PRIVACY BY DESIGN AS A CONSUMER PROTECTION INSTRUMENT: INTEGRATION OF ISO 31700-1:2023 INTO DIGITAL PRODUCT & SERVICE REGULATIONS IN INDONESIA

Rahmi Rahmi; Zainal  Said; Rezky  Hidayah; Nur Ali  Padengka; Nursyamsi  Mahmud; Ririn  Pratiwi

doi:10.61912/jeinsa.v5i1.403

Authors

Rahmi Rahmi Program Studi Hukum Ekonomi Syariah Fakultas Syariah Dan Ilmu Hukum Islam Iain Parepare
Zainal Said Program Studi Hukum Ekonomi Syariah Fakultas Syariah Dan Ilmu Hukum Islam Iain Parepare
Rezky Hidayah Program Studi Hukum Ekonomi Syariah Fakultas Syariah Dan Ilmu Hukum Islam Iain Parepare
Nur Ali Padengka Program Studi Hukum Ekonomi Syariah Fakultas Syariah Dan Ilmu Hukum Islam Iain Parepare
Nursyamsi Mahmud Program Studi Hukum Ekonomi Syariah Fakultas Syariah Dan Ilmu Hukum Islam Iain Parepare
Ririn Pratiwi Program Studi Hukum Ekonomi Syariah Fakultas Syariah Dan Ilmu Hukum Islam Iain Parepare

DOI:

https://doi.org/10.61912/jeinsa.v5i1.403

Keywords:

Privacy by Design, digital consumer protection, personal data protection, ISO 31700-1:2023, Data breach

Abstract

This study aims to analyze the implementation of the Privacy by Design concept as an instrument of digital consumer protection in Case Number 235/Pdt/G/2020/PN.Jkt.Pst concerning the Tokopedia data breach, as well as to examine the relevance of integrating ISO 31700-1:2023 standards into Indonesian digital regulations. This research employs a normative legal method using statutory, case, and conceptual approaches. Legal materials were collected through library research consisting of laws and regulations, court decisions, academic journals, and international standards related to personal data protection. The findings indicate that the implementation of Privacy by Design principles in Indonesia’s digital systems has not been fully optimized. This is reflected in weak data security protection, limited user control over personal data, and regulatory approaches that remain reactive in nature. Although the Personal Data Protection Law has provided a stronger legal framework, the implementation of privacy by default principles and system design-based protection still requires more concrete technical regulations. This study concludes that integrating Privacy by Design principles and ISO 31700-1:2023 standards is essential to strengthen digital consumer protection, enhance personal data security, and create a safer, more transparent, and consumer-oriented digital ecosystem.

References

Alatas, H. H. R., & Djajaputra, G. (2025). Government Accountability in Data Breach (NPWP Case).

Araswati, D., et al. (2025). Analisis Konseptual Penerapan Privacy-by-Design dalam Perlindungan Informasi Pribadi. Jurnal Pendidikan Tambusai.

Astuti, E. F., et al. (2024). Awareness of Personal Data Protection in Indonesia.

Cavoukian, A. (2011). Privacy by Design: The 7 Foundational Principles. Information and Privacy Commissioner of Ontario.

Doherty, C., Baldwin, M., Lambe, R., Altini, M., & Caulfield, B. (2025). Privacy in con-sumer wearable technologies: a living systematic analysis of data policies across leading manufacturers. npj Digital Medicine, 8, Article 363. https://doi.org/10.1038/s41746-025-01757-1

European Data Protection Board. (2020). Guidelines 4/2019 on Article 25 Data Protec-tion by Design and by Default.

European Data Protection Board. (2020). Guidelines on Data Protection by Design and by Default.

European Union. (2016). Regulation (EU) 2016/679 (General Data Protection Regula-tion).

Global Privacy Enforcement Network. (2024). GPEN Sweep 2024: Deceptive Design Patterns.

Google, Temasek, & Bain & Company. (2024). e-Conomy SEA 2024 Report. Retrieved from https://economysea.withgoogle.com

Gunawan, P. W. (2024). Kesadaran Keamanan Data Pribadi: Perbandingan UU PDP dan GDPR.

Hidayah, G. R., et al. (2024). Studi Komparatif Perlindungan Data Pribadi dalam UU ITE 2024 dan UU PDP 2022.

IRAC Method. (2020). Legal Research Methodology in Normative Legal Studies. Journal of Legal Studies, 12(2), 45–58.

ISO. (2023). ISO 31700-1:2023 Consumer Protection — Privacy by Design for Consumer Goods and Services — Part 1: High-Level Requirements. Geneva: International Organization for Standardization.

Mumtaz, A. F., et al. (2025). Implementasi Privacy by Design dan Privacy by Default melalui Pendekatan Zero Trust. Journal of Legal Reform.

OECD. (2024). Declaration on Protecting and Empowering Consumers in the Digital and Green Transitions. Paris: OECD Publishing.

OECD. (2026). Privacy and data protection.

Peraturan Pemerintah Nomor 71 Tahun 2019 tentang Penyelenggaraan Sistem dan Transaksi Elektronik.

Sembiring, P. E., et al. (2024). Implementasi Desain Privasi dalam Perlindungan Data Biometrik.

Undang-Undang Nomor 1 Tahun 2024 (Perubahan UU ITE)

Undang-Undang Nomor 27 Tahun 2022 tentang Pelindungan Data Pribadi

Undang-Undang Nomor 8 Tahun 1999 tentang Perlindungan Konsumen

Usman, N., & Prakasa, S. U. W. (2024). Perlindungan Hukum Data Pribadi dan Pertanggungjawaban Otoritas terhadap Keamanan Siber. Jurnal Doktrina.

Usman, N., & Prakasa, S. U. W. (2024). Perlindungan hukum data pribadi dan pertanggungjawaban otoritas terhadap keamanan siber. Jurnal Doktrina, 7(2), 115–129.

Yoga, I. M. W. P., et al. (2024). ROPA dalam UU PDP dan GDPR.

PRIVACY BY DESIGN AS A CONSUMER PROTECTION INSTRUMENT: INTEGRATION OF ISO 31700-1:2023 INTO DIGITAL PRODUCT & SERVICE REGULATIONS IN INDONESIA

Authors

DOI:

Keywords:

Abstract

References

Downloads

Published

How to Cite

Issue

Section

License

Most read articles by the same author(s)

Current Issue

Information

Language

Username
Password
Remember me