Personal Data Protection In The Case Of Covid 19 Vaccine Certificate Data Leak In Wonosobo

Abstract

The COVID-19 pandemic has accelerated the digitalization of health services in Indonesia, including the use of the PeduliLindungi application for vaccination certificates. However, the process of printing physical vaccine cards through unofficial third parties in Wonosobo Regency often leads to the leakage of personal data, such as Population Identification Numbers (NIK) and health information, which are misused for cybercrimes such as illegal online loans. This study aims to analyze the legal provisions of personal data protection based on Law Number 27 of 2022 concerning Personal Data Protection (PDP Law) and its application in the case of COVID-19 vaccine certificate data leak in Wonosobo. The research method uses a normative-empirical approach, with a study of legal regulations and primary data from interviews with law enforcement officials at the Wonosobo Police Station. The results show that the PDP Law provides a comprehensive preventive and repressive framework, including criminal sanctions of up to 6 years in prison and fines of up to Rp6 billion, supported by Article 28G paragraph (1) of the 1945 Constitution. However, implementation in Wonosobo is weak due to the lack of digital literacy of the community, lack of evidence, and the priority of restorative justice over repressive enforcement, causing inconsistencies between constitutional guarantees and field practices