Implementasi GDPR Untuk Mengatasi Kekosongan Hukum Tindak Pidana Phishing melalui Whatsapp di Indonesia

Authors

  • Ivanna Damai Prasetyaningtyas Universitas Negeri Surabaya
  • Luthfillah Arrizqi Zainsyah Universitas Negeri Surabaya

DOI:

https://doi.org/10.26623/julr.v8i3.13114

Keywords:

hukum, Phishing, perlindungan, pidana

Abstract

This article examines the legal regulation of phishing crimes conducted via WhatsApp in Indonesia and evaluates the relevance of the General Data Protection Regulation (GDPR) as a normative model for strengthening personal data protection. Although Indonesia has established a legal framework through the Criminal Code, the Electronic Information and Transactions Law, and Law Number 27 of 2022 on Personal Data Protection, these instruments do not specifically regulate preventive mechanisms, data controller obligations, or victim remedies for phishing based on social engineering. This study employs a normative juridical method using statutory, conceptual, and case approaches, including an analysis of the Pekanbaru District Court Decision Number 958/Pid.Sus/2020/PN.Pbr. The findings indicate that Indonesia’s regulatory framework remains fragmented and predominantly punitive, limiting its effectiveness in addressing evolving digital phishing practices. In contrast, the GDPR provides a more preventive and accountable model through mandatory risk assessments, the appointment of Data Protection Officers, data breach notification requirements, and independent supervisory authorities. The novelty of this study lies in identifying regulatory gaps within Indonesian law and proposing a GDPR-based normative framework to enhance personal data protection against WhatsApp-based phishing crimes.

References

“Ancaman Nyata Cyber Crime Dalam Bentuk Phising.” RHP lawfirm, 2024.

Arief, Barda Nawawi. Masalah Penegakan Hukum Dan Kebijakan Hukum Pidana Dalam Penanggulangan Kejahatan Dunia Maya. Jakarta: Kencana, 2018.

Autoriteit Persoongegevens. “Tax Administration Fined for Discriminatory and Unlawful Data Processing.” Autoriteit Persoonsgegevens, 2021.

Bastian, F. “Bagaimana Cara Kerja Link APK Penipuan Yang Lagi Marak Sekarang Hingga Bisa Mengambil Data Kita.” Quora Indonesia, diakses, 2025.

Board, European Data Protection. “Guidelines on Data Protection Impact Assessment (DPIA) and Determining Whether Processing Is ‘Likely to Result in a High Risk’ (WP248 Rev. 01).” Brussels, 2017.

Boma, H. “Pasal 28 Undang–Undang Nomor 1 Tahun 2024 Tentang Informasi Dan Transaksi Elektronik Terhadap Perlindungan Korban Cyber Phising Perspektif Siyasah Tanfidziah (Studi Kasus Polres Mukomuko), Disertasi Doktoral.” UIN Fatmawati Sukarno Bengkulu, 2025.

Brenner, Susan W. , Cybercrime: Criminal Threats from Cyberspace. Westport, CT: Prager, 2010.

Budiyanto. Pengantar Cybercrime Dalam Sistem Hukum Pidana Di Indonesia. Bandung: sada Karunia Pustaka, 2025.

Commission, European. “Data Protection Officer (DPO) Explained,” 2023.

Devi Anjheli. “Privasi Digital Dan Kejahatan Phishing Di Indonesia: Evaluasi Kritis Terhadap Efektivitas UU ITE Dan UU PDP.” Staatsrecht: Jurnal Hukum Kenegaraan Dan Politik Islam 4, no. 1 (2025): 165–89. https://doi.org/10.14421/990epf27.

Fernando, Zico Junius, Anis Widyawati, and Kasmanto Rinaldi. “Cyber Victimology and Legal Gaps in Southeast Asia.” International Law Discourse in Southeast Asia 4, no. 1 (2025): 1–39. https://doi.org/10.15294/ildisea.v4i1.20147.

Hamzah, Andi. Asas-Asas Hukum Pidana. Jakarta: Rineka Cipta, 2019.

Hidayat, Arif, and Zaenal Arifin. “Politik Hukum Legislasi Sebagai Socio-Equilibrium Di Indonesia.” Jurnal Ius Constituendum 4, no. 2 (2019): 147–59. https://doi.org/10.26623/jic.v4i2.1654.

Juita, Subaidah Ratna, Dhian Indah Astanti, and Dian Septiandani. “Perlindungan Hukum Terhadap Nasabah Bank Korban Kejahatan Skimming.” Jurnal Usm Law Review 6, no. 1 (2023): 407–19. https://doi.org/10.26623/julr.v6i1.6353.

Khansa, Farah Naurah. “Penguatan Hukum Dan Urgensi Otoritas Pengawas Independen Dalam Pelindungan Data Pribadi Di Indonesia.” Jurnal Hukum Lex Generalis 2, no. 8 (2021): 649–62. https://doi.org/10.56370/jhlg.v2i8.114.

Maaliki, Naavi’u Emal. “Kebijakan Hukum Pidana Sebagai Upaya Penanggulangan Tindak Pidana Penipuan Online.” Jurnal USM Law Review 7, no. 3 (2024): 1409–18. https://doi.org/10.26623/julr.v7i3.10023.

Mitnick, Kevin D., and William L. Simon. The Art of Deception: Controlling the Human Element of Security (Google EBook). USA: John Wiley & Sons, 2001.

Muhammad, Faiz Emery, and Beniharmoni Harefa. “Pengaturan Tindak Pidana Bagi Pelaku Penipuan Phisning Berbasis Web.” Jurnal USM Law Review 6, no. 1 (2023): 226–41. https://doi.org/10.26623/julr.v6i1.6649.

Pekanbaru, Pengadilan Negeri. Pengadilan Negeri Pekanbaru Putusan Nomor 958/Pid.Sus/2020/PN Pbr (2020).

Prayuti, Yuyut. “Implications of Personal Data Protection Law in Consumer Health Data Management to Improve Secure and Confidential Handling in Indonesia.” Jurnal Ius Constituendum 9, no. 3 (2024): 461–78. https://doi.org/10.26623/jic.v9i3.9289.

Ramadhani, Syafira Agata. “Komparasi Perlindungan Data Pribadi Di Indonesia Dan Uni Eropa.” Jurnal Hukum Lex Generalis 3, no. 1 (2022): 73–84. https://doi.org/10.56370/jhlg.v3i1.173.

Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the Protection of Natural Persons with Regard to the Processing of Personal Data and on the Free Movement of Such Data, Pub. L. No. Regulation (EU) 2016/679 (2016).

Sahfitri, Afifah, and Rosmalinda Rosmalinda. “Penipuan Digital Melalui Tautan Phishing.” Jurnal Dialektika Hukum 6, no. 2 (2024): 211–28. https://doi.org/10.36859/jdh.v6i2.2881.

Sahid, nur jamal. “Apa Itu Phising? Definisi, Cara Kerja, Ciri-Ciri, Dan Cara Mencegahnya.” kompas.com, 2022.

Sekhar Bhusal, Chandra. “Systematic Review on Social Engineering: Hacking by Manipulating Humans.” Journal of Information Security 12, no. 01 (2021): 104–14. https://doi.org/10.4236/jis.2021.121005.

Sinaga, Erlina Maria Christin, and Mery Christian Putri. “Formulasi Legislasi Perlindungan Data Pribadi Dalam Revolusi Industri 4.0.” Jurnal Rechts Vinding: Media Pembinaan Hukum Nasional 9, no. 2 (2020): 237. https://doi.org/10.33331/rechtsvinding.v9i2.428.

Smedinghoff, T. J. S., ed. Online Laws: The SPA’s Legal Guide to Doing Business on the Internet. Canada: Addison-Wesley Developers Press, n.d.

Trianurahmah, Adinda, Achmad Fauzi, Eling Norma Tyas, Muhammad Afif Suryanto, Muhammad Rizky, and Pandu Wibisono. “Analisis Ancaman Pishing Melalui Aplikasi WhatsApp: Studi Kasus Manajemen Sekuriti Waspadai Maraknya Kejahatan Phising Dengan Modus Berbasis Link.” Orbit : Jurnal Ilmu Multidisiplin Nusantara 1, no. 2 (2025): 74–88. https://doi.org/10.63217/orbit.v1i2.81.

Undang-Undang Dasar Negara Republik Indonesia Tahun 1945, Pub. L. No. Pasal 1 Ayat (3 (n.d.).

Yuniarti, Siti. “Petugas/Pejabat Pelindungan Data Pribadi Dalam Ekosistem Perlindungan Data Pribadi: Indonesia, Uni Eropa Dan Singapura.” Business Economic, Communication, and Social Sciences (BECOSS) Journal 4, no. 2 (2022): 111–20. https://doi.org/10.21512/becossjournal.v4i2.8377.

Downloads

Published

2025-12-24

Issue

Section

Articles

How to Cite

Prasetyaningtyas, I. D., & Zainsyah, L. A. . (2025). Implementasi GDPR Untuk Mengatasi Kekosongan Hukum Tindak Pidana Phishing melalui Whatsapp di Indonesia. JURNAL USM LAW REVIEW, 8(3), 2730-2741. https://doi.org/10.26623/julr.v8i3.13114