Reconstruction Model of Legal Liability for the Misuse of Artificial Intelligence on Personal Data Privacy in Indonesia

Authors

  • Khiswatul Barokah Brawijaya University, Indonesia
  • Yuliati Brawijaya University, Indonesia
  • Abdul Madjid Brawijaya University, Indonesia

Keywords:

algorithmic decision-making, data controller accountability, risk-based data governance, legal liability in AI systems, privacy violations in digital platforms

Abstract

The increasing integration of Artificial Intelligence (AI) in digital ecosystems has raised new legal challenges regarding data privacy violations. In Indonesia, the normative framework for personal data protection particularly the Personal Data Protection Act (Law No. 27 of 2022) remains inadequate in addressing the autonomous nature of AI systems that process and exploit personal data without direct human intervention. This research aims to reconstruct a legal accountability model for actors who misuse AI in ways that lead to personal data violations. The study employs a normative juridical method using a statutory, conceptual, and comparative approach, referencing the European Union’s GDPR as a benchmark. The findings reveal that Indonesia’s current legal framework lacks clarity in assigning responsibility among key actors, such as developers, data controllers, and platform providers. The absence of provisions concerning algorithmic profiling, training data legality, and automated decision-making weakens the protection of individuals' digital rights. In contrast, international models particularly the GDPR offer a multi-tiered responsibility structure, prohibit fully automated decisions affecting individuals, and impose strict liability for data misuse. This research also demonstrates that adopting principles such as vicarious liability, corporate accountability, and risk-based regulation would fill regulatory gaps and align Indonesian law with international standards. The practical value of this work lies in its proposed model for reconstructing Indonesia’s data protection regime. It introduces legal tools that anticipate the systemic risks of AI while ensuring that legal responsibility is clearly distributed across all entities involved in AI deployment. This framework supports the development of a more responsive and equitable legal system in the era of autonomous technologies

Downloads

Download data is not yet available.

References

Barocas, Solon, and Andrew D Selbst. “Big Data’s Disparate Impact.” Calif. L. Rev. 104 (2016): 671.

Bharti, Simant Shankar, and Saroj Kumar Aryal. “The Right to Privacy and an Implication of the EU General Data Protection Regulation (GDPR) in Europe: Challenges to the Companies.” Journal of Contemporary European Studies 31, no. 4 (October 2, 2023): 1391–1402. https://doi.org/10.1080/14782804.2022.2130193.

Binns, Reuben. “Algorithmic Accountability and Public Reason.” Philosophy & Technology 31, no. 4 (December 2018): 543–56. https://doi.org/10.1007/s13347-017-0263-5.

Bouvier, John. A Law Dictionary: Vol. I. BoD–Books on Demand, 2022.

Brkan, Maja. “Do Algorithms Rule the World? Algorithmic Decision-Making and Data Protection in the Framework of the GDPR and Beyond.” International Journal of Law and Information Technology 27, no. 2 (June 1, 2019): 91–121. https://doi.org/10.1093/ijlit/eay017.

Burrell, Jenna. “How the Machine ‘Thinks’: Understanding Opacity in Machine Learning Algorithms.” Big Data & Society 3, no. 1 (June 1, 2016): 2053951715622512. https://doi.org/10.1177/2053951715622512.

Calo, Ryan. “Robotics and the Lessons of Cyberlaw.” California Law Review 103 (2015): 513.

Disemadi, Hari Sutra. “Urgensi Regulasi Khusus Dan Pemanfaatan Artificial Intelligence Dalam Mewujudkan Perlindungan Data Pribadi Di Indonesia.” Jurnal Wawasan Yuridika 5, no. 2 (September 28, 2021): 177. https://doi.org/10.25072/jwy.v5i2.460.

Forgó, Nikolaus, Stefanie Hänold, and Benjamin Schütze. “The Principle of Purpose Limitation and Big Data.” In New Technology, Big Data and the Law, edited by Marcelo Corrales, Mark Fenwick, and Nikolaus Forgó, 17–42. Perspectives in Law, Business and Innovation. Singapore: Springer Singapore, 2017. https://doi.org/10.1007/978-981-10-5038-1_2.

Mantelero, Alessandro. “The EU Proposal for a General Data Protection Regulation and the Roots of the ‘Right to Be Forgotten.’” Computer Law & Security Review 29, no. 3 (June 2013): 229–35. https://doi.org/10.1016/j.clsr.2013.03.010.

Martin, Kirsten. “Understanding Privacy Online: Development of a Social Contract Approach to Privacy.” Journal of Business Ethics 137, no. 3 (September 2016): 551–69. https://doi.org/10.1007/s10551-015-2565-9.

McInerney-Lankford, Siobhán. “Legal Methodologies and Human Rights Legal Research: Challenges and Opportunities.” In Research Methods in Human Rights, edited by Bård A. Andreassen, Claire Methven O’Brien, and Hans-Otto Sano, 14–35. Edward Elgar Publishing, 2024. https://doi.org/10.4337/9781803922614.00011.

Muhammad Muslim, Muhammad Firkan, and Indi Izza Afdania. “Legal Construction of Criminal Prosecution Against Perpetrators of Rape in the Metaverse.” Peradaban Hukum Nusantara 1, no. 1 (August 3, 2024): 59–74. https://doi.org/10.62193/3aga8d22.

Mulcahy, Sean. “Methodologies of Law as Performance.” Law and Humanities 16, no. 2 (July 3, 2022): 165–82. https://doi.org/10.1080/17521483.2022.2123616.

Negara, Tunggul Ansari Setia. “Normative Legal Research in Indonesia: Its Originis and Approaches.” Audito Comparative Law Journal (ACLJ) 4, no. 1 (February 2, 2023): 1–9. https://doi.org/10.22219/aclj.v4i1.24855.

Pagallo, Ugo. The Laws of Robots: Crimes, Contracts, and Torts. Vol. 10. Law, Governance and Technology Series. Dordrecht: Springer Netherlands, 2013. https://doi.org/10.1007/978-94-007-6564-1.

Poddar, Debasis. “Genealogy of Legal Research Methodology.” Asian Journal of Legal Education, February 27, 2025, 23220058251321027. https://doi.org/10.1177/23220058251321027.

Robles Carrillo, Margarita. “Artificial Intelligence: From Ethics to Law.” Telecommunications Policy 44, no. 6 (July 2020): 101937. https://doi.org/10.1016/j.telpol.2020.101937.

Sulistianingsih, Dewi, Miftakhul Ihwan, Andry Setiawan, and Muchammad Shidqon Prabowo. “Tata Kelola Perlindungan Data Pribadi Di Era Metaverse (Telaah Yuridis Undang-Undangan Perlindungan Data Pribadi).” Masalah-Masalah Hukum 52, no. 1 (March 31, 2023): 97–106. https://doi.org/10.14710/mmh.52.1.2023.97-106.

Surden, Harry. “Artificial Intelligence and Law: An Overview.” Georgia State University Law Review 35 (2019 2018): 1305.

Taddeo, Mariarosaria, and Luciano Floridi. “How AI Can Be a Force for Good.” Science 361, no. 6404 (August 24, 2018): 751–52. https://doi.org/10.1126/science.aat5991.

Veale, Michael, and Lilian Edwards. “Clarity, Surprises, and Further Questions in the Article 29 Working Party Draft Guidance on Automated Decision-Making and Profiling.” Computer Law & Security Review 34, no. 2 (April 2018): 398–404. https://doi.org/10.1016/j.clsr.2017.12.002.

Voigt, Paul, and Axel Von dem Bussche. “The Eu General Data Protection Regulation (Gdpr).” A Practical Guide, 1st Ed., Cham: Springer International Publishing 10, no. 3152676 (2017): 10–5555.

Wachter, Sandra, Brent Mittelstadt, and Luciano Floridi. “Transparent, Explainable, and Accountable AI for Robotics.” Science Robotics 2, no. 6 (May 31, 2017): eaan6080. https://doi.org/10.1126/scirobotics.aan6080.

Wagner, Peter. “Mind the Gap(s): Moral Philosophy, International Law and Interpretative Historical Sociology.” European Journal of Social Theory 26, no. 4 (November 2023): 527–35. https://doi.org/10.1177/13684310231164258.

Yeung, Karen. “Algorithmic Regulation: A Critical Interrogation.” Regulation & Governance 12, no. 4 (December 2018): 505–23. https://doi.org/10.1111/rego.12158.

Zuboff, Shoshana. “The Age of Surveillance Capitalism: The Fight for a Human Future at the New Frontier of Power, Edn.” PublicAffairs, New York, 2019.

Zwitter, Andrej J., Oskar J. Gstrein, and Evan Yap. “Digital Identity and the Blockchain: Universal Identity Management and the Concept of the ‘Self-Sovereign’ Individual.” Frontiers in Blockchain 3 (May 28, 2020): 26. https://doi.org/10.3389/fbloc.2020.00026.

Downloads

Published

2025-07-16

How to Cite

Khiswatul Barokah, Yuliati, & Abdul Madjid. (2025). Reconstruction Model of Legal Liability for the Misuse of Artificial Intelligence on Personal Data Privacy in Indonesia. NEGREI: Academic Journal of Law and Governance, 4(1), 203–226. Retrieved from https://journal.iaincurup.ac.id/index.php/negrei/article/view/13199

Issue

Vol. 4 No. 1 (2024)

Section

Articles

Citation Check

License

Copyright (c) 2024 Khiswatul Barokah, Yuliati, Abdul Madjid

Creative Commons License

This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.

Authors who publish with NEGREI: Academic Journal of Law and Governance agree to the following terms:

  1. Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License (CC BY-NC-SA 4.0) that allows others to share the work with an acknowledgment of the work's authorship and initial publication in this journal.
  2. Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgment of its initial publication in this journal.
  3. Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work (See The Effect of Open Access).