regulatory and enforcement mechanisms. Methodologically, the study relies on analysis of federal and regional statutory regulation for protection of information and personal data, consolidation and systematization of regional legal practice in 2020–2024 as well as empirical research of corporate bylaws including model data processing consents and legal awareness for workers. It was found that digitization of economic sectors in Tatarstan leaves out major legal gaps including uncertain legal regime applicable to IoT-generated data, lack of provisions regulating such data flows, and fragmented technical protection standards. The authors propose a number of measures including a risk-differentiated IoT data regulation framework based on contextual anonymization, as well as model data processing requirements to be introduced to the regional law. A special focus is made on providing justification for the model for differentiation of administrative liability for offences in the area under study. The study’s practical value lies in shaping legal mechanisms to minimize legal risks for operators and to balance technological development with protection of data subjects’ rights. The solutions proposed may be applicable both in Tatarstan and any other constituent territory faced with similar legal issues in the context of digital transformation of the economy.

In this study, digital constitutionalism is defined as an indispensable regulatory framework for assessing global personal data protection regimes. Analyzing the basic principles of limiting digital power, protecting fundamental rights, algorithmic accountability, democratic participation, and balanced data sovereignty, the study identifies systemic weaknesses in various jurisdictions: inadequate restrictions on government and corporate power, inconsistent enforcement of rights, and unresolved contradictions between sovereignty and rights. Despite the fragmentation of regulation between law-oriented models (GDPR), market (USA), and sovereignty-security, constitutionalism defines universal foundations in human dignity and the rule of law. The article suggests ways of constitutional harmonization: multilateral dialogue through BRICS/The Council of Europe, minimum global standards of rights, strengthening international oversight and proportionality tests that align national security with the protection of rights. В этом исследовании цифровой конституционализм определяется как необходимая нормативная база для оценки глобальных режимов защиты персональных данных. Анализируя основные принципы ограничения цифровой власти, защиты фундаментальных прав, алгоритмической подотчетности, демократического участия и сбалансированного суверенитета данных, авторы исследования выявляют системные недостатки в различных юрисдикциях: неадекватные ограничения власти правительства и корпораций, непоследовательное обеспечение соблюдения прав и неразрешенные противоречия между суверенитетом и правами. Несмотря на фрагментацию регулирования между моделями, ориентированными на закон (GDPR), рынок (США) и суверенитет и безопасность, конституционализм определяет универсальные основы человеческого достоинства и верховенства закона. В статье предлагаются пути конституционной гармонизации: многосторонний диалог через БРИКС/Совет Европы, минимальные глобальные стандарты в области прав, усиление международного надзора и проверки соразмерности, которые увязывают национальную безопасность с защитой прав.

The transition toward a digital tax administration system in Indonesia through the implementation of Coretax represents a strategic reform aimed at enhancing administrative efficiency, transparency, and taxpayer compliance within a self assessment framework. However, the emergence of intermediary practices commonly referred to as tax jockey services reflects structural and normative deficiencies in regulating third party access and digital accountability. This study employs a normative doctrinal legal method using statute and conceptual approaches to examine the legal construction governing digital taxation and its implications for unauthorized delegation practices. The analysis identifies regulatory gaps within Law Number 7 of 2021 and Law Number 28 of 2007, particularly concerning the absence of explicit limitations on informal representation, as well as insufficient integration with personal data protection principles under Law Number 27 of 2022. Furthermore, the findings reveal that weak authentication mechanisms and limited digital literacy contribute to systemic vulnerabilities that enable misuse of sensitive taxpayer data. This study proposes a normative reconstruction emphasizing stricter legal boundaries on third party involvement, strengthened digital authentication protocols, and integrative regulatory harmonization to ensure legal certainty, data protection, and sustainable taxpayer compliance.

In the current digital era, data protection has emerged as an indispensable aspect of both individual privacy and national security. This research paper presents a comparative analysis of the evolutionary trajectory of India's legal framework ranging from the erstwhile Section 43A of the Information Technology (IT) Act, 2000, to the new Digital Personal Data Protection (DPDP) Act, 2023. The primary objective of this study is to examine the shifting dynamics between 'Corporate Liability' and 'State Immunity.' The study indicates that while Section 43A imposed limited civil liability on 'Body Corporates,' the DPDP Act, 2023, has tightened corporate accountability by imposing hefty penalties and statutory duties through the concept of a 'Data Fiduciary.' However, a significant 'research gap' that emerges is the scope of 'State Immunity’. This research highlights how the broad exemptions granted to government agencies under the new law in the name of 'national security' and 'public order' create an 'accountability gap' that stands in contrast to the strict regulations imposed on private corporations. Furthermore, this paper analyzes the shift from the 'compensation-based model' of the IT Act to the 'penalty-based model' of the DPDP Act i.e. a transition that prioritizes the State exchequer over aggrieved citizens. Ultimately, this research paper argues that a balanced data protection framework necessitates ensuring equal accountability for both the State and corporations, thereby safeguarding against the infringement of the 'Right to Privacy' within the context of India's digital inclusion.

The article provides an in-depth analysis of the digitalization process within the insurance market, highlighting its role in transforming the financial sector and advancing the digital economy. It defines digitalization as a crucial element in enhancing the operational efficiency of insurance companies and in establishing new business models. The study examines modern technologies being integrated into insurance practices, focusing on big data, artificial intelligence, machine learning, blockchain, and the Internet of Things (IoT), and how these technologies influence automation, underwriting, risk assessment, and insurance claim settlement. The development of digital technologies in insurance is largely based on the implementation of innovative solutions for collecting, analyzing, processing, transmitting and securely storing data. In this direction, modern tools are actively used, covering a wide range of capabilities. In particular, an important place is occupied by interactive platforms for online insurance, mobile applications for simplifying access to services, as well as specialized software designed to increase the efficiency of business processes. Particular attention is paid to the implementation of network solutions for automating operations and the use of artificial intelligence technologies, which allow analyzing large volumes of data and offering personalized approaches for each client. Significant emphasis is placed on how the digital environment alters interactions between insurers and clients, fostering the growth of online insurance, mobile apps, and digital platforms. The study explores how digitalization increases financial inclusion, makes insurance services more accessible, and enables the personalization of insurance products. It identifies key benefits of digital transformation in the insurance market, such as enhanced operational efficiency, lower administrative costs, faster data processing, and improved customer experiences. However, it also outlines major challenges and risks associated with digitalization, including cybersecurity threats, personal data protection concerns, technological dependencies, and the necessity for robust regulatory frameworks. The article argues for a comprehensive strategy for the digital transformation of insurance companies to maintain their competitiveness and ensure sustainable growth in the digital economy.

The growing adoption of Artificial Intelligence (AI) in the banking industry has brought about a revolution in the financial sector by making it more efficient, automated, and data-driven in decision-making. Nevertheless, the protection of personal data has also become a major issue with the help of this technological development, especially concerning the corporate responsibility and consent issue. This paper is a critical analysis of the framework provided by the Digital Personal Data Protection Act, 2023 (DPDP Act) regarding the application of AI in banking in India. The study takes a dogmatic and descriptive stance to assess how efficient legal provisions in conserving the data fiduciaries are and, particularly, how accountable they are in their use of the AI systems in regard to personal data. It also discusses the essence and legality of the consent practices adopted in online banking environments whether such consent is in fact informed and meaningful. The research determines major issues, such as the absence of transparency in the decision-making process by algorithms, low levels of explainability, and formal instead of substantive consent. The paper delineates the gaps in the current legal framework that necessitate crucial analysis and practical examples and can include deficiencies in the current laws governing AIs, especially the lack of provisions in the legal system aimed at the specific regulation of AI, and the impossibility of holding responsible parties accountable in complicated technological contexts. The results indicate that although the DPDP Act is a great move towards enhancing the protection of data, it still needs some improvements to meet the special risks that the AI technologies represent. The paper ends with the recommendation of stricter accountability principles, more stringent transparency levels, and more efficient sets of consent particularities in order to guarantee the preservation of the rights of individuals in the changing digital banking environment.

This study aims to analyze the extent to which social engineering influences data leaks among social media users in Indonesia and to identify the factors that increase their vulnerability. A quantitative approach was used in this study by distributing an online questionnaire to 325 respondents who are active social media users from various backgrounds. Regression analysis shows that exposure to social engineering, particularly phishing and impersonation techniques, has a significant influence on the likelihood of data leaks. In addition, the level of information security awareness was found to moderate this relationship. This study concludes that personal data leaks are not only caused by technical weaknesses, but also by human factors that can be manipulated psychologically. The implications of this study suggest the need to improve digital security literacy, provide advanced security features on social media platforms, and strengthen personal data protection regulations in Indonesia.

Reporting adverse drug reactions (ADRs) is essential for detecting drug risks. Despite legal obligations in Switzerland, underreporting remains an issue. This study assessed practice, knowledge and attitudes towards the spontaneous ADR reporting system among physicians and pharmacists. A nationwide cross-sectional survey was disseminated via professional associations to physicians and pharmacists in Switzerland. The 21-item questionnaire assessed reporting practice, knowledge, attitudes, information needs and improvement suggestions. Multivariable regression (odds ratios [ORs], 95% confidence intervals [95% CIs]) examined associations between participant characteristics and reporting habits. A total of 1108 participants (834 physicians, 274 pharmacists) were included. ADRs had been suspected by 589 (53.2%), and 562 (50.7%) had reported ≥1 ADR. Most participants rejected the notion that reporting is pointless (999, 90.2%). Although 716 (64.6%) were aware of reporting obligations, 477 (43.1%) perceived reporting as time-consuming and 270 (24.4%) reported legal concerns. About half indicated no lack of incentives (587, 53.0%) and no concerns regarding personal (580, 52.3%) or patient data protection (545, 49.2%). More than half desired clearer guidance on reportable ADRs (609, 55.0%) and 648 (58.5%) expressed interest in pharmacovigilance training. Reporting ADRs was independently associated with increasing age and training (ORs between 1.28 [95% CI: 1.15, 1.42] and 1.92 [1.32, 2.79]), whereas investing >10min in reporting was associated with age ≥60 (OR 1.59 [1.07, 2.38]), training (OR 1.28 [1.14, 1.45]) and pharmacist status (OR 1.83 [1.34, 2.51]). The fundamental willingness to report ADRs despite a simultaneous lack of specific knowledge indicates a need for targeted information campaigns and training opportunities.

ABSTRACT In research contexts, data scraping enables systematic collection of large-scale, real-world digital data. This article examines data scraping for research that is publicly funded or carried out in pursuit of public interest objectives, from the perspective of data protection law. It focuses on the GDPR requirement to identify a legal basis in order to ensure lawful processing. The analysis assesses the appropriateness of reliance on the lawful bases in Article 6(1), and possible derogations in Article 9(2) GDPR. It then considers (i) whether the said processing could benefit from the GDPR’s derogations for scientific research and (ii) whether exemptions relating to academic expression under Article 85 GDPR apply. The article concludes that the GDPR does not currently provide a readily-available legal basis for research carried out in the public interest. It argues that future sector-specific legislation could provide legal certainty and reconcile the protection of personal data with the advancement of scientific research in an increasingly digital environment. The findings underscore the need for harmonised interpretations and best practices that balance transparency and accountability with the legitimate pursuit of scientific progress, thereby promoting a coherent and ethically responsible approach to the use of online data in research.

Purpose As smart cities are centred around the use of digital technology in the public sphere, questions arise about the protection of privacy and personal data. This study aims to investigate the extent to which smart city managers consider privacy and the protection of personal data in practical decision-making. Design/methodology/approach Using the methodology of “walkshops”, a focus group variety that takes participants for a structured walk/workshop in technology-mediated inner cities, Belgian smart city managers were prompted to discuss their practical approach to public values. Findings Findings show the values of efficiency, (cost-)effectiveness and accountability take precedence over privacy and personal data protection, posing a problem for the legitimacy of smart city interventions. Research limitations/implications The limitations of this qualitative study consist of its small sample size and limited geographical scope, which may have biased responses, as public values and privacy perceptions are culture- and context-specific. More on-the-ground research is warranted in other geographical locations and different urban contexts. On a more fundamental level, further research on public-sector technology governance is needed to clarify conceptually how legitimacy and legitimisation function in this sphere. Practical implications Policymakers must seek broader public value consensus and acknowledge the subjective nature of privacy concerns by including citizens’ voices directly in smart city decision-making. Social implications The disconnect between citizens’ concerns and smart city managers’ priorities can severely impact public trust and acceptance of technological interventions. This is particularly alarming with a view to the introduction of AI technologies in the public sector. Originality/value This study uncovered original empirical insights into managerial decision-making processes and tensions in the priority values between smart city managers and citizens.

Personal data protection is one of the human rights that is part of personal personal protection, so it is necessary to be given a legal basis to provide security for personal data, based on the 1945 Constitution of the Republic of Indonesia. In addition, the protection of personal data is aimed at ensuring citizens' rights to personal self-protection and fostering public awareness as well as ensuring recognition and respect for the importance of personal data protection. However, the state in providing personal data protection for citizens needs to form an institution that can accommodate problems that arise or integrate data between institutions or bodies or materials with corporations that collect citizens' personal data. This is so that more rigid arrangements are needed related to the duties of institutions regulated in Article 58 of Law Number 27 of 2022 concerning Personal Data Protection

Family entrepreneurship is traditionally considered to be one of the most widespread forms of small business, which plays a significant role in the economy. However, despite the scale of this phenomenon, it still does not have a clear legal regulation at the federal level. The legislative definition of “family business” is still being developed, but there is an active discussion in the scientific doctrine about the concept and content of family entrepreneurship. The article proves that the digitalization of family business contributes to innovation, increased productivity, and competitiveness. The use of digital technologies (e-commerce, cloud services, artificial intelligence, cloud services, and CRM systems) will allow family businesses to optimize their production processes, expand their market, and improve their customer interactions. However, the implementation of these technologies is associated with a number of legal issues, such as compliance with the requirements of e-commerce legislation, protection of personal data, use of electronic signatures, digital platforms, etc. The authors analyze these legal issues and formulate legislative proposals, particularly regarding the definition of the legal status of family business entities in terms of state registration, accounting, tax, statistical records, reporting, etc., as well as the establishment of clear measures to support family business. According to the authors, separate articles of the law should be dedicated to the digital aspects of family business.

The article addresses the intriguing issue of reconciling the personal data protection regulations under the GDPR with the new legal framework provided for in the AI Act. The analysis encompasses both the common points of the two acts, such as risk assessment, and the differences in regulatory objectives and addresses of obligations. Moreover, it reflects on the practical challenges associated with conducting DPIA and possible paths for integrating the requirements of both legal regimes. The article also addresses solutions leading to the reduction of duplication of procedures, the strengthening of cooperation between supervisory authorities and the development of practical AI standards.

The article examines the role of digital financial instruments in the process of transforming the financial market of Ukraine in the context of global digitalization of the economy. It is substantiated that the rapid development of information and communication technologies, the spread of the Internet, the growth of the level of digital literacy of the population and the activation of the activities of fintech companies lead to significant changes in the functioning of the financial system. It is determined that digital financial instruments are an important factor in the modernization of the financial market, contribute to increasing the efficiency of financial transactions, expanding access of the population and business to financial services, as well as the formation of new models of interaction between financial institutions and consumers. The paper analyzes the main trends in the development of digital financial instruments, including mobile banking, electronic payment systems, online lending, investment platforms, blockchain technologies and crypto assets. The dynamics of non-cash transactions and the structure of digital financial services used in the financial market of Ukraine are analyzed. It has been established that in recent years there has been a steady trend towards an increase in the share of non-cash payments, the active introduction of contactless payments and the spread of mobile financial applications. This indicates the gradual formation of a digital financial ecosystem and an increase in the level of financial inclusion of the population. Particular attention is paid to the analysis of the impact of fintech companies on the development of the financial market and increased competition between traditional financial institutions and new digital platforms. It has been proven that the integration of innovative financial technologies contributes to an increase in the speed of financial transactions, a decrease in transaction costs, an increase in the transparency of financial processes and an improvement in the quality of financial services. At the same time, the main risks of the development of digital financial instruments have been identified, in particular cyber threats, an insufficient level of regulatory and legal regulation of certain segments of the financial market, as well as problems with the protection of users' personal data. As a result of the study, it was established that the further development of digital financial instruments is one of the key areas of transformation of the financial market of Ukraine. The introduction of innovative financial technologies will contribute to increasing the competitiveness of the financial system, expanding opportunities for attracting investments, developing e-commerce, and integrating Ukraine into the global financial space.

Although the issue of personal data protection in the banking sector has received attention in various studies, studies that specifically examine the integration of the normative, ideal, and factual roles of banking in preventing phishing crimes remain limited. This study aims to analyze the role of Bank Mandiri in protecting customer data security from phishing crimes and to evaluate the effectiveness of legal protection based on laws and regulations in Indonesia. This study employed a qualitative approach with a case study design through a normative juridical method. Data were collected through library research and document analysis, and were then analyzed using descriptive-analytical techniques. The results show that Bank Mandiri has implemented comprehensive protection measures, including compliance with regulations, the use of advanced security technology, and customer education. In addition, the legal framework in Indonesia has provided preventive and repressive protection through various regulations governing data protection and cybercrime. These findings contribute to the development of legal protection theory and institutional responsibility in cybersecurity governance. This study concludes that synergy among banking institutions, regulators, and customers plays an important role in minimizing phishing risks. Therefore, improvements in cybersecurity infrastructure and the strengthening of digital literacy programs are needed to reinforce the protection of customer data. The implications of this study include theoretical contributions in the field of law and practical recommendations for strengthening data protection policies, while also opening opportunities for further studies on cross-sector collaboration and technological innovation in the financial sector.

The development of information technology has driven a major transformation in people's transaction patterns from direct interaction to a digital ecosystem that includes e-commerce, financial services, healthcare, education, and government administration. In the midst of the growth of the digital economy, consumers' personal data is developing into a strategic asset that is collected, analyzed, and utilized through big data and artificial intelligence for business purposes. The phenomenon of supervision-based economics raises new risks in the form of data misuse, weak security systems, and inequality in bargaining positions between consumers and business actors. Low digital literacy and complexity of service approvals also increase these vulnerabilities. Although various regulations have been present, including in Indonesia, the effectiveness of protection is still hampered by weak law enforcement, sub- optimal supervision, and the rapid development of digital business models. Therefore, strengthening personal data protection through regulatory harmonization, increasing platform accountability, and public education is an important step to maintain a balance between the growth of the digital economy and the protection of consumer privacy rights.