In practice, cases of buying and selling databases containing personal data are still found. Typically, personal data is sold through dark web sites or illegal data trading forums on the internet, such as breached forums. The purpose of this research is to review and analyze personal data protection regulations in accordance with Law Number 27 of 2022; analyze misuse of personal data protection; and analyze future regulations related to personal data protection. This research is a normative juridical research type. The results show that the personal data protection regulations in accordance with Law Number 27 of 2022 concerning Personal Data Protection indicate that the legal purpose of the enactment of Law Number 27 of 2022 concerning Personal Data Protection in cases of criminal acts of personal data trading on digital platforms is to ensure that personal data collected by companies or institutions is processed fairly, securely, and in accordance with applicable law. Misuse of personal data protection includes: submitting false administrative requirements, creating fake accounts, acting as someone else, illegal data trading, bullying and sexual harassment, and information theft. Future regulations related to personal data protection can be implemented in several ways. First, tightening regulations. Second, increasing awareness and education. Third, developing technology for privacy. Fourth, increasing international cooperation; stronger international cooperation on data protection and privacy will be crucial. Fifth, ethical data use.
Ardiansyah et al. (Wed,) studied this question.