Legal and National Security Reform: Reconstructing Data Privacy Regulations in the Era of Indonesia's Digital Sovereignty

Abstract

This article examines the legal and national security dimensions of Indonesia’s evolving approach to data privacy within the broader project of digital sovereignty. As Indonesia balances economic digitalization, national security imperatives, and citizens’ privacy rights, recent regulatory moves — including data-placement rules, platform oversight, and the Personal Data Protection law — reveal tensions between state control and cross-border data flows. Through doctrinal legal analysis, policy review, and comparative assessment of international data-sovereignty practices, this study reconstructs a regulatory framework that aligns privacy protection with legitimate national-security objectives while minimizing adverse effects on innovation and digital trade. The paper proposes a three-pillar reconstruction: (1) rights-preserving data governance (clear principles on purpose limitation, consent, and oversight); (2) targeted security exceptions (narrowly defined, proportionate, and time-bound measures backed by judicial or independent oversight); and (3) interoperable cross-border mechanisms (binding transfer safeguards, certifications, and mutual legal assistance). The proposed model aims to operationalize Indonesia’s digital sovereignty without unnecessary data localization or opaque access regimes, thereby fostering trust, foreign investment, and resilience against cyber threats. Recommendations include legislative refinements, creation of independent supervisory capacity, sectoral risk assessments, and multilateral engagement to harmonize standards.