Legal Protection for Banking Customers Against Personal Data Breaches in Open Banking Services in Indonesia

Authors

  • Aliyah Pratiwi Hatta Universitas Dr. Soetomo, Indonesia
  • Subekti Subekti Universitas Dr. Soetomo, Indonesia
  • Nur Handayati Universitas Dr. Soetomo, Indonesia
  • Ernu Widodo Universitas Dr. Soetomo, Indonesia

DOI:

https://doi.org/10.37253/jjr.v28i1.12312

Keywords:

Open Banking, Personal Data Breach, Banking Customers

Abstract

The expansion of open banking services improves digital financial connectivity while increasing the risk of personal data breaches across banks, payment service providers, and collaborating entities. This study analyzes the legal protection available to banking customers in Indonesia and formulates an accountability model for incidents involving multiple actors. It employs normative legal research with doctrinal, statutory, conceptual, and analytical approaches. Primary and secondary legal materials were collected through document study and examined qualitatively through legal interpretation, norm synchronization, and prescriptive analysis. The findings show that Indonesia has established preventive safeguards through personal data protection law, financial consumer protection rules, electronic system governance, cybersecurity standards, and the National Standard for Open Application Programming Interface Payments. However, responsibilities remain distributed across regulatory regimes, creating uncertainty after a breach. This study proposes an integrated accountability and redress model based on functional role classification, limited data access, partner supervision, coordinated notification, a single-entry complaint mechanism, evidence preservation, and proportionate remediation. The study recommends a coordinated protocol involving Bank Indonesia, the Financial Services Authority, and the personal data protection supervisory institution. Future research should evaluate its implementation within banking institutions and digital payment ecosystems. It also identifies priorities for cross-border processing and customer-facing consent management.

Downloads

Download data is not yet available.

References

Adedoyin Tolulope Oyewole, Bisola Beatrice Oguejiofor, Nkechi Emmanuella Eneh, Chidiogo Uzoamaka Akpuokwe, & Seun Solomon Bakare. (2024). Data Privacy Laws And Their Impact On Financial Technology Companies: A Review. Computer Science & IT Research Journal, 5(3), 628–650. https://doi.org/10.51594/csitrj.v5i3.911

Admiral, A., & Pauck, M. A. (2023). Unveiling the Dark Side of Fintech: Challenges and Breaches in Protecting User Data in Indonesia’s Online Loan Services. Lex Scientia Law Review, 7(2), 995–1048. https://doi.org/10.15294/lesrev.v7i2.77881

Agustianto, A., Sacramed, M. T., Fitri, W., Weley, N. C., & Disemadi, H. S. (2026). Regulatory Gaps in Data Protection and Proportionality in Digital Banking: Legal Issues in ASEAN. Syura: Journal of Law, 4(1), 55-86. https://doi.org/10.58223/syura.v4i1.811

Algamar, M. D., Munir, A. B., & Hendro. (2024). Managing Indonesian Data Breach Notification In The Financial Services Sector: A Case For One-Stop Notification Model. Journal of Central Banking Law and Institutions, 3(3), 547–584. https://doi.org/10.21098/jcli.v3i3.271

Ali, T., Al-Khalidi, M., & Al-Zaidi, R. (2026). Information Security Risk Assessment Methods in Cloud Computing: Comprehensive Review. Journal of Computer Information Systems, 66(1), 123–150. https://doi.org/10.1080/08874417.2024.2329985

Alkhamsi, N. N., & Alqahtani, S. S. (2024). Compliance Framework for Personal Data Protection Law Standards. International Journal of Advanced Computer Science and Applications, 15(7). https://doi.org/10.14569/IJACSA.2024.0150751

Amalia, C. (2022). Legal Aspect of Personal Data Protection and Consumer Protection in the Open API Payment. Journal of Central Banking Law and Institutions, 1(2). https://doi.org/10.21098/jcli.v1i2.19

Amirulloh, M., Handayani, T., & Sadam, A. V. (2025). Keamanan Siber (Cybersecurity) pada Sistem Perbankan Digital di Indonesia Berdasarkan Hukum Siber Indonesia. Jurnal Inovasi Global, 3(5), 718–727. https://doi.org/10.58344/jig.v3i5.323

Amboro, Y. P., Macnico, P., Tan, W., & Bajury, M. S. M. (2025). Digital Democracy and Open Finance Technology: Advancing Transparency and Consumer Digital Rights. Lex Publica, 12(2), 331-360. https://doi.org/10.58829/lp.12.2.2025.295

Anderson-Princen, J. M. (2022). Cloud Outsourcing in the Financial Sector: An Assessment of Internal Governance Strategies on a Cloud Transaction Between a Bank and a Leading Cloud Service Provider. European Business Organization Law Review, 23(4), 905–936. https://doi.org/10.1007/s40804-022-00252-4

Bella Fistya Asherli, & Sidi Ahyar Wiraguna. (2025). Perlindungan Keamanan Data Pribadi di Era Digital Menghadapi Serangan Phishing Ditinjau dari Undang-Undang Pelindungan Data Pribadi Nomor 27 Tahun 2022. Jurnal Hukum, Administrasi Publik Dan Negara, 2(4), 01–14. https://doi.org/10.62383/hukum.v2i4.290

Billiam, B., Abubakar, L., & Handayani, T. (2022). The Urgency of Open Application Programming Interface Standardization in the Implementation of Open Banking to Customer Data Protection for the Advancement of Indonesian Banking. PADJADJARAN Jurnal Ilmu Hukum (Journal of Law), 9(1), 67–88. https://doi.org/10.22304/pjih.v9n1.a4

Dahi, A., & Compagnucci, M. C. (2022). Device manufacturers as controllers – Expanding the concept of ‘controllership’ in the GDPR. Computer Law & Security Review, 47, 105762. https://doi.org/10.1016/j.clsr.2022.105762

Diyanatalia, J. L., Sudirman, L., & Disemadi, H. S. (2025). Pengawasan Otoritas Jasa Keuangan Dan Dampaknya Terhadap Efektivitas Perlindungan Data Konsumen Bank Perekonomian Rakyat Di Batam. Jurnal Hukum to-ra: Hukum Untuk Mengatur dan Melindungi Masyarakat, 11(3), 546-571. https://doi.org/10.55809/tora.v11i3.592

Florence Olweny. (2024). Navigating the nexus of security and privacy in modern financial technologies. GSC Advanced Research and Reviews, 18(2), 167–197. https://doi.org/10.30574/gscarr.2024.18.2.0043

Ghosh, A., Mukhopadhyay, I., & Chakraborty, S. (2023). ConsenTrack-Blockchain Based Framework for Open Banking Consent Data Tracking. Human-Centric Intelligent Systems, 3(2), 105–122. https://doi.org/10.1007/s44230-023-00023-5

Javaheri, D., Fahmideh, M., Chizari, H., Lalbakhsh, P., & Hur, J. (2024). Cybersecurity threats in FinTech: A systematic review. Expert Systems with Applications, 241, 122697. https://doi.org/10.1016/j.eswa.2023.122697

Karthika M., Neethu K., & Lakshmi P. (2022). Impact of Fintech on the Banking Sector. Integrated Journal for Research in Arts and Humanities, 2(4), 109–112. https://doi.org/10.55544/ijrah.2.4.66

Karwati, K., Hardyansah, R., & Saktiawan, P. (2024). Legal Analysis of Open Banking and Bank Customer Data Privacy Rights in Indonesia. Journal of Social Science Studies, 4(1), 93–104. https://jos3journals.id/index.php/jos3/article/view/295

kumari, sonam. (2025). Adaptive Security for Digital Finance: Balancing Innovation, Risk, and Customer Experience. International Journal For Multidisciplinary Research, 7(5). https://doi.org/10.36948/ijfmr.2025.v07i05.55438

Li, S. (2023). Compensation for non-material damage under Article 82 GDPR: A review of Case C-300/21. Maastricht Journal of European and Comparative Law, 30(3), 335–345. https://doi.org/10.1177/1023263X231208835

Librawenson, W., Disemadi, H. S., & Afdal, W. (2025). Regulating the Right to Be Forgotten in Indonesia’s Digital Banking: Lessons from the EU GDPR. Jurnal Mediasas: Media Ilmu Syari'ah dan Ahwal Al-Syakhsiyyah, 8(4), 1008-1028. https://doi.org/10.58824/mediasas.v8i4.501

Masuch, K., Greve, M., & Trang, S. (2021). What to do after a data breach? Examining apology and compensation as response strategies for health service providers. Electronic Markets, 31(4), 829–848. https://doi.org/10.1007/s12525-021-00490-3

Modesti, P., Freitas, L., Shotomiwa, Q., & Almehrej, A. (2025). Security analysis of the open banking account and transaction API protocol. Cyber Security and Applications, 3, 100097. https://doi.org/10.1016/j.csa.2025.100097

Naudts, L., Dewitte, P., & Ausloos, J. (2022). Meaningful transparency through data rights: A multidimensional analysis. In Research Handbook on EU Data Protection Law. Edward Elgar Publishing. https://doi.org/10.4337/9781800371682.00030

Nuredini, B., Xhafaj, J., & Paukovska Dodevska, V. (2022). A Comparative Overview of Data Protection in e-Commerce in the European Union, the United States of America, the Republic of North Macedonia, and Albania: Models and Specifics. Studia Iuridica Lublinensia, 31(3), 61–84. https://doi.org/10.17951/sil.2022.31.3.61-84

Nurlaily, N., Sudirman, L., Bajury, M. S. M., Disemadi, H., & Silviani, N. (2025). Digital Advertising as a Threat to Consumer Privacy: A Comparative Legal Analysis. QONUN: Jurnal Hukum Islam Dan Perundang-Undangan, 9(2), 359-388. https://doi.org/10.21093/qj.v9i2.12656

Pati, U. K., & Pratama, A. M. (2025). Indonesia’s Open Banking Future: Designing Effective Regulatory Approaches. Jambe Law Journal, 8(1), 27–60. https://doi.org/10.22437/home.v8i1.371

Purwanti, N., Barthos, M., & Saputra, T. E. (2025). The Role of Artificial Intelligence in the Implementation of Personal Data Protection Law in Indonesia. Interdiciplinary Journal and Hummanity (INJURITY), 4(6), 325–336. https://doi.org/10.58631/injurity.v4i6.1448

Rannie B., W. (2023). Legal Protection of Customer Personal Data in the Banking Sector. ARRUS Journal of Social Sciences and Humanities, 3(5), 710–717. https://doi.org/10.35877/soshum2169

Romanosky, S. (2016). Examining the costs and causes of cyber incidents. Journal of Cybersecurity, tyw001. https://doi.org/10.1093/cybsec/tyw001

Sakti, M., Utami, K., & Sulastri. (2024). The Urgency Of Standardizing The Open Application Programming Interface In Implementation Of Open Banking For Customer Protection. Jurnal Hukum Samudra Keadilan, 19(1), 29–44. https://doi.org/10.33059/jhsk.v19i1.7471

Saputra, T. E. (2024). Penggunaan Rekam Medis Elektronik dalam Mewujudkan Perlindungan Hukum Keamanan Data Pribadi Pasien. Fundamental: Jurnal Ilmiah Hukum, 13(2), 57–75. https://doi.org/10.34304/jf.v13i2.276

Sari, N. (2023). Accelerating Business Law Dynamization through Proposed Amendments to Indonesian Consumer Protection Law. Jurnal Hukum Novelty, 14(1), 88. https://doi.org/10.26555/novelty.v14i1.a25945

Sarif, A., & Ariyanti, R. (2024). The Innovation of Digital Payment System with QRIS in National Open API and Maqasid al-Sharia Standards. International Journal of Applied Business and International Management, 9(2), 96–114. https://doi.org/10.32535/ijabim.v9i2.2553

Situmeang, A., Disemadi, H. S., & Marsudi, I. R. (2024). Contextualizing Consumer Data Protection within the Operational Principles of Banking: A Legal Inquiry. Legal Spirit, 8, 365-78. https://doi.org/10.31328/ls.v8i2.5458

Sudirman, L., Disemadi, H. S., & Aninda, A. M. (2023). Comparative Analysis of Personal Data Protection Laws in Indonesia and Thailand: A Legal Framework Perspective. JED (Jurnal Etika Demokrasi), 8(4), 497–510. https://doi.org/10.26618/jed.v8i4.12875

Syailendra, M. R. (2024). Personal Data Protection Law In Indonesia: Challenges And Opportunities. Indonesia Law Review, 14(2). https://doi.org/10.15742/ilrev.v14n2.4

Taufiq, M. (2025). Dispute Resolution in Consumer Protection in the Financial Services Sector Perspective Sadd al-Zari’ah. Al-Mustashfa: Jurnal Penelitian Hukum Ekonomi Syariah, 10(1), 76. https://doi.org/10.24235/jm.v10i1.19570

Thomas, G., & Sule, M.-J. (2023). A service lens on cybersecurity continuity and management for organizations’ subsistence and growth. Organizational Cybersecurity Journal: Practice, Process and People, 3(1), 18–40. https://doi.org/10.1108/OCJ-09-2021-0025

van Zeeland, I., & Pierson, J. (2024). Changing the whole game: effects of the COVID-19 pandemic’s accelerated digitalization on European bank staff’s data protection capabilities. Financial Innovation, 10(1), 29. https://doi.org/10.1186/s40854-023-00533-y

Wolters, P. T. J., & Jacobs, B. P. F. (2019). The security of access to accounts under the PSD2. Computer Law & Security Review, 35(1), 29–41. https://doi.org/10.1016/j.clsr.2018.10.005

Zachariadis, M., & Ozcan, P. (2016). The API Economy and Digital Transformation in Financial Services: The Case of Open Banking. SSRN Electronic Journal. https://doi.org/10.2139/ssrn.2975199

Zeynalova, A. (2024). From Closed Banking to Open Banking: Risks and Opportunities. Journal of Applied Business, Taxation and Economics Research, 3(3), 303–316. https://doi.org/10.54408/jabter.v3i3.278

Downloads

Published

2026-06-01

Issue

Vol. 28 No. 1 (2026): June 2026 (Articles in Press)

Section

Articles

License

Copyright (c) 2026 Aliyah Pratiwi Hatta, Subekti, Nur Handayati, Ernu Widodo

Creative Commons License

This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.