Personal Data Protection Policy during Covid-19 Pandemic Era

Advances in technology and information demand that the law can accommodate all forms of need for legal protection in the future. Objective : This research aims to describe the picture of threats to data resources during the COVID-19 pandemic as well as describe personal data protection policies during the Covid-19 pandemic. Methods : This research uses the literature review method. The literary materials obtained are in the form of scientific papers, online media, books, etc. that concerns the analyzed object. Findings : Previously, the personal data protection policy was based on Law Number 19 of 2016 concerning Amendments to Law Number 11 of 2008 concerning Information and Electronic Transactions. But now Law No. 27 of 2022 concerning Personal Data Protection has been passed. Even though it has been passed, the law still has loopholes, especially those related to cyber security, so special regulations


INTRODUCTION
New crimes appearing in society can be interpreted as an increase in criminal activities and attitudes, the pattern of which was easily changed before, but is not so easy today (Gumbira, 2019).One is technological crime because of globalization, the impact of which has penetrated almost every aspect of people's lives, including economy, politics, science culture, education, and others.Smart data, information, and general population data can be accessed through technology, so it should be paid attention to and carefully considered because it is a way to bring down the country (Azizah, 2020).In order to protect rights in the sphere of technology, particularly those of users of Internet services, one of the tasks of the law is to maintain the smooth operation of the national development process (Arifah, 2011).Along with the discovery of copyrights and new patents in information technology, the internet is widely utilized as a channel for electronic information and communication.These activities include surfing, searching for data and news, exchanging emails, and trading.Since the Internet is currently the most effective medium, almost all items can be traded over it (Moonti, 2012).
Indonesia has a growing number of online users every year.Indonesia has 132 million Internet users in 2016, making it the third-largest country in Asia behind China and India, according to Internet World Statistics data.Data on Internet users in Indonesia reached 88.1 million in January 2016, of whom 79 million are active social media users, 15% of them are regular Facebook users.This represents approximately 50%, according to a survey by We Are Social.The user is a teenager between the ages of 13 and 29.(Marwan, 2018).There are now 140 million internet users in Indonesia as of 2018, and at least 28 million of them are continually active users of the internet for online transactions (Sinaga, 2020).The issue of how important it is to protect personal data is growing along with the rise in internet users.Through internet media, many crimes, including threats, theft, defamation, pornography, gambling, and fraud, as well as illegal acts of terrorism, can now be committed by individuals or groups without elevated risk of detection and repercussions.Bigger losses for the state and community (Mufid, 2018).
The globe is currently experiencing a coronavirus (Covid-19) pandemic, which is weakening all aspects of life and having an impact comparable to World War II (Ministry of Social Affairs, Republic of Indonesia, 2020).Additionally, the COVID-19 epidemic has altered the way of life of Indonesians, increasing their reliance on the internet and the frequency of cyberattack attempts.According to data from the National Cyber and Crypto Agency (BSSN), from January to August 2020, Indonesia had almost 190 million attempts at cyberattacks (Compass, 2020).In its ASEAN Cyber Threat Assessment 2020, Interpol revealed that cybercrime related to Covid-19 is also anticipated to increase, particularly if a vaccination or his Covid-19 remedy becomes available.To preserve trust in the use of electronic communications and services, Interpol stressed the necessity for nations to create robust cybersecurity ecosystems.In order to tackle cybercrime, national and commercial law enforcement and cybersecurity teams must be proactive, build plans, and recognize and evaluate attack trends (Tirto, 2020).
Although Indonesia is one of the nations that has experienced the economic, social, and political effects of this pandemic, including the legislation, the Indonesian government is highly conscious of this (Kriswibowo, 2020).As a result, the previous administration created laws and regulations that can satisfy the demands for restricting internet use.All facets of the information cycle and electronic transactions are governed by Law Number 19 of 2016 concerning Amendments to Law Number 11 of 2008 Concerning Information and Electronic Transactions, also known as UU ITE.But now Law No. 27 of 2022 concerning Personal Data Protection has been passed.Even though it has been passed, the law still has loopholes, especially those related to cyber security, so special regulations need to be stipulated.

RESEARCH METHOD
This research is normative legal research conducted by examining library materials or secondary data.This research is descriptive in nature.Descriptive research is research which is a problem-solving procedure that is investigated by describing the current state of the subject or object of research based on the facts seen.In legal research, the research approach can be used statutory approach.The statutory approach is an approach taken to various legal regulations relating to personal data protection and cybersecurity.

RESULTS & DISCUSSION
Artificial intelligence (AI), supercomputers, genetic engineering, nanotechnology, selfdriving automobiles, and innovation are characteristics of the Fourth Industrial Revolution.
Business, industry, government, and politics are all being affected by these developments, which are happening at an exponential rate.At this moment, it is becoming clearer that we live in a global village (Satya, 2018).The role of information technology in people's daily lives has increased significantly in the age of informatization and globalization.In addition to being the product of human work, information technology also aspires to integrate itself into daily life and enhance human welfare (Mahfudz, 2005).There are several ramifications that must be expected and considered because of the tendency toward continued technological advancement.
The Information and Electronic Transactions Act No. 11 of 2008 is the result of these efforts, and it is now a legally binding document (UU ITE).The ITE Act's adoption, however, does not fully address all ITE-related difficulties.There are many causes for this issue, including the following: First off, the public is now informed about Law No. 11 of 2008 on Information and Electronic Transactions using more than just attorneys and information technology.To foresee solutions to various technical issues that are thought to be novel, as well as to serve as a resource for the development of various implementation rules, it is possible to identify the many types of technological progress that result in new implementations and services.Third, the expansion of the legal system will strengthen the living dynamics of the laws incorporated into the national legal framework (Ramli, 2014).
Law and technology are two factors that interact with one another and have social implications.According to Heidegger, technology can be viewed as both a human activity and a tool for achieving a certain objective.Therefore, it is clear from the nature of the interaction between technology and law that each technology is created to address a specific need and then offers advantages and services to humans, including improving the efficiency and productivity of work.The highest authority in a country has the power to impose coercive consequences for violations of the law, which also serves as a behavioral restriction (Sitompul, 2012).Law is employed as a tool of politics, or as a means to accomplish aims (means of political engineering).In a society designed by law, law is described as a political category and a weapon to enforce equitable living conditions (Siregar, 2018).
It is not negotiable to attempt to create a legislative instrument that is consistent with the evolution of the information and telecommunications industries.Experience from many democracies shows that positive privacy law and jurisprudence predated the inclusion of privacy as a fundamental principle in international human rights law frameworks.The protection of the right to privacy in the digital era is the subject of Resolution 68/167, which was approved by the UN Human Rights Council.One of the provisions highlights the need to defend everyone's online rights, including their offline rights, such as their right to privacy (Indriani, 2017).The foundation of Indonesian legal protection is Pancasila, the country's official ideology and philosophy.Rechstaat and the Rule of Law are the foundations upon which the idea of legal protection for persons in the west is built.using the western conception as a mental framework and the Pancasila on Pancasila foundation.In Indonesia, the Pancasilabased notion of legal protection is the principle of acknowledging and defending human dignity.
Because historically in the West, the genesis of conceptions surrounding the recognition and preservation of human rights was focused on the limitations and abuses of those rights, the principle of legal protection against government actions based on and comes from this notion (Puspitasari, 2018).
When this personal data transforms into Big Data once the firm succeeds in collecting significant amounts of data, this is one crucial issue that requires special attention.This personal information is gathered in large part from users like you and me.The internet ecosystem has information such as names, personal cell phone numbers, birthdays, nationalities, addresses, shopping preferences, and even the pharmaceuticals we purchase online, which can be used to benefit such organizations financially.This raises questions regarding the use of personal data.
Therefore, a data protection system to control the gathering, using, and showing of personal data is crucial to addressing these issues and preserving public confidence in the institutions and governments that collect, keep, and use such data (Anggraeni, 2018).
The University aims to make this goal a reality by collaborating with all stakeholdersindividuals or groups with an interest in decisions and organizations-through the Ministry of Information and Communication of Indonesia.After much debate, a law known as Law Number 11 of 2008 Concerning Information and Electronic Transactions was finally enacted on April 21, 2008, addressing the issues around information and electronic transactions (Maskun, 2013).

Law Number 19 of 2016 Concerning Amendments to Law Number 11 of 2008 Concerning
Information and Electronic Transactions has been modified throughout its development and is currently in effect in society.Personal data are not adequately protected under the rules and regulations that are now in place in Indonesia regulating its protection.The Law on Electronic Information and Electronic Transactions (UU ITE) just briefly mentions the topic of protecting personal data without going into further detail about how that protection will be put into practice.The facts show that regulations on data protection are regulated in sectoral regulations as described in the following chart: Regulation Governing Electronic System and Transaction Operators No. 82 of 2012.

Law Number 27 of 2022 concerning Personal Data Protection Consists
This law, which consists of 16 chapters and 76 articles, regulates basic matters for protecting individual personal data.Among other things, this Law regulates the rights of every individual to whom personal data is attached, provisions for processing personal data and the obligations of controllers of personal data, plans to establish a personal data protection institution, and implementation of prohibitions and sanctions.However, despite the importance and necessity of this regulation, there are still some weaknesses which are suspected to threaten openness to information and have the potential to become rubber regulations, such as the Law on Information and Electronic Transactions (The Converaation, 2022).
Personal data is one of the objects that must be protected by a cybersecurity mechanism.
The goal of a cybersecurity system is to protect networks, computers, programs and data from attacks and unauthorized access.These attacks can vary from hardware attacks, network attacks, and application attacks.As personal information is increasingly stored and processed online, privacy protection is becoming increasingly reliant on effective security systems.Cybersecurity measures also support critical infrastructure that protects data and safeguards confidential information (Detik, 2022).Currently, Indonesia does not yet have specific regulations for cybersecurity.Most of the laws that touch on cybersecurity are still fragmented and overlapping.The ratification of the PDP Law has been able to cover this legal loophole.However, this is still not sufficient and there is an urgency to immediately establish special regulations for cybersecurity in Indonesia.
Due to the COVID-19 pandemic's rising trend of cybercrime, the government must put it on its agenda in order to preserve its data resources.The government's agenda is viewed as a set of issues that require thoughtful consideration by public leaders at specific times (Nurhayati, 2019).The lack of ideal legal protection for data resources during the COVID-19 epidemic is the issue brought up in this paper, which encourages the creation of a legal protection model for data resources.The problems mentioned above can be included in the government's agenda, according to Cobb and Elderr (Basyarahil, 2011) if at least 3 (three) conditions are met: 1. Issuance of Personal Data Protection Derivatives Even though the Personal Data Protection Bill has been passed (Law Number 27 of 2022 concerning Personal Data Protection Consists), there are still some weaknesses that need to be closed through derivative regulations from the law.These weaknesses, among others, are related to efforts to accommodate the private sector, which previously had public data so that it could protect its customer data.Then, this law must be ensured that it can be understood by the public so that they are not ensnared because of their ignorance.
children and vulnerable groups due to their position that is not yet competent at law, so they need further assistance (Kompasiana, 2022).
2. The public believes that certain steps must be taken to address the issue.Digitalizationrelated technological advancements need the use of big data and laws, particularly regarding the security of personal data (Palinggi, 2020); 3. The public shares the opinion that it is the government's duty and responsibility to address the issue.It is evident from a study done in Makassar that the ITE Law is unable to control such intricate cybercrime challenges.This is because information technology is advancing quickly and becoming more complex, yet conventional positive law's guiding concepts are still used in the legal system (Gani, 2019).Therefore, as a kind of future public policy, the government must develop a legal framework for protecting data resources that actively incorporates all facets of society.

CONCLUSION
In order to prevent the issue of personal data protection from emerging, threats to data resources have grown along with the annual increase in internet users.According to information from the National Cyber and Crypto Agency, Indonesia had approximately 190 million cyberattack attempts in 2020, an increase of more than four times compared to the 39 million or so cyberattacks that occurred in 2019.In response, the government must create laws and rules that can satisfy the demands for personal data protection and internet usage management.
Law Number 27 of 2022 concerning Personal Data Protection Consists serves as the foundation for the present personal data protection policy.However, This law is a good first step in terms of data security development policy in Indonesia.Whether law enforcement will be effective or not depends on its implementation.Even so, it needs to be an important note to cover the weaknesses of the law that has been passed, especially to deal with the era of the Covid-19 pandemic which could increase again at any time.This is a shared responsibility as the next step to optimize data protection.

Figure 1 .
Figure 1.Data Resource Legal Arrangements According to the illustration above, the legal basis of data resources has been independently governed in several regulations based on sectoral interests, including: 1.The 1945 Constitution of the Republic of Indonesia Everyone has the right to personal safety, family, honor, dignity, and property under his control, according to Article 28G paragraph (1) of the 1945 Constitution of the Republic of Indonesia.They also have the right to a sense of security and protection from threats of terror.Whether to exercise human rights.2. Law Number 24 of 2013 concerning Population Administration In the context of population administration Article 84 of this regulation governs the protection of data for citizen registration including: 1) Information on physical and/or