This study examines the relationship between organizational communication ethics and the legal framework for Personal Data Protection in Indonesia, with a focus on Law No. 27 of 2022 (PDP Law). Using a qualitative approach based on library research and normative analysis of regulatory texts and academic literature, this study combines contextual integrity theoretical framework and privacy damage map to evaluate the compatibility between ethical principles (informed consent, transparency, accountability, minimization) and the legal provisions contained in Articles 20–21, Articles 30–46, Articles 51–56 of the PDP Law. The findings show that the PDP Law provides a normative foundation that is in line with ethical principles of communication, such as recognition of subject rights, DPIA obligations, and data breach notification obligations, but there is an operational gap due to formalistic consent practices, dependence on third parties, limited institutional capacity, and unfinished implementing regulations. This study also compares international experiences from 13 countries, such as the EU GDPR, Singapore’s PDPA, China’s PIPL, and other country models to formulate adaptive lessons. Recommendations include the implementation of privacy by design, a pre-campaign DPIA checklist, standardization of concise privacy notices and granular consent options, strengthening the role of the DPO and strict contractual clauses with vendors, and accelerating implementing regulations and capacity building programs. The novelty of the research lies in the integrative mapping of articles versus ethical principles, which produces specific operational recommendations for public relations units and policymakers.
Qofifah et al. (Thu,) studied this question.