Hybrid Model of Personal Data Protection for Consumers in Digital MSMEs: A Comparative Study of Indonesian and China Regulations

Yosia Hetharie; Isis Ikhwansyah; Ema Rahmawati; Valentino Dinatra Soplantila

doi:10.15294/jllr.v6i4.22388

Authors

Yosia Hetharie Doctoral Program of Law, Uviversitas Padjadjaran, Indonesia Author https://orcid.org/0000-0001-9900-6207
Isis Ikhwansyah Department of Law, Universitas Padjadjaran, Indonesia Author https://orcid.org/0009-0006-7696-4836
Ema Rahmawati Department of Law, Universitas Padjadjaran, Indonesia Author https://orcid.org/0009-0005-0298-276X
Valentino Dinatra Soplantila Birmingham Law School, University of Birmingham, United Kingdom Author https://orcid.org/0009-0002-4475-0068

DOI:

https://doi.org/10.15294/jllr.v6i4.22388

Keywords:

Model Hybrid, Personal Data Protection, Consumer, Digital MSMEs

Abstract

The protection of consumers’ personal data in digital MSME (Micro, Small, and Medium Enterprises) businesses poses a significant challenge in the era of digital transformation, particularly amid the rising cases of data breaches in Indonesia. Although Law No. 27 of 2022 on Personal Data Protection (PDP Law) has come into effect, its implementation still faces numerous obstacles, especially for MSMEs that are limited in terms of resources and technological understanding. By comparison, China, through its Personal Information Protection Law (PIPL), enforces strict supervision combined with AI-driven compliance technologies. This study aims to analyze the effectiveness of personal data protection frameworks in Indonesia and China and to propose a hybrid model that integrates government regulations with technological solutions. The research employs a normative juridical method using statutory, conceptual, and comparative law approaches, relying on secondary data such as regulations, academic journals, and policy documents. The findings indicate that adopting a hybrid model for the protection of consumers’ personal data in digital MSME businesses could serve as an effective solution. This model merges a compliance-based approach, as adopted under Indonesia’s PDP Law, with the strict oversight mechanisms implemented under China’s PIPL. By adapting mechanisms such as mandatory registration, periodic audits, and technology-based compliance incentives, Indonesia could enhance transparency, accountability, and data security within its digital MSME ecosystem.

References

Adhyputra, Muhammad Fadel, Thoriq Ahmadi, and Mohammad Rifqi. “Analisis Komparatif Rancangan Lppdp Indonesia Dengan Otoritas Pelindungan Data Singapura Dalam Penegakan Hukum Pelanggaran Data Pribadi: The Notion Of Personal Data Protection By Indonesia’s LPPDP: A Comparative Study With The Singapore Personal Data Protection.” Jurnal Nomokrasi 2, no. 2 (2024): 56–74.

Afdhali, Dino Rizka, and Taufiqurrohman Syahuri. “Idealitas Penegakkan Hukum Ditinjau Dari Perspektif Teori Tujuan Hukum.” Collegium Studiosum Journal 6, no. 2 (2023): 555–61 DOI: https://doi.org/10.56301/csj.v6i2.1078.

Afriyanto, Renaldy, Ainur Gufron, Ahmad Syauqi Bawashir, and Rahmad Ready Kurniawan. “Eksistensi Asas Kepastian Hukum, Kemanfaatan Hukum Dan Keadilan Hukum Sebagai Tujuan Hukum Di Indonesia Dalam Perspektif Para Filsuf.” Unizar Law Review 7, no. 2 (2024): 203–11 DOI: 10.36679/ulr.v7i2.80.

Al-Fatih, Sholahuddin. Perkembangan Metode Penelitian Hukum Di Indonesia. UMMPress, 2023.

AllahRakha, Naeem. “Cybersecurity Regulations for Protection and Safeguarding Digital Assets (Data) in Today’s World.” Lex Scientia Law Review 8, no. 1 (2024): 405–32 DOI: https://doi.org/10.15294/lslr.v8i1.2081.

Amory, Jeffriansyah Dwi Sahputra, Muhtar Mudo, and J Rhena. “Transformasi Ekonomi Digital Dan Evolusi Pola Konsumsi: Tinjauan Literatur Tentang Perubahan Perilaku Belanja Di Era Internet.” Jurnal Minfo Polgan 14, no. 1 (2025): 28–37 DOI: 10.33395/jmp.v14i1.14608.

Arbani, Muhammad. “Aspek Hukum Perlindungan Umkm Dalam Penjualan Di E-Commerce: Tantangan Dan Solusi Di Era Digital.” Jurnal Syntax Admiration 6, no. 2 (2025): 1166–75 DOI: 10.46799/jsa.v6i2.2115.

Astuti, Endah Fuji, Achmad Nizar Hidayanto, Sabila Nurwardani, and Ailsa Zayyan Salsabila. “Assessing Indonesian MSMEs’ Awareness of Personal Data Protection by PDP Law and ISO/IEC 27001: 2013.” International Journal of Safety & Security Engineering 14, no. 5 (2024) DOI: 10.18280/ijsse.140523.

Ayiliani, Fanisa Mayda, and Elfia Farida. “Urgensi Pembentukan Lembaga Pengawas Data Pribadi Sebagai Upaya Pelindungan Hukum Terhadap Transfer Data Pribadi Lintas Negara.” Jurnal Pembangunan Hukum Indonesia 6, no. 3 (2024): 431–55 DOI: https://doi.org/10.14710/jphi.v6i3.%p.

Balafif, Sabri. “Penyesuaian Model Ketahanan Siber Umkm Di Indonesia Dengan Nist Cybersecurity Framework.” Jurnal Informatika: Jurnal Pengembangan IT (JPIT) 8, no. 291 (2023) DOI: https://doi.org/10.30591/jpit.v8i3.5662.

Benuf, Kornelius, and Muhamad Azhar. “Metodologi Penelitian Hukum Sebagai Instrumen Mengurai Permasalahan Hukum Kontemporer.” Gema Keadilan 7, no. 1 (2020): 20–33 DOI: https://doi.org/10.14710/gk.2020.7504.

Bouraffa, Tayssir, and Kai-Lung Hui. “Regulating Information and Network Security: Review and Challenges.” ACM Computing Surveys 57, no. 5 (2025): 1–38 DOI: 10.1145/3711124.

Calzada, Igor. “Citizens’ Data Privacy in China: The State of the Art of the Personal Information Protection Law (PIPL).” Smart Cities 5, no. 3 (2022): 1129–50 DOI: 10.3390/smartcities5030057.

Chen, Pinghua, Minye Rao, Syed Ali Raza, Xiaohui Zhan, and Xin Zhao. “The Impact of Sudden Public Events and Fiscal Policy Relief on the Financing Constraints of Small and Medium Enterprises: A Quasi-Natural Experiment during COVID-19.” Venture Capital 26, no. 1 (2024): 31–46 DOI: 10.1080/13691066.2023.2178348.

Creemers, Rogier. “China’s Emerging Data Protection Framework.” Journal of Cybersecurity 8, no. 1 (2022): tyac011 DOI: 10.1093/cybsec/tyac011.

Cui, Juan, Jing Du, Ning Zhang, and Zhanming Liang. “National Patient Satisfaction Survey as a Predictor for Quality of Care and Quality Improvement–Experience and Practice.” Patient Preference and Adherence, 2025, 193–206 DOI: 10.2147/PPA.S496684.

Das, Badhan Chandra, M Hadi Amini, and Yanzhao Wu. “Security and Privacy Challenges of Large Language Models: A Survey.” ACM Computing Surveys 57, no. 6 (2025): 1–39 DOI: 10.1145/3712001.

Determann, Lothar, Zhenyu Jay Ruan, Tingting Gao, and Jonathan Tam. “China’s Draft Personal Information Protection Law.” Journal of Data Protection & Privacy 4, no. 3 (2021): 235–59.

Disemadi, Hari Sutra, Lu Sudirman, Junimart Girsang, and Arwa Meida Aninda. “Perlindungan Data Pribadi Di Era Digital: Mengapa Kita Perlu Peduli?” Sang Sewagati Journal 1, no. 2 (2023): 66–90 DOI: https://doi.org/10.37253/sasenal.v1i2.8579.

Harahap, Nita Maharani. “Resiko Kejahatan Teknologi Informasi Dan Komunikasi Cyber Crime Dan Analisi Inovasi Pencegahan Resiko Cyber Crime Di Indonesia.” Jurnal Teknologi Dan Manajemen Sistem Industri 3, no. 1 (2024): 52–59 DOI: 10.56071/jtmsi.v3i1.483.

Harinath, Depavath, Madhu Bandi, Archana Patil, M R Murthy, and A V S Raju. “Enhanced Data Security and Privacy in IoT Devices Using Blockchain Technology and Quantum Cryptography.” Journal of Systems Engineering and Electronics (ISSN NO: 1671-1793) 34, no. 6 (2024) DOI: 20.14118.jsee.2024.V34I6.1706.

Huang, Daoli. Research on the Rule of Law of China’s Cybersecurity. Springer, 2022.

Jasmine, Alifia, Benny Djaja, and Maman Sudirman. “Tanggung Jawab Notaris Dalam Perlindungan Data Pribadi Klien Berdasarkan UU No. 27 Tahun 2022 Tentang Perlindungan Data Pribadi.” Jurnal Ilmu Hukum, Humaniora Dan Politik (JIHHP) 5, no. 1 (2024) DOI: 10.38035/jihhp.v5i1.3204.

Javaid, Mohd, Abid Haleem, Ravi Pratap Singh, and Anil Kumar Sinha. “Digital Economy to Improve the Culture of Industry 4.0: A Study on Features, Implementation and Challenges.” Green Technologies and Sustainability, 2024, 100083 DOI: https://doi.org/10.1016/j.grets.2024.100083.

Jin, Yulu, and Yu Wang. “Balancing Smart City Development and Personal Data Protection: A Regulatory Framework.” International Review of Economics & Finance, 2025, 104022 DOI: https://doi.org/10.1016/j.iref.2025.104022.

Junaidi, Junaidi, Pujiono Pujiono, and Rozlinda Mohamed Fadzil. “Legal Reform of Artificial Intelligence’s Liability to Personal Data Perspectives of Progressive Legal Theory.” Journal of Law and Legal Reform 5, no. 2 (2024) DOI: https://doi.org/10.15294/jllr.vol5i2.3437.

Katiandagho, Vicky, Diana Darmayanti Putong, and Isye Junita Melo. “Undang–Undang Perlindungan Data Pribadi Memperkuat Undang–Undang Perbankan Dalam Menjaga Rahasia Data Nasabah Dan Untuk Melindungi Data Pribadi Masyarakat Indonesia.” Jurnal Hukum To-Ra: Hukum Untuk Mengatur Dan Melindungi Masyarakat 9, no. 1 (2023): 106–14 DOI: 10.55809/tora.v9i1.212.

Kessler, Florian, Jost Blöchl, and Yahui Mao. “Data Collection, Use, and Security: Developments in China.” In Standardization Strategies in China and India: Industrial Policy and Geopolitics and Implications for Europe, 231–62. Springer, 2025.

Khan, Sameer Ullah, Inam Ullah Shah, Khansa Shah, and Muhammad Jawed Iqbal. “The Role of China-Pakistan Relations in the Global Tech Competition, Especially in Areas like 5G, AI, and Cybersecurity.” Review of Education, Administration & Law 8, no. 1 (2025): 73–85 DOI: 10.47067/real.v8i1.404.

King, Thomas C, Nikita Aggarwal, Mariarosaria Taddeo, and Luciano Floridi. “Artificial Intelligence Crime: An Interdisciplinary Analysis of Foreseeable Threats and Solutions.” Science and Engineering Ethics 26 (2020): 89–120 DOI: 10.1007/s11948-018-00081-0.

Liang, Lin, and Yan Li. “How Does Government Support Promote Digital Economy Development in China? The Mediating Role of Regional Innovation Ecosystem Resilience.” Technological Forecasting and Social Change 188 (2023): 122328 DOI: 10.1016/j.techfore.2023.122328.

Lin, Xi. “A Model of Big Data-Based Governance: China’s National Government Big Data Platform and an Analysis of Its Governance Competence.” Chinese Political Science Review, 2025, 1–40 DOI: 10.1007/s41111-025-00279-1.

Luntungan, Benjamin Lemta, and Andhika Arthawijaya. “Legal Analysis of Law No. 27 of 2022 Concerning Personal Data Protection (Decision No. 597/Pid. Sus/2021/Pn. Jkt. Pst).” Formosa Journal of Sustainable Research 4, no. 3 (2025): 553–60 DOI: https://doi.org/10.55927/fjsr.v4i3.136.

Mardiana Parihin, Nela. “Urgensi Perlindungan Data Pribadi Dalam Perpektif Hak Asasi Manusia.” Jurnal Rechten: Riset Hukum Dan Hak Asasi Manusia 5, no. 1 (2023): 16–23 DOI: https://doi.org/10.52005/rechten.v5i1.108.

Meng, Zhen, and Lu Wang. “Personal Data Trusts in China: A Balance between Data Sharing and Privacy Protection.” Trusts & Trustees 31, no. 1 (2025): 15–23 DOI: 10.1093/tandt/ttae089.

Napitupulu, Christian, Itsqon Wafi Fauzan Nasution, William Girsang, and Lokot Muda Harahap. “Peranan Ekonomi Digital Dalam Pertumbuhan Ekonomi Di Indonesia.” Jurnal Penelitian Ilmiah Multidisipliner 1, no. 03 (2025): 138–45.

Nento, Henro Prayitno, Melki T Tunggati, Irwan Polidu, Octaviani Suryaningsih Masaguni, Karlin Z Mamu, Sri Olawati Suaib, and Sri Wahyuni S Moha. “Peningkatan Literasi Hukum Dalam Pengelolaan Keuangan: Strategi Edukasi Bagi UMKM Modern Di Kecamatan Dungingi.” Abdimas Awang Long 8, no. 1 (2025): 137–50 DOI: https://doi.org/10.56301/awal.v8i1.

Novelli, Claudio, Federico Casolari, Philipp Hacker, Giorgio Spedicato, and Luciano Floridi. “Generative AI in EU Law: Liability, Privacy, Intellectual Property, and Cybersecurity.” Computer Law & Security Review 55 (2024): 106066 DOI: https://doi.org/10.1016/j.clsr.2024.106066.

Pardosi, ROAG, and Yuliana Primawardani. “Perlindungan Hak Pengguna Layanan Pinjaman Online Dalam Perspektif Hak Asasi Manusia (Protection of the Rights of Online Loan Customers from a Human Rights Perspective).” Jurnal Ham 11, no. 3 (2020): 353–67 DOI: 10.30641/ham.2020.11.353-368.

Pernot-Leplay, Emmanuel. “China’s Approach to Data Privacy Law: A Third Way between the US and the EU?” Penn St. JL & Int’l Aff. 8 (2020): 49.

Pramita, Cindy, Sudarmiatin Sudarmiatin, and Ludi Wishnu Wardhana. “Consumer Satisfaction with Non-Halal Culinary MSMEs at PIK through a Chinese-Themed Atmosphere and Stakeholder Involvement.” Journal of Management and Social Sciences 3, no. 1 (2025): 1–8 DOI: https://doi.org/10.59031/jmsc.v3i1.516.

Prayuti, Yuyut. “Dinamika Perlindungan Hukum Konsumen Di Era Digital: Analisis Hukum Terhadap Praktik e-Commerce Dan Perlindungan Data Konsumen Di Indonesia.” Jurnal Interpretasi Hukum 5, no. 1 (2024): 903–13 DOI: https://doi.org/10.22225/juinhum.5.1.8482.903-913.

Putra, Purwanto. “Menyelamatkan Dan Potensi Penyelamatan Ekonomi Pasca Covid-19:: Adopsi Kebijakan Literasi Digital Untuk Sektor UMKM.” IKOMIK: Jurnal Ilmu Komunikasi Dan Informasi 2, no. 1 (2022): 21–28 DOI: 10.33830/ikomik.v2i1.2430.

Rahman, Faiz. “Kerangka Hukum Perlindungan Data Pribadi Dalam Penerapan Sistem Pemerintahan Berbasis Elektronik Di Indonesia.” Jurnal Legislasi Indonesia 18, no. 1 (2021): 81–102 DOI: 10.54629/jli.v18i1.736.

Sahril, Iran, and Dhody A R Widjaja Atmadja. “Perlindungan Data Pribadi Konsumen, Dokumen Dan Tanda Tangan Elektronik Yang Dipergunakan Oleh Pihak Ketiga Dalam Transaksi E-Commerce.” CENDEKIA: Jurnal Penelitian Dan Pengkajian Ilmiah 2, no. 2 (2025): 173–89 DOI: https://doi.org/10.62335/cendekia.v2i2.897.

Sarare, Oktarina, Rahmat Amin, Akhmad Saripudin, and Artha Dana Pangesti. “National Arrangements Regarding Free Trade Between Indonesia And China.” Progressive Law Review 6, no. 01 (2024): 86–96 DOI: https://doi.org/10.36448/plr.v6i01.155.

Setiawati, Diana, Hary Abdul Hakim, and Fahmi Adam Hasby Yoga. “Optimizing Personal Data Protection in Indonesia: Lessons Learned from China, South Korea, and Singapore.” Indonesian Comparative Law Review 2, no. 2 (2020): 95–109 DOI: 10.18196/iclr.2219.

Silviani, Ninne Zahara, Rina Shahriyani Shahrullah, Vanessa Riarta Atmaja, and Park Ji Hyun. “Personal Data Protection in Private Sector Electronic Systems for Businesses: Indonesia vs. South Korea.” Jurnal Hukum Dan Peradilan 12, no. 3 (2023): 517–46 DOI: https://doi.org/10.25216/jhp.12.3.2023.517-546.

Sinaga, Blassyus Bevry, and Raia Putri Noer Azzura. “Peran Teknologi Blockchain Sebagai Instrumen Pembangunan Penegakan Hukum Berbasis Digital & Mewujudkan Masyarakat Berkeadilan Di Era Society 5.0.” Padjadjaran Law Review 12, no. 1 (2024): 71–82 DOI: 10.56895/plr.v12i1.1651.

Sudarwanto, Al Sentot, and Dona Budi Budi Kharisma. “Comparative Study of Personal Data Protection Regulations in Indonesia, Hong Kong and Malaysia.” Journal of Financial Crime 29, no. 4 (2022): 1443–57 DOI: 10.1108/JFC-09-2021-0193.

Suparto, Susilowati, Deviana Yuanitasari, Sonny Dewi Judiasih, and Yamudin Salaeh. “Consumer Protection of Girls from Cybercrime in a Gender Perspective.” Journal of Law and Legal Reform 5, no. 4 (2024): 2045–70 DOI: https://doi.org/10.15294/jllr.v5i4.11899.

Suryanto, Dasep, and Slamet Riyanto. “Implementasi Undang-Undang Nomor 27 Tahun 2022 Tentang Perlindungan Data Pribadi Dalam Industri Ritel Tinjauan Terhadap Kepatuhan Dan Dampaknya Pada Konsumen.” VERITAS 10, no. 1 (2024): 121–35 DOI: https://doi.org/10.34005/veritas.v10i1.3711.

Syailendra, Moody Rizqy, and Inayah Fasawwa Putri. “Tinjauan Hukum Mengenai Perlindungan UMKM Serta Efektivitas Permendag No. 31 Tahun 2023 Terhadap Social Commerce Tiktok Shop.” INNOVATIVE: Journal of Social Science Research 3, no. 6 (2023): 5087–5100.

Tampi, Jelvica Meiceline. “Tinjauan Yuridis Terhadap Pelanggaran Privasi Berdasarkan UU No 27 Tahun 2022 Tentang Perlindungan Data Pribadi (Studi Kasus Tokopedia).” LEX ADMINISTRATUM 13, no. 1 (2025).

Tan, David. “Metode Penelitian Hukum: Mengupas Dan Mengulas Metodologi Dalam Menyelenggarakan Penelitian Hukum.” Nusantara: Jurnal Ilmu Pengetahuan Sosial 8, no. 8 (2021): 2463–78 DOI : 10.31604/jips.v8i8.2021.2463-2478.

Utomo, Setiyo, and Deny Slamet Pribadi. “Kebijakan Hukum Persaingan Usaha Terhadap Usaha Mikro, Kecil Dan Menengah Di Era Digital.” Zaaken: Journal of Civil and Business Law 5, no. 2 (2024): 307–17 DOI: https://doi.org/10.22437/zaaken.v5i2.33133.

Yanamala, Anil Kumar Yadav, Srikanth Suryadevara, and Venkata Dinesh Reddy Kalli. “Balancing Innovation and Privacy: The Intersection of Data Protection and Artificial Intelligence.” International Journal of Machine Learning Research in Cybersecurity and Artificial Intelligence 15, no. 1 (2024): 1–43.

Zainuddin, Muhammad, and Aisyah Dinda Karina. “Penggunaan Metode Yuridis Normatif Dalam Membuktikan Kebenaran Pada Penelitian Hukum.” Smart Law Journal 2, no. 2 (2023): 114–23 https://journal.unkaha.com/index.php/slj/article/view/26/12.