The development of information technology drives the growth of digital businesses in Indonesia, which directly increases the activities of collecting, processing, and storing consumer personal data. However, on the other hand, the rampant misuse and leakage of personal data pose a serious threat to the privacy rights of the public. The Indonesian government enacted Law Number 27 of 2022 on Personal Data Protection (PDP Law) as a legal framework governing personal data management, particularly within the digital business ecosystem to address this issue. This research uses a normative juridical method with a legislative and conceptual approach to analyze the regulation of personal data protection based on the PDP Law and the responsibilities of digital business actors in ensuring consumer rights. The research results show that the PDP Law has provided a sufficiently comprehensive legal framework for collecting, processing, storing, and deleting personal data. In addition, business operators must ensure data security, obtain consumer consent, and respect the rights to access and control personal data by data subjects. However, challenges still exist in implementing the PDP Law, particularly regarding the readiness of digital infrastructure, compliance by business actors, and law enforcement. Therefore, more optimal efforts are needed from both the government and business actors to realize adequate personal data protection and provide a sense of security to consumers in the digital business era. This research provides strategic recommendations in the form of enhanced education and training for business actors, strengthening the role of the Personal Data Protection Authority, and the development of cutting-edge data security technology as important steps in optimizing personal data protection in the digital business era. Key Words: Business Responsibilities, DigitalBusiness, Consumers, Law Number 27 of 2022, Personal Data Protection. _____________________________________________________________________________________________₁. INTRODUCTION The development of information and communication technology in the last two decades has significantly changed how humans interact and conduct economic activities (Amboro & Puspita, 2021). In Indonesia, the era of digitalization has driven the growth of a technology-based economy with the emergence of various forms of digital businesses such as e-commerce platforms, technology-based financial services (fintech), and transportation and food service applications. This condition creates significant opportunities for business actors to reach consumers widely, quickly, and efficiently. However, this progress also presents significant challenges, particularly in personal data collection and management (Anggitafani, 2020). Personal data has become avaluable asset for businesses and individuals. In the operations of digital businesses, entrepreneurs routinely collect and process sensitive information, such as names, addresses, phone numbers, financial data, and user consumption habits (Benuf et al. , 2019). Unfortunately, many business operators still lack a strong understanding and commitment to maintaining the security and privacy of consumer data. This opens up opportunities for data breaches, information misuse, and illegal data trading practices that are detrimental to consumers (Dewi, 2016). Indonesia has experienced several large-scale data breach incidents. One striking example is the data breach of Tokopedia platform users, which is evidence of the weak data protection in Indonesia. Before theenactment of Law
Wijayanto et al. (Wed,) studied this question.
Synapse has enriched 5 closely related papers on similar clinical questions. Consider them for comparative context: