Civil Liability Of Digital Platforms For Consumer Losses Resulting From Personal Data Breaches
DOI:
https://doi.org/10.24815/sejarah.v11i1.591Keywords:
Civil Liability, Consumer Losses, Digital Platforms, Personal Data Breaches.Abstract
The rapid expansion of digital platforms in Indonesia has transformed personal data into a strategic economic asset while increasing the risk of large-scale data breaches affecting consumers. Although Law No. 27 of 2022 on Personal Data Protection has been enacted, the civil liability framework governing digital platforms remains fragmented and doctrinally unclear. This article aims to reconstruct the civil liability model applicable to digital platforms for consumer losses arising from personal data breaches within the Indonesian private law system. This research employs a normative juridical method using statutory, conceptual, and comparative approaches, integrating the Civil Code, the Consumer Protection Law, the Electronic Information and Transactions Law, and the Personal Data Protection Law, complemented by a comparative analysis with the GDPR. The study concludes that digital platforms cannot be regarded merely as neutral intermediaries due to their structural control over data processing and economic exploitation of personal data. The traditional fault-based liability regime under Article 1365 of the Civil Code is insufficient to address evidentiary imbalance and systemic digital risks. This article proposes a reconstructed liability framework based on a risk-based or quasi-strict liability approach, while affirming that limitation-of-liability clauses contradicting mandatory consumer protection norms are legally invalid. The novelty lies in repositioning personal data as a protected civil legal interest and integrating classical private law principles with contemporary digital regulation.
Downloads
