Implementation of CNIL’s Basic Logging Measures in Indonesia: A Juridical Study on Personal Data Protection
DOI:
https://doi.org/10.15294/iccle.v7i2.21049Keywords:
CNIL, Basic Precaution Logging, Indonesia, Personal Data Protection StrategyAbstract
One of the efforts to realize preventive efforts to prevent all risks of personal data protection is to establish basic precaution logging as a personal data protection strategy that will serve as a guide for parties involved in personal data protection efforts. Indonesia, which has not formulated such a strategy, can make the provisions in France as a reference. The urgency of this research is that there is a mandate in Article 59 letter a of the Personal Data Protection Law in Indonesia for the Institution to formulate and determine policies and strategies for Personal Data Protection as a guide. This research employs the Library Research method, also known as Legal Research, which focuses on analyzing primary and secondary legal materials based on literature. The results show that France already has an institution called CNIL which formulates basic precautions in logging operations to guide personal data protection strategies. As a result, there are 8 basic precautions in logging operations, which are to provide a logging system that can implement and learn by Indonesia, that are: keep these logs for a rolling period of between six months and one year; perform, for application logs, a record of the creation, consultation, sharing, modification, and deletion; inform users; protect the logging equipment and the logged information; ensure the proper functioning of the logging system; ensure that processors are contractually obliged; and actively analyze, in real time or in the short term.
References
Asshiddiqie, Jimly. Perkembangan Dan Konsolidasi Lembaga Negara Pasca Reformasi. Jakarta: Sinar Grafika, 2012.
Ayiliani, Fanisa Mayda, Elfia Farida, Magister Hukum, Fakultas Hukum, Universitas Diponegoro, Fakultas Hukum, and Universitas Diponegoro. “Urgensi Pembentukan Lembaga Pengawas Data Pribadi Sebagai Upaya Pelindungan Hukum Terhadap Transfer Data Pribadi Lintas Negara.” Jurnal Pembangunan Hukum Indonesia 6, no. 3 (2024): 431-455: 431.
Burkert, Herbert. “Privacy/Data Protection: A German/European Perspective.” In Proceedings of 2nd Symposium of the Max Planck Project Group on the Law of Common Goods and the Computer Science and Telecommunications Board of the National Research Council, 50. Massachusets: Wood Hole, 1999.
Delahaie, Henri, and Félix Paoletti. Informatique et Libertés. Paris: Editions La Découverte, 1987.
Djafar, Wahyudi. Perlindungan Data Pribadi Di Indonesia. Lembaga Studi Dan Advokasi Masyarakat (ELSAM). Jakarta Selatan: ELSAM, 2016.
Fibrianti, Nurul, Tri Andari Dahlan, Rahayu Fery Anitasari, Niken Diah Paramita, and Tegar Islami Putra. “Review of Child Consumer Protection in the Practice of Online Gambling Games Through the Gacha System.” The Indonesian Journal of International Clinical Legal Education 6, no. 3 (2024): 427-452: 429. https://doi.org/doi.org/10.15294/ijicle.v6i3.13198.
Firdhausya, Mahima Umaela, Muhammad Hilmi Naufal Aflah, Anisa Tussaleha, Tegar Islami Putra, and Eko Mukminto. “The Urgency of Limiting The Utilization of Consumer IP Addresses By Companies as Personal Data Objects in The Study of Positive Law in Indonesia.” Law Research Review Quarterly 10, no. 2 (2024): 393-410: 394.
Forte, Dario. “The Importance of Log Files in Security Incident Prevention.” Network Security 7 (2009): 18–20:19.
Fujimori-Smith, Aska. “Analysis of Global Data Privacy Regulations and How Transnational Companies Are Impacted.” Santa Clara High Technology Law Journal 40, no. 1 (2024): 91-114: 102.
Ibrahim, Jhony. Teori Dan Metodologi Penelitian Hukum Empiris. Malang: Bayumedia Publishing, 2006.
Kent, Karen, and Murugiah Souppaya. Guide to Computer Security Log Management. NIST Special Publication, 2006.
Khansa, Farah Naurah. “Penguatan Hukum Dan Urgensi Otoritas Pengawas Independen Dalam Pelindungan Data Pribadi Di Indonesia.” Jurnal Hukum Lex Generalis 2, no. 8 (2021): 649-662: 657. https://doi.org/10.56370/jhlg.v2i8.114.
Maharani, Dhea Yulia, and Suparno. “The Urgency of Personal Data Protection Agencies on Sustaining The Resilience of The Digital World.” Edunity 3, no. 6 (2024): 345-353: 349.
Marjanov, Tina, Maria Konstantinou, Magdalena Jóźwiak, and Dayana Spagnuelo. Data Security on the Ground: Investigating Technical and Legal Requirements under the GDPR. Proceedings on Privacy Enhancing Technologies. Vol. 2023. Association for Computing Machinery, 2023. https://doi.org/10.56553/popets-2023-0088.
Milosevic, Z., W. Chen, A. Berry, and F.A. Rabhi. “Real-Time Analytics.” In Big Data, 39-61: 42. Elsevier, 2016. https://doi.org/10.1016/B978-0-12-805394-2.00002-7.
Naufal, Muhamad, and Aulia Azmi. “Analisa Kasus Kebocoran Data Pada Bank Indonesia Dalam Sistem Perbankan.” Jurnal Multidisiplin Ilmu Akademik 1, no. 6 (2024): 448-458: 452.
Ooijen, I. van, and Helena U. Vrabec. “Does the GDPR Enhance Consumers’ Control over Personal Data? An Analysis from a Behavioural Perspective.” Journal of Consumer Policy 42, no. 1 (2019): 91-107: 102. https://doi.org/10.1007/s10603-018-9399-7.
Putra, Tegar Islami, and Nurul Fibrianti. “Data Protection Impact Assessment Indicators in Protecting Consumer Personal Data on E-Commerce Platforms.” Legal Challenges in Overcoming the Digital Divide (Article in Press) 6, no. 1 (2024): 111–50. https://doi.org/doi.org/10.15294/ijicle.v5i3.72001.
———. “Threats and Legal Protection of Personal Data Combined in E-Commerce Transactions Based on Personal Data Protection Law in Indonesia.” Lambung Mangkurat Law Journal 9, no. 1 (2024): 64–74. https://doi.org/10.32801/lamlaj.v9i1.438.
Putra, Tegar Islami, Nurul Fibrianti, Adinda Zeranica Putri Fakhis, and Mohammad Raziq Fakhrullah. “Critically Reveal The Dimensions of Damage From Unauthorized Use of Personal Data.” The Digest: Journal of Jurisprudence and Legisprudence 5, no. 2 (2025): 231-262: 233. https://doi.org/doi.org/10.15294/digest.v5i2.19941.
Putra, Tegar Islami, Akbar Jihadul Islam, and Abdullah Mufti Abdul Rahman. “Integrating Islamic Laws into Indonesian Data Protection Laws: An Analysis of Regulatory Landscape and Ethical Considerations.” Contemporary Issues on Interfaith Law & Society 4, no. 1 (2024): 85–118. https://doi.org/doi.org/10.15294/ciils.v3i1.78690.
Savinov, Aliaksei. “Systems of Record Management.” InterConf 73 (2021): 61-66: 62.
Soekanto, Soerjono, and Sri Mamudji. Penelitian Hukum Normatif Tinjauan Singkat. Jakarta: Rajawali Press, 2006.
Werbach, Kevin. “What Could Possibly Go Wrong?” Technology and Regulation, 2019, 309-329: 314. https://doi.org/doi.org/10.26116/techreg.2024.022.
Widjaja, Gunawan, and Fransiska Milenia Cesarianti. “Urgensi Pembentukan Lembaga Pengawas Pelindungan Data Pribadi Di Indonesia Berdasarkan Pasal 58 Juncto Pasal 59 Dan Pasal 60 Undang – Undang Nomor 27 Tahun 2022 Tentang Pelindungan Data Pribadi.” SINERGI : Jurnal Riset Ilmiah 1, no. 4 (2024): 234-242: 239. https://doi.org/10.62335/8qf44b59.
Yolanda, Erlyns, and Rugun Romaida Hutabarat. “Urgensi Lembaga Pelindungan Data Pribadi Di Indonesia Berdasarkan Asas Hukum Responsif.” Jurnal Ilmiah Indonesia 13, no. 1 (2023): 4166-4182: 4168.
