Legal Protection for Victims of Personal Data Misuse by BPJS Kesehatan Under Law Number 27 of 2022
DOI:
https://doi.org/10.26905/idjch.v16i3.16492Keywords:
Legal Protection, Personal Data, BPJS Kesehatan, Law Number 27 of 2022, Supervisory MechanismAbstract
The proliferation of digital data processing in Indonesia's public sector has exposed a critical governance gap between institutional data collection practices and the legal protection afforded to citizens whose personal information is compulsorily surrendered to state-mandated bodies. This study examines the legal protection available to victims of personal data misuse by Badan Penyelenggara Jaminan Sosial (BPJS) Kesehatan and evaluates the adequacy of Indonesia's personal data oversight mechanisms, with particular reference to the 2021 data breach involving approximately 279 million participant records. Employing a normative juridical method through statute and conceptual approaches, this study applies the Legal Protection Theory of Philipus M. Hadjon — distinguishing preventive and repressive dimensions — alongside John Rawls' Theory of Justice as Fairness as its analytical framework. The analysis demonstrates that while Law Number 27 of 2022 on Personal Data Protection establishes a formally comprehensive normative regime, both preventive and repressive legal protections remain substantively deficient due to inadequate institutional data governance, the structural dependence of the supervisory body on the executive branch, and the absence of accessible victim redress mechanisms. Justice as fairness demands that oversight guarantees be equally accessible to the most vulnerable participants. Two reforms are urgently required: the establishment of a structurally independent supervisory commission and the issuance of sector-specific data governance standards for public social security institutions.
Downloads
References
Asri, Dyah Permata Budi. "Perlindungan Hukum Hak Kekayaan Intelektual Bagi Produk Kreatif Usaha Kecil Menengah Di Yogyakarta." Jurnal Hukum Ius Quia Iustum 27, no. 1 (2020): 130–150. https://doi.org/10.20885/iustum.vol27.iss1.art7.
Ayiliani, Fanisa Mayda, and Elfia Farida. "Urgensi Pembentukan Lembaga Pengawas Data Pribadi sebagai Upaya Pelindungan Hukum terhadap Transfer Data Pribadi Lintas Negara." Jurnal Pembangunan Hukum Indonesia 6, no. 3 (2024): 431–455. https://doi.org/10.14710/jphi.v6i3.431-455.
Bediona, Kornelis, Muhamad Rafly Falah Herliansyah, Randi Hilman Nurjaman, and Dzulfikri Syarifuddin. "Analisis Teori Perlindungan Hukum Menurut Philipus M. Hadjon Dalam Kaitannya Dengan Pemberian Hukuman Kebiri Terhadap Pelaku Kejahatan Seksual." Das Sollen: Jurnal Kajian Kontemporer Hukum dan Masyarakat 2, no. 1 (2024). https://doi.org/10.61292/dassollen.v2i1.557.
Budiono, Indro, Anindya Yustika, Mevlana El Rumi Abimanyu, and Raditya Nur Syabani. "Internalization Free, Prior, and Informed Consent as Indigenous Alienation Resistance in Structural Agrarian Conflict." Jurnal Cakrawala Hukum 14, no. 3 (2023): 279–290. https://doi.org/10.26905/idjch.v14i3.11486.
Dewi, Sri Wahyuni, et al. "Independent Supervisory Authority to Protect Social Media Users' Personal Information in Indonesia." Ius Poenale 3, no. 1 (2022): 39–48. https://doi.org/10.25041/ip.v3i1.2531.
Ishak, Nurfaika, et al. "Guarantee of Information and Communication Technology Application Security in Indonesia: Regulations and Challenges?" Audito Comparative Law Journal 4, no. 2 (2023): 108–117. https://doi.org/10.22219/aclj.v4i2.26098.
Kurniawan, Teguh, Natalia Carolina Simanjuntak, and Sri Uliana Limbong. "Urgensi Pengesahan Rancangan Undang Undang Perlindungan Data Pribadi Dalam Digitalisasi Pelayanan Publik Guna Mewujudkan Smart Government." Ikatan Penulis Mahasiswa Hukum Indonesia Law Journal 2, no. 2 (2022): 264–281. https://doi.org/10.15294/ipmhi.v2i2.55032.
Maulida, One, and Hari Utomo. "Pertanggungjawaban Badan Penyelenggara Jaminan Sosial (BPJS) Kesehatan Atas Kebocoran Data Pribadi Pengguna Dalam Perspektif Hukum Pidana." Indonesian Journal of Law and Justice 1, no. 2 (2023): 1–10. https://doi.org/10.47134/ijlj.v1i2.2011.
Neta, Yulia, Agsel Awanisa, and Melisa. "The Urgency of Establishing Independent Supervisory Authority for Personal Data Protection in Indonesia." Constitutionale: Jurnal Ilmu Hukum 3, no. 1 (2022): 19–38. https://doi.org/10.25041/constitutionale.v3i1.2535.
Oktaviani, Shella, Yeremia Juan Dewata, and Aryo Fadlian. "Pertanggung Jawaban Pidana Kebocoran Data BPJS Dalam Perspektif UU ITE." De Juncto Delicti: Journal of Law 1, no. 2 (2021): 146–157. https://doi.org/10.35706/djd.v1i2.5732.
Panggabean, Marshanda Vennesa, and Annisa Fitria. "Perlindungan Hukum Data Pribadi Di Indonesia (Kasus Kebocoran Badan Penyelenggara Jaminan Sosial Kesehatan)." Arus Jurnal Sosial dan Humaniora 5, no. 2 (2025): 1958–1965. https://doi.org/10.57250/ajsh.v5i2.1487.
Putra, Eduard Awang Maha, Putri Rizkika Bahri, Suci Rizki Ananda, and Baiq Riska Anggi Safitri. "Pelayanan Publik dalam Pelaksanaan Perlindungan Warga Negara melalui Badan Penyelenggara Jaminan Sosial (BPJS) Kesehatan." Indonesia Berdaya 5, no. 2 (2024): 749–764. https://doi.org/10.47679/ib.2024805.
Roihan Ba'abud, Mohammad Fadel, and Dodik Setiawan Nur Heriyanto. "Application of the Principles of Extraterritorial Jurisdiction Towards Personal Data Breach Committed Cross-Country Borders." Uti Possidetis: Journal of International Law 5, no. 1 (2024): 106–137. https://doi.org/10.22437/up.v5i1.28300.
Setyoko, Agus, Moh. Fadly, and Noor Fatimah. "Petugas/Pejabat Pelindungan Data Pribadi dalam Ekosistem Perlindungan Data Pribadi: Indonesia, Uni Eropa dan Singapura." Business Economic, Communication, and Social Sciences Journal (BECOSS) 4, no. 2 (2022): 111–120. https://doi.org/10.21512/becossjournal.v4i2.8377.
Soemitro, Dian Purwaningrum, Muhammad Arvin Wicaksono, and Nur Aini Putri. "Penal Provisions in the Personal Data Protection Law: A Comparative Legal Study between Indonesia and Singapore." SIGn Jurnal Hukum 5, no. 1 (2023): 155–167. https://doi.org/10.37276/sjh.v5i1.272.
Sorisa, Cinda, Cindi Lusia Kiareni, and Jadiaman Parhusip. "Etika Keamanan Siber: Studi Kasus Kebocoran Data BPJS Kesehatan di Indonesia." Jurnal Sains Student Research 2, no. 6 (2024): 586–593. https://doi.org/10.61722/jssr.v2i6.2996.
Wahyudi, Reza, Yogi Prasetyo, and Rena Yulia. "Urgensi Pembentukan Lembaga Pengawas Pelindungan Data Pribadi di Indonesia Berdasarkan Pasal 58 Juncto Pasal 59 dan Pasal 60 Undang-Undang Nomor 27 Tahun 2022 tentang Pelindungan Data Pribadi." SINERGI: Jurnal Riset Ilmiah 1, no. 4 (2024): 234–242. https://doi.org/10.62335/8qf44b59.
Wira P., Akhmad Afridho, Fitria Esfandiari, and Wasis. "Juridical Analysis of Legal Protection of Personal Data in terms of Legal Certainty." Indonesia Law Reform Journal 3, no. 1 (2023): 96–108. https://doi.org/10.22219/ilrej.v3i1.23840.
Yuspin, Wardah, Trisha Rajput, Abhinayan Basu Bal, Kelik Wardiono, and Absori. "The Regulations of the Supervisory Officer Personal Data Protection-Based Accountability Principle." Bestuur 12, no. 1 (2024). https://doi.org/10.20961/bestuur.v12i1.89742.
Additional Files
Published
How to Cite
Issue
Section
License
Copyright (c) 2026 Jurnal Cakrawala Hukum
This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.
Authors who publish in this journal agree to the following terms:
The copyright of the received article shall be assigned to the journal as the publisher of the journal. The intended copyright includes the right to publish the article in various forms (including reprints). The journal maintains the publishing rights to the published articles. Authors must agree to the copyright transfer agreement by checking the Copyright Notice column at the initial stage when submitting the article.
