Organizational Communication Ethics and Personal Data Protection: A Review of the Personal Data Protection Law
DOI:
https://doi.org/10.63306/t895mn34Keywords:
Communication Ethics, Informed Consent, Organizational Communication, Personal Data Protection, Public RelationsAbstract
This study examines the relationship between organizational communication ethics and the legal framework for Personal Data Protection in Indonesia, with a focus on Law No. 27 of 2022 (PDP Law). Using a qualitative approach based on library research and normative analysis of regulatory texts and academic literature, this study combines contextual integrity theoretical framework and privacy damage map to evaluate the compatibility between ethical principles (informed consent, transparency, accountability, minimization) and the legal provisions contained in Articles 20–21, Articles 30–46, Articles 51–56 of the PDP Law. The findings show that the PDP Law provides a normative foundation that is in line with ethical principles of communication, such as recognition of subject rights, DPIA obligations, and data breach notification obligations, but there is an operational gap due to formalistic consent practices, dependence on third parties, limited institutional capacity, and unfinished implementing regulations. This study also compares international experiences from 13 countries, such as the EU GDPR, Singapore’s PDPA, China’s PIPL, and other country models to formulate adaptive lessons. Recommendations include the implementation of privacy by design, a pre-campaign DPIA checklist, standardization of concise privacy notices and granular consent options, strengthening the role of the DPO and strict contractual clauses with vendors, and accelerating implementing regulations and capacity building programs. The novelty of the research lies in the integrative mapping of articles versus ethical principles, which produces specific operational recommendations for public relations units and policymakers.
Downloads
References
’Aisy, F. R., Maskur, M. A., & Amiruddin, A. . A. (2025). Establishing Indonesia’s Personal Data Protection Agency: Comparative Administration Sanctions Enforcement from Ireland, Australia, and Singapore. Journal of Indonesian Legal Studies, 10(1), 431–482. https://doi.org/10.15294/jils.v10i1.13755
Abdillah, A., Widianingsih, I., Buchari, R. A., & Nurasa, H. (2024). Big data security & individual (psychological) resilience: A review of social media risks and lessons learned from Indonesia. Array, 21, 100336. https://doi.org/10.1016/j.array.2024.100336
Admiral, A., & Pauck, M. A. (2023). Unveiling the Dark Side of Fintech: Challenges and Breaches in Protecting User Data in Indonesia’s Online Loan Services. Lex Scientia Law Review, 7(2), 995–1048. https://doi.org/10.15294/lesrev.v7i2.77881
Alexe, I., & Şandru, D.-M. (2021). Data Protection in the Public Procurement Process. European Journal of Law and Public Administration, 7(2), 224–239. https://doi.org/10.18662/eljpa/7.2/142
Algamar, M. D., Munir, A. B., & Hendro. (2024). Managing Indonesian Data Breach Notification in the Financial Services Sector: A Case for One-Stop Notification Model. Journal of Central Banking Law and Institutions, 3(3), 547–584. https://doi.org/10.21098/jcli.v3i3.271
Alnajrani, H. M., & Norman, A. A. (2020). The Effects of Applying Privacy by Design to Preserve Privacy and Personal Data Protection in Mobile Cloud Computing: An Exploratory Study. Symmetry, 12(12), 2039. https://doi.org/10.3390/sym12122039
Amalia, C., Poetry, E. G., Kono, M. K., Kusuma, D. A., & Kurniawan, A. (2022). Legal Aspect of Personal Data Protection and Consumer Protection in the Open API Payment. Journal of Central Banking Law and Institutions, 1(2), 323–352. https://doi.org/10.21098/jcli.v1i2.19
Amiludin, A., Nurhalisa, S., Umara, U. P., & Hidayatullah, H. (2024). Comparison of Protection Laws Private Data in Indonesia, and the Philippines. Jurnal Jurisprudence, 14(2), 171–191. https://doi.org/10.23917/jurisprudence.v14i2.4266
Anggraini, D. I., & Putra, P. O. H. (2025). Data Protection Impact Assessment Framework in the Banking Sector in Indonesia to Implement Law of Personal Data Protection. Jurnal Sistem Informasi, 21(1), 15–34. https://doi.org/10.21609/jsi.v21i1.1439
Ashby-King, D. T., Truban, O., & Lee, S. Y. (2025). Examining public relations practitioners’ perceptions of authentic organizational social responsibility and advocacy communication. Public Relations Review, 51(4), 102603. https://doi.org/10.1016/j.pubrev.2025.102603
Avanzi, B., Tan, X., Taylor, G., & Wong, B. (2025). On the Evolution of Data Breach Reporting Patterns and Frequency in the United States: A Cross-State Analysis. North American Actuarial Journal, 29(4), 833–864. https://doi.org/10.1080/10920277.2025.2457491
Bisel, R. S., & Mahutga, J. (2024). Organizational Communication Ethics. In A. Pinchevski, P. M. Buzzanell, & J. Hannan (Eds.), The Handbook of Communication Ethics (2nd ed.). Routledge. https://doi.org/10.4324/9781003274506-14
Calzada, I. (2022). Citizens’ Data Privacy in China: The State of the Art of the Personal Information Protection Law (PIPL). Smart Cities, 5(3), 1129–1150. https://doi.org/10.3390/smartcities5030057
Çelik, F., Koseoglu, M. A., & Ibrahim, B. (2025). Research on Corporate Social Responsibility in Public Relations: A Hybrid Review Through Topic Modeling Analysis and Way Forward. Business Ethics, the Environment & Responsibility, 34(4), 2187–2209. https://doi.org/10.1111/beer.12762
Chapman, K., Smith, G., Klabacka, K., Winslow, H., Barkhuus, L., Faklaris, C., Das, S., Wisniewski, P., Knijnenburg, B. P., Lipford, H., & Page, X. (2025). Beyond the Legal Lens: A Sociotechnical Taxonomy of Lived Privacy Incidents and Harms. ArXiv, 1–33. https://arxiv.org/abs/2511.20791v1
Christou, P. A. (2022). How to use thematic analysis in qualitative research. Journal of Qualitative Research in Tourism, 3(2), 79–95. https://doi.org/10.4337/jqrt.2023.0006
Croce, Y. Della. (2023). Epistemic Injustice and Nonmaleficence. Journal of Bioethical Inquiry, 20(3), 447–456. https://doi.org/10.1007/s11673-023-10273-4
de Bruin, R. (2022). A Comparative Analysis of the EU and U.S. Data Privacy Regimes and the Potential for Convergence. UC Law Science and Technology Journal, 13(2), 127–166. https://repository.uclawsf.edu/hastings_science_technology_law_journal/vol13/iss2/4
de Groot, N. F. (2024). A contextual integrity approach to genomic information: what bioethics can learn from big data ethics. Medicine, Health Care and Philosophy, 27(3), 367–379. https://doi.org/10.1007/s11019-024-10211-0
de Oliveira-Martins, D., & Gonçalves-Sant’Ana, R. C. (2024). Contextualizando a taxonomia da privacidade de Solove no ciclo de vida dos dados. Comunicação Mídia e Consumo, 21(62), 558–580. https://doi.org/10.18568/cmc.v21i62.2873
Determann, L., & Tam, J. (2020). The California Privacy Rights Act of 2020: A broad and complex data processing regulation that applies to businesses worldwide. Journal of Data Protection & Privacy, 4(1), 7–21. https://doi.org/10.69554/GCLK6627
Devine, J. W. (2024). The Political Privacy Dilemma: Private Lives and Public Office. Journal of Applied Philosophy, 41(3), 391–408. https://doi.org/10.1111/japp.12683
Erdos, D. (2023). The UK GDPR, the Immigration Exception and Brexit: Interrogating Open Rights Group v Secretary of State for the Home Department and its Aftermath. The Modern Law Review, 86(3), 785–800. https://doi.org/10.1111/1468-2230.12784
Fritz, J. M. H. (2022). Work/Life Relationships and Communication Ethics: An Exploratory Examination. Behavioral Sciences, 12(4), 104. https://doi.org/10.3390/bs12040104
Georgiou, D., & Lambrinoudakis, C. (2021). Data Protection Impact Assessment (DPIA) for Cloud-Based Health Organizations. Future Internet, 13(3), 66. https://doi.org/10.3390/fi13030066
Gleim, L. C., Karim, M. R., Zimmermann, L., Kohlbacher, O., Stenzhorn, H., Decker, S., & Beyan, O. (2020). Enabling ad-hoc reuse of private data repositories through schema extraction. Journal of Biomedical Semantics, 11(1), 6. https://doi.org/10.1186/s13326-020-00223-z
Görpe, T. S., & Öksüz, B. (2024). Perception and Contribution of Public Relations to Society: What Does the Public Think? Insights from Türkiye. Social Sciences, 13(12), 675. https://doi.org/10.3390/socsci13120675
Hagelstein, J., Volk, S. C., Zerfass, A., Athaydes, A. S., Macnamara, J., Meng, J., & Hung-Baesecke, C.-J. F. (2024). Ethical Challenges of Digital Communication:A Comparative Study of Public Relations Practitioners in 52 Countries. International Journal of Communication, 18, 1072–1093. https://ijoc.org/index.php/ijoc/article/view/20636
Hartini, R., Pramesti, Y. C., & Moh.Ali, H. (2024). Preventing Personal Data Misuse: Legal Protection in Online Loans. Arena Hukum, 17(3), 732–755. https://doi.org/10.21776/ub.arenahukum2024.01703.12
Henriksen-Bulmer, J., Faily, S., & Jeary, S. (2020). DPIA in Context: Applying DPIA to Assess Privacy Risks of Cyber Physical Systems. Future Internet, 12(5), 93. https://doi.org/10.3390/fi12050093
Imran, F., Shahzad, K., Butt, A., & Kantola, J. (2021). Digital Transformation of Industrial Organizations: Toward an Integrated Framework. Journal of Change Management, 21(4), 451–479. https://doi.org/10.1080/14697017.2021.1929406
Khadafi, R., Nurmandi, A., Hasibuan, E. J., Harahap, M. S., Saputra, A., Mahardika, A., & Izharsyah, J. R. (2024). Assessing the Indonesian government’s compliance with the public information disclosure law in the context of COVID-19 data transparency. Frontiers in Political Science, 6. https://doi.org/10.3389/fpos.2024.1339506
Kharlie, A. T., Fathudin, F., Amny Azra, F. El, & Cheduerame, S. (2025). Comparative analysis of personal data protection in Indonesia and Singapore for a sustainable digital future. In M. D. H. Rahiem (Ed.), Towards Resilient Societies: The Synergy of Religion, Education, Health, Science, and Technology (1st ed., pp. 593–598). CRC Press. https://doi.org/10.1201/9781003645542-95
Kumar, P. C., Zimmer, M., & Vitak, J. (2024). A Roadmap for Applying the Contextual Integrity Framework in Qualitative Privacy Research. Proceedings of the ACM on Human-Computer Interaction, 8(CSCW1), 1–29. https://doi.org/10.1145/3653710
Latifa, N. R. (2024, December 6). Krisis Kebocoran Data Pribadi: Tata Kelola yang Buruk di Indonesia. SiberMate. https://sibermate.com/hrmi/krisis-kebocoran-data-pribadi-tata-kelola-yang-buruk-di-indonesia
Lee, Y., & Li, J. Q. (2021). The role of communication transparency and organizational trust in publics’ perceptions, attitudes and social distancing behaviour: A case study of the COVID‐19 outbreak. Journal of Contingencies and Crisis Management, 29(4), 368–384. https://doi.org/10.1111/1468-5973.12354
Li, J., Xiao, W., & Zhang, C. (2023). Data security crisis in universities: identification of key factors affecting data breach incidents. Humanities and Social Sciences Communications, 10(1), 270. https://doi.org/10.1057/s41599-023-01757-0
Maat, E. P. (2022). Google v. CNIL: A Commentary on the Territorial Scope of the Right to Be Forgotten. European Review of Private Law, 30(2), 241–262. https://doi.org/10.54648/erpl2022013
Mager, A., Eitenberger, M., Winter, J., Prainsack, B., Wendehorst, C., & Arora, P. (2025). Situated ethics: Ethical accountability of local perspectives in global AI ethics. Media, Culture & Society, 47(5), 1028–1041. https://doi.org/10.1177/01634437251328200
Maharani, D. P., Kusumadara, A., Widhiyanti, H. N., & Dewantara, R. (2025). Revisiting personal data: Ownership theories and comparative legal perspectives from Europe, Indonesia and the United States. Journal of Data Protection & Privacy, 7(3), 274–291. https://doi.org/10.69554/ZMLG9061
Mahkamah Konstitusi. (2024). Putusan Nomor 151/PUU-XXII/2024.
Mardyansyah, D. N., Sukarmi, S., Kusumaningrum, A., & Widyanti, Y. E. (2025). Harmonization of Personal Data Protection Principles With Electronic Justice Systems In Indonesia. Yuridika, 40(3), 343–368. https://doi.org/10.20473/ydk.v40i3.74179
Natamiharja, R., & Setiawan, I. (2024). Guarding Privacy in the Digital Age: A Comparative Analysis of Data Protection Strategies in Indonesia and France. Jambe Law Journal, 7(1), 233–251. https://doi.org/10.22437/home.v7i1.349
Nissenbaum, H. (2004). Privacy as Contextual Integrity. Washington Law Review, 79(1), 119–158. https://digitalcommons.law.uw.edu/wlr/vol79/iss1/10
Nissenbaum, H. (2009). Privacy in Context: Technology, Policy, and the Integrity of Social Life. Stanford University Press. https://doi.org/10.1515/9780804772891
Oshima, Y., & Sakai, M. (2020). The Enforcement of Personal Data Protection Law in Japan. Global Privacy Law Review, 1(3), 173–179. https://doi.org/10.54648/GPLR2020094
Pardieck, A. M. (2024). Privacy Matters: Data Breach Litigation in Japan. Washington International Law Journal, 33(1), 1–43. https://digitalcommons.law.uw.edu/wilj/vol33/iss1/3
Paul, J., Ueno, A., Dennis, C., Alamanos, E., Curtis, L., Foroudi, P., Kacprzak, A., Kunz, W. H., Liu, J., Marvi, R., Nair, S. L. S., Ozdemir, O., Pantano, E., Papadopoulos, T., Petit, O., Tyagi, S., & Wirtz, J. (2024). Digital transformation: A multidisciplinary perspective and future research agenda. International Journal of Consumer Studies, 48(2), e13015. https://doi.org/10.1111/ijcs.13015
Phillips, J. (2024). How does the consent model in Australia’s Privacy Act 1988 (Cth) undermine our human right to privacy? Australian Journal of Human Rights, 30(3), 329–348. https://doi.org/10.1080/1323238X.2024.2418558
Prabowo, S., Abdurohman, M., Nuha, H. H., & Sutikno, S. (2025). Identifying and Validating Critical Factors in Designing a Comprehensive Data Protection Impact Assessment (DPIA) Framework for Indonesia. International Journal of Safety and Security Engineering, 15(1), 113–126. https://doi.org/10.18280/ijsse.150113
Rabitti, G., Khorrami Chokami, A., Coyle, P., & Cohen, R. D. (2025). A taxonomy of cyber risk taxonomies. Risk Analysis, 45(2), 376–386. https://doi.org/10.1111/risa.16629
Republik Indonesia. (2022). Undang-Undang Nomor 27 Tahun 2022 tentang Pelindungan Data Pribadi.
Rohendi, A., & Kharisma, D. B. (2024). Personal data protection in fintech: A case study from Indonesia. Journal of Infrastructure, Policy and Development, 8(7), 4158. https://doi.org/10.24294/jipd.v8i7.4158
Rushagama, F. M. (2024). Combined Doctrinal and Qualitative Approach in Legal Researches: An over view. International Journal of Innovative Science and Research Technology, 9(1), 1780–1785. https://doi.org/10.5281/zenodo.10634265
Santos, K. da S., Ribeiro, M. C., Queiroga, D. E. U. de, Silva, I. A. P. da, & Ferreira, S. M. S. (2020). O uso de triangulação múltipla como estratégia de validação em um estudo qualitativo. Ciência & Saúde Coletiva, 25(2), 655–664. https://doi.org/10.1590/1413-81232020252.12302018
Setiawati, D., Hakim, H. A., & Yoga, F. A. H. (2020). Optimizing Personal Data Protection in Indonesia: Lesson Learned from China, South Korea, and Singapore. Indonesian Comparative Law Review, 2(2), 95–109. https://doi.org/10.18196/iclr.2219
Shaya, M. F., & Ahmad, J. (2024). Navigating the transformation through the insights from a study on public relations and organisational transformation. Cogent Social Sciences, 10(1). https://doi.org/10.1080/23311886.2024.2306753
Shimron, E., Tamir, J. I., Wang, K., & Lustig, M. (2022). Implicit data crimes: Machine learning bias arising from misuse of public data. Proceedings of the National Academy of Sciences, 119(13), e2117203119. https://doi.org/10.1073/pnas.2117203119
Shin, S.-Y. (2021). Privacy Protection and Data Utilization. Healthcare Informatics Research, 27(1), 1–2. https://doi.org/10.4258/hir.2021.27.1.1
Sholehuddin, N., Miskam, S., Mohd Shahwahid, F., Raja Abdul Aziz, T. N., & Mansor, N. (2024). A Comparative Legal Analysis on Personal Data Protection Laws in Selected ASEAN Countries. Journal of Muwafaqat, 7(1), 23–38. https://doi.org/10.53840/muwafaqat.v7i1.166
Søe, S. O., & Mai, J.-E. (2023). The Ethics of Sharing: Privacy, Data, and Common Goods. Digital Society, 2(2), 28. https://doi.org/10.1007/s44206-023-00057-z
Solove, D. J. (2006). A Taxonomy of Privacy. University of Pennsylvania Law Review, 154(3), 477–560. https://doi.org/10.2307/40041279
Sudarwanto, A. S., & Kharisma, D. B. B. (2022). Comparative study of personal data protection regulations in Indonesia, Hong Kong and Malaysia. Journal of Financial Crime, 29(4), 1443–1457. https://doi.org/10.1108/JFC-09-2021-0193
Sumandiyar, A., Smith, J. C. M., Syahr, Z. H. A., Husain, M. N., & Suharyanto, A. (2023). Influencer relations: the new paradigm of public relations. Jurnal Studi Komunikasi (Indonesian Journal of Communications Studies), 7(2), 401–416. https://doi.org/10.25139/jsk.v7i2.6688
Supeno, S., Rosmidah, R., & Iqbal, S. M. U. (2025). Personal Data Protection in Review of Legal Theories and Principles. Journal of Law and Legal Reform, 6(3), 1349–1376. https://doi.org/10.15294/jllr.v6i3.10252
Sutherland, K., Freberg, K., Driver, C., & Khattab, U. (2020). Public relations and customer service: Employer perspectives of social media proficiency. Public Relations Review, 46(4), 101954. https://doi.org/10.1016/j.pubrev.2020.101954
Syailendra, M. R., Lie, G., & Sudiro, A. (2024). Personal Data Protection Law in Indonesia: Challenges and Opportunities. Indonesia Law Review, 14(2), 56–72. https://doi.org/10.15742/ilrev.v14n2.4
Toruan, R. C. L. (2025, July 30). Polemik Data Pribadi: 5 Kasus Kebocoran Data di Indonesia Selama 2023-2024. TEMPO. https://www.tempo.co/digital/polemik-data-pribadi-5-kasus-kebocoran-data-di-indonesia-selama-2023-2024-2052924
Triyanti, N., Handayani, I. G. A. K. R., & Karjoko, L. (2025). Legal Gaps in Personal Data Protection: Reforming Indonesia’s Population Administration Law. Hasanuddin Law Review, 11(1), 132–147. https://doi.org/10.20956/halrev.v11i1.6177
Tsamara, N. (2021). Perbandingan Aturan Perlindungan Privasi Atas Data Pribadi Antara Indonesia Dengan Beberapa Negara. Jurnal Suara Hukum, 3(1), 53–85. https://doi.org/10.26740/jsh.v3n1.p53-84
van Goidsenhoven, L., & de Schauwer, E. (2022). Relational ethics, informed consent, and informed assent in participatory research with children with complex communication needs. Developmental Medicine & Child Neurology, 64(11), 1323–1329. https://doi.org/10.1111/dmcn.15297
van Landuyt, D., Sion, L., Dewitte, P., & Joosen, W. (2020). The Bigger Picture: Approaches to Inter-organizational Data Protection Impact Assessment. In I. Boureanu, C. C. Drăgan, M. Manulis, T. Giannetsos, C. Dadoyan, P. Gouvas, R. A. Hallman, S. Li, V. Chang, F. Pallas, J. Pohle, & A. Sasse (Eds.), Lecture Notes in Computer Science (pp. 283–293). Springer Cham. https://doi.org/10.1007/978-3-030-66504-3_17
Vuković, M., Dašić, D., & Vuković, A. (2023). Ethical and legal aspects of Public relations. Pravo - Teorija i Praksa, 40(4), 93–111. https://doi.org/10.5937/ptp2304093V
Wachid, I. B., Wulandari, M. P., & Nasution, Z. (2024). Navigating ethical challenges in Indonesian digital public relations practices. Bricolage : Jurnal Magister Ilmu Komunikasi, 10(2), 267–282. https://doi.org/10.30813/bricolage.v10i2.5478
Wasserman, H. (2024). Media accountability and ethics in Africa. In M. Puppis, R. Mansell, & H. van den Bulck (Eds.), Handbook of Media and Communication Governance (pp. 274–284). Edward Elgar Publishing. https://doi.org/10.4337/9781800887206.00031
White, M. G., & Koskey, A. F. (2025, August 22). Ten Key Insights from IBM’s Cost of a Data Breach Report 2025. Baker Donelson. https://www.bakerdonelson.com/ten-key-insights-from-ibms-cost-of-a-data-breach-report-2025
Wibowo, A., Alawiyah, W., & Azriadi. (2024). The importance of personal data protection in Indonesia’s economic development. Cogent Social Sciences, 10(1). https://doi.org/10.1080/23311886.2024.2306751
Widiatedja, I. G. N. P., & Mishra, N. (2023). Establishing an independent data protection authority in Indonesia: a future–forward perspective. International Review of Law, Computers & Technology, 37(3), 252–273. https://doi.org/10.1080/13600869.2022.2155793
Yourell, J. L., McAlister, K. L., Beatty, C. C., & Huberty, J. L. (2025). Exploring Ethics: Understanding the Role of Privacy Policies and Institutional Review Boards in Digital Health Companies. Journal of Medical Internet Research, 27, e70711–e70711. https://doi.org/10.2196/70711
Zhang, X., Yadollahi, M. M., Dadkhah, S., Isah, H., Le, D.-P., & Ghorbani, A. A. (2022). Data breach: analysis, countermeasures and challenges. International Journal of Information and Computer Security, 19(3–4), 402–442. https://doi.org/10.1504/IJICS.2022.127169
Downloads
Published
Issue
Section
License
Copyright (c) 2026 Wanda Iqwatul Qofifah, Muhammad Dirgantara, Fadhlan Maulana, Zul Fahmi (Author)
This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
