Legal Analysis of Open Banking and Bank Customer Data Privacy Rights in Indonesia
Isi Artikel Utama
Abstrak
The development of digital finance has encouraged the implementation of open banking as a mechanism for sharing bank customer data through application programming interfaces (APIs) between financial institutions and third parties. In Indonesia, this development intersects with the strengthening of personal data protection through Law Number 27 of 2022 concerning Personal Data Protection (PDP Law), Bank Indonesia Regulations concerning Data and Information Policy, and various Financial Services Authority (OJK) regulations concerning digital financial services and fintech. This study aims to analyses open banking regulations from the perspective of bank customer data privacy rights using a normative juridical method based on a literature review of legislation and the latest academic literature. The results of the analysis show that the PDP Law provides a general foundation through the principles of lawfulness, fairness, and transparency, while also guaranteeing customers, as data subjects, the rights of access, correction, deletion, and objection. At the sectoral level, Bank Indonesia regulations on data and information policy govern banking data governance, security standards, and support for digital innovation, while OJK regulations emphasize consumer protection and risk management in the use of customer data by fintech players. Theoretically, this combination of regulations can support the implementation of open banking in line with modern data protection principles, as long as the division of roles between banks, technology service providers, and regulators is clearly defined. This study concludes that the effectiveness of customer privacy protection in open banking schemes is greatly influenced by the implementation of explicit consent, clarity of opt-in and opt-out mechanisms, API design that applies data minimization and accountability, and consistent monitoring and sanctions for data breaches. The main recommendations of the study are the need for joint guidelines between authorities, strengthening technical standards and data compliance audits, and improving customer data literacy so that the rights granted by the PDP Law and sectoral regulations can be effectively implemented in digital banking practices.
Rincian Artikel
Bagian
Cara Mengutip
Referensi
Ali, R., & Darmawan, D. (2023). Big Data Management Optimization for Managerial Decision Making and Business Strategy. Journal of Social Science Studies, 3(2), 139-144.
Amalia, C. (2022). Legal Aspect of Personal Data Protection and Consumer Protection in the Open API Payment. Journal of Central Banking Law and Institutions. https://doi.org/10.21098/jcli.v1i2.19
Amalia, R. (2022). Perlindungan data pribadi dalam ekosistem open banking di Indonesia. Jurnal Hukum IUS QUIA IUSTUM, 29(3), 475–497.
Arner, D. W., Barberis, J., & Buckley, R. P. (2016). The Evolution of Fintech: A New Post Crisis Paradigm? Georgetown Journal of International Law, 47(4), 1271–1319.
Aziz, A., Darmawan, D., Khayru, R. K., Wibowo, A. S., & Mujito. (2023). Effectiveness of Personal Data Protection Regulation in Indonesia’s Fintech Sector. Journal of Social Science Studies, 3(1), 23-28.
Bowen, G. A. (2009). Document Analysis as a Qualitative Research Method. Qualitative Research Journal, 9(2), 27–40. https://doi.org/10.3316/QRJ0902027
Buchak, G., Matvos, G., Piskorski, T., & Seru, A. (2018). Fintech, Regulatory Arbitrage, and the Rise of Shadow Banks. Journal of Financial Economics, 130(3), 453–483. https://doi.org/10.1016/j.jfineco.2018.03.011
Budhijanto, D. (2021). Accountability Principle in Personal Data Protection Law. Journal of Indonesian Legal Studies, 6(3), 233–247.
Bygrave, L. A. (2014). Data Privacy Law: An International Perspective. Oxford University Press.
costa, S. da., Darmawan, D., & Isaac, A. de J. (2023). Safeguarding Employee Data with Blockchain in HR. International Journal of Service Science, Management, Engineering, and Technology, 4(3), 41–46.
Creswell, J. W. (2014). Research Design: Qualitative, Quantitative, and Mixed Methods Approaches (4th ed.). SAGE Publications.
Darmawan, D. (2023). The Effect of Trust and Saving Experience on Loyalty Through Satisfaction as an Intervening Variable (Case Study of Sharia Bank Customers in Surabaya City). International Journal of Service Science, Management, Engineering, and Technology, 2(2), 11–20.
Farrell, H., & Newman, A. L. (2019). Of Privacy and Power: The Transatlantic Struggle over Freedom and Security. Princeton University Press.
Fitrotinisak, I. K., Mardikaningsih, R., Gautama, E. C., Sulani, & Vitrianingsih, Y. (2023). Legal Compliance for Consumers in Dealing with Cases of Account Tampering in Digital Banking Services. Journal of Social Science Studies, 3(1), 75-82.
Greenleaf, G. (2014). Asian Data Privacy Laws: Trade and Human Rights Perspectives. Oxford University Press.
Hardyansah, R., & Jahroni, J. (2023). The Establishment of Customer Loyalty in View of Service Quality and Bank Reputation. Bulletin of Science, Technology and Society, 2(1), 16–20.
Hardyansah, R., Jahroni, J., Darmawan, D., Arifin, S., & Negara, D. S. (2023). Student Interest in Becoming Customers of Islamic Banks in Terms of Religiosity and Product Knowledge. International Journal of Service Science, Management, Engineering, and Technology, 4(1), 5–10.
Hardyansah, R., Pakpahan, N. H., & Wibowo, A. S. (2021). The Ramifications of Banking Monopoly on Consumer Trust, Customer Satisfaction, and Industry Competition Dynamics. Journal of Social Science Studies, 1(2), 105-110.
Hermawan, S., Khoirunisa, Z. A., & Tejomurti, K. (2023). Triangular Insight on Open Banking in Indonesia, Singapore, and Australia. International Journal of Legal Information. https://doi.org/10.1017/jli.2024.11
Hijmans, H. (2016). The European Union as Guardian of Internet Privacy and Data Protection. Springer.
Khairi, M., & Darmawan, D. (2022). Developing HR Capabilities in Data Analysis for More Effective Decision Making in Organizations. Journal of Social Science Studies, 2(1), 223-228.
Kuner, C. (2013). Transborder Data Flows and Data Privacy Law. Oxford University Press.
Lynskey, O. (2015). The Foundations of EU Data Protection Law. Oxford University Press.
Miles, M. B., Huberman, A. M., & Saldaña, J. (2014). Qualitative Data Analysis: A Methods Sourcebook (3rd ed.). SAGE Publications.
Nathania, S. A., Abubakar, L., & Handayani, T. E. (2023). Implikasi Hukum Pemanfaatan Open Application Programming Interface Terhadap Layanan Perbankan Dikaitkan dengan Ketentuan Perbankan Digital. Jurnal Poros Hukum Padjadjaran. https://doi.org/10.23920/jphp.v4i2.1209
Nicoletti, B. (2017). The Future of FinTech: Integrating Finance and Technology in Financial Services. Palgrave Macmillan. https://doi.org/10.1007/978-3-319-61247-2
Nissenbaum, H. (2010). Privacy in Context: Technology, Policy, and the Integrity of Social Life. Stanford University Press.
Omarova, S. T. (2020). New Tech v. New Deal: Fintech as a Systemic Phenomenon. Yale Journal on Regulation, 36(2), 735–793. https://doi.org/10.2139/ssrn.3224393
Peraturan Bank Indonesia Nomor 12 Tahun 2024 tentang Kebijakan Data dan Informasi.
Putra, A. R., Jahroni, Hardyansah, R., & Arifin, S. (2022). Institutionalizing Sustainability within Islamic Banking: Ethical Alignment and Practical Application in Responsible Finance. Journal of Social Science Studies, 2(1), 241-246.
Putri, A. S., & Hidayat, R. (2020). Open Banking and Data Protection Challenges in Indonesia. Journal of Financial Regulation and Compliance, 28(4), 512–526.
Rosadi, S. D. (2022). Data Governance and Legal Accountability in Indonesia’s Digital Financial Services. Hasanuddin Law Review, 8(2), 167–181.
Snyder, H. (2019). Literature Review as a Research Methodology: An Overview and Guidelines. Journal of Business Research, 104, 333–339. https://doi.org/10.1016/j.jbusres.2019.07.039
Solove, D. J. (2008). Understanding Privacy. Harvard University Press.
Sutanto, H., & Nugroho, R. S. (2021). API Governance and Legal Responsibility in Financial Technology Services. Journal of Law, Technology and Society, 4(2), 95–110.
Tikkinen-Piri, C., Rohunen, A., & Markkula, J. (2018). EU General Data Protection Regulation: Changes and Implications for Personal Data Collecting Companies. Computer Law & Security Review, 34(1), 134–153. https://doi.org/10.1016/j.clsr.2017.05.015
Undang-Undang Nomor 27 Tahun 2022 tentang Pelindungan Data Pribadi.
Undang-Undang Nomor 7 Tahun 1992 tentang Perbankan sebagaimana diubah dengan Undang-Undang Nomor 10 Tahun 1998.
Wachter, S., & Mittelstadt, B. (2019). A Right to Reasonable Inferences: Re Thinking Data Protection Law in the Age of Big Data and AI. Columbia Business Law Review, 2019(2), 494–620. https://doi.org/10.7916/cblr.v2019i2.3424
Wahyudi, W., R. N. K. Kabalmay, & M. W. Amri. (2021). Big Data and New Things in Social Life. Studi Ilmu Sosial Indonesia, 1(1), 1–12.
Yuliana, & Maulana, A. (2023). Comparative Analysis of the Implementation of Open Banking Systems for Indonesia’s 2025 National Payment System Vision. https://doi.org/10.62084/slj.v2i2.339
Zetzsche, D. A., Buckley, R. P., Arner, D. W., & Barberis, J. N. (2020). The Future of Data Driven Finance and RegTech: Lessons from EU’s Second Payment Services Directive. University of Hong Kong Faculty of Law Research Paper No. 2020 12. https://doi.org/10.2139/ssrn.3582328