The Legal Position of Children's Sensitive Data in the Indonesian Personal Data Protection System: A Normative Analysis Based on the Best Interests of the Child Principle

Sidi Ahyar Wiraguna; Ayu Wulandari; Zhillan Zalzabilla Albana; Dhiyaksa Nugraha; Yani Purwanti

Authors

Sidi Ahyar Wiraguna Universitas Esa Unggul
Ayu Wulandari Universitas Esa Unggul
Zhillan Zalzabilla Albana Universitas Esa Unggul
Dhiyaksa Nugraha Universitas Esa Unggul
Yani Purwanti Universitas Esa Unggul

Keywords:

Children’s Sensitive Data, Personal Data Protection, Best Interests of the Child, Regulatory Harmonization, Children’s Rights Recovery

Abstract

The digitalization of education, healthcare, and commercial platforms has intensified the collection of children's personal data, exposing vulnerabilities inadequately addressed by Indonesia's legal framework. This study critically analyzes the legal position of children's sensitive data under Law No. 27 of 2022 on Personal Data Protection, examining normative gaps, rights recovery mechanisms, and synchronization with international standards. Employing a normative legal research design, the study integrates statutory, conceptual, and functional comparative approaches, utilizing systematic-teleological interpretation, hierarchical synchronization analysis, and principle-based evaluation centered on the best interests of the child. The findings reveal that the Personal Data Protection Law constructs children's data protection generically, lacking a differentiated legal category, explicit digital consent age limits, and child-specific impact assessment obligations. Consequently, rights recovery mechanisms remain overly reliant on parental representation, which frequently fails to account for children's psychosocial vulnerabilities, and do not incorporate child-friendly breach notification or restorative rehabilitation protocols. Substantive misalignments persist with Article 16 of the Convention on the Rights of the Child and Article 8 of the GDPR, particularly regarding commercial profiling restrictions and privacy-by-design mandates. The study recommends derivative regulations establishing a digital consent age of 13–15 years, encrypted parental consent verification, mandatory Child Data Protection Impact Assessments, and a specialized supervisory directorate. Theoretically, this research reconstructs the doctrine of vulnerable data subjects; practically, it provides a policy roadmap for harmonizing regulations in EdTech, digital health, and public information system.

Downloads

Download data is not yet available.

References

Bygrave, L. A. (2014). Data privacy law: An international perspective. Oxford University Press.

De Hert, P., & Papakonstantinou, V. (2016). The new General Data Protection Regulation: Still a sound system for the protection of individuals? Computer Law & Security Review, 32(2), 179–194.

European Commission. (2024). Report on the application of the GDPR: Three years on (COM(2024) 345 final).

European Data Protection Board. (2021). Guidelines 05/2020 on consent under Regulation 2016/679. EDPB.

European Parliament & Council of the European Union. (2016). Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (GDPR). Official Journal of the European Union, L119, 1–88.

Hadjon, P. M. (1987). Perlindungan hukum bagi rakyat di Indonesia. RajaGrafindo Persada.

Harahap, E., & Suryani, T. (2020). Analisis kebocoran data pribadi pada e-government di Indonesia. Jurnal Teknologi Informasi dan Ilmu Komputer, 7(3), 512–520.

Information Commissioner’s Office. (2020). Age appropriate design: A code of practice for online services. ICO UK.

Indonesian Legal Resource Center. (2024). Analisis dampak UU PDP terhadap sektor pendidikan dan kesehatan digital (Policy Brief No. 12/2024).

Kuner, C. (2020). The European General Data Protection Regulation (GDPR): A commentary. Oxford University Press.

Lazuardiansyah, A., & Indriati, D. (2023). Perlindungan data pribadi anak dalam perspektif hukum Indonesia. Soedirman Law Review, 8(2), 45–62.

Livingstone, S., & Blum-Ross, A. (2020). Parenting for a digital future: How hopes and fears about technology shape children’s lives. Oxford University Press.

Livingstone, S., Carr, J., & Byrne, J. (2016). One in three: Internet governance and children’s rights. Global Commission on Internet Governance & LSE.

Mahmud, M. S. (2021). Teori perlindungan hukum: Perspektif Indonesia. Prenada Media Group.

Mantelero, A. (2018). AI and data protection: The challenge of algorithmic transparency. Computer Law & Security Review, 34(4), 613–628.

National Center for Missing & Exploited Children. (2023). CyberTipline data report: Trends in online exploitation of children. NCMEC.

Nissenbaum, H. (2010). Privacy in context: Technology, policy, and the integrity of social life. Stanford University Press.

OECD. (2012). Recommendation of the Council on the protection of children online. OECD Publishing.

Prabowo, R. E., & Nugroho, A. S. (2021). Data protection challenges in Indonesian e-governance: An empirical perspective. Journal of Information Assurance and Security, 16(4), 189–201.

Republik Indonesia. (1945). Undang-Undang Dasar Negara Republik Indonesia Tahun 1945.

Republik Indonesia. (1999). Undang-Undang Nomor 39 Tahun 1999 tentang Hak Asasi Manusia. LN RI 1999 No. 165.

Republik Indonesia. (2008). Undang-Undang Nomor 11 Tahun 2008 tentang Informasi dan Transaksi Elektronik jo. UU No. 19/2016.

Republik Indonesia. (2014). Undang-Undang Nomor 35 Tahun 2014 tentang Perlindungan Anak. LN RI 2014 No. 297.

Republik Indonesia. (2022). Undang-Undang Nomor 27 Tahun 2022 tentang Perlindungan Data Pribadi. LN RI 2022 No. 166.

Republik Indonesia. (2019). Peraturan Pemerintah Nomor 71 Tahun 2019 tentang Penyelenggaraan Sistem dan Transaksi Elektronik jo. perubahan. LN RI 2019 No. 202.

Simamora, P. M. (2022). Transformasi digital dan tantangan perlindungan data pribadi anak di Indonesia. Jurnal Hukum Ius Quia Iustum, 29(3), 512–534.

Solove, D. J. (2008). Understanding privacy. Harvard University Press.

Sunstein, C. R. (2005). Laws of fear: Beyond the precautionary principle. Cambridge University Press.

Tjong Tjin Tai, E. (2021). Data protection and children: A comparative perspective. European Journal of Risk Regulation, 12(4), 789–805.

United Nations. (1989). Convention on the Rights of the Child. Treaty Series, 1577, 3.

United Nations Committee on the Rights of the Child. (2021). General Comment No. 25 on children’s rights in relation to the digital environment (CRC/C/GC/25).

Van Bueren, G. (1998). The international law on the rights of the child. Martinus Nijhoff Publishers.

Wahyuni, D., & Pratama, R. (2023). Child data protection in the post-GDPR era: Lessons for developing legal systems. International Journal of Law and Information Technology, 31(1), 78–95.

Wicaksono, A., & Firdaus, M. (2022). Privasi anak di era platform digital: Tinjauan kritis terhadap kebijakan privasi aplikasi EdTech Indonesia. Jurnal Media Hukum, 29(2), 211–228.

Zhang, L., & Chen, Y. (2024). Algorithmic profiling and child autonomy: Legal and ethical dimensions. Journal of Media Law, 16(1), 45–67.