Analysis Principles of Personal Data Protection on COVID-19 Digital Contact Tracing Application: PeduliLindungi Case Study

Main Article Content

Anugrah Muhtarom Pratama
Umi Khaerah Pati


This article aims to review the application of the principle of personal data protection as part of privacy rights in the PeduliLindungi application considering that on the one hand, the PeduliLindungi application helps the government to reduce the spread of the COVID-19 virus. But on the other hand, there is a threat of misuse of personal data in the future. This background article is based on the use of the PeduliLindungi application, which was initially used to track the spread of the virus during the COVID-19 pandemic. But it seems that the public will increasingly use its use in the future, especially now that it has begun to be planned as an e-wallet and started integrating with several other applications. This article reveals that there has been a dual role by the Ministry of Communication and Informatics as a supervisor and controller of personal data in Indonesia so that it has implications for the PeduliLindungi application that has not fully applied the principles of personal data protection when collecting, processing, and storing personal data. For the future, a comprehensive legal development drive is needed related to the protection of personal data. There is a personal data protection agency and Data Protection Officer (DPO) to more strongly enforce the principles of personal data protection.

Article Details

How to Cite
Pratama, A., & Pati, U. (2021). Analysis Principles of Personal Data Protection on COVID-19 Digital Contact Tracing Application: PeduliLindungi Case Study. Lex Scientia Law Review, 5(2), 65-88.


Age Poom, Olle Jarv, M. Z. and T. T. (2020). COVID-19 is Spatial: Ensuring that Mobile Big Data is Used for Social Good. Big Data & Society, 7(2), 5.

Aihara, N. H. and Y. (2017). Data Privacy Protection of Personal Information Versus Usage of Big Data: Introduction of the Recent Amendment to the Act on the Protection of Personal Information (Japan). Defense Council Journal, 84(1), 1.

Anggraeni, S. F. (2018). Polemik Pengaturan Kepemilikan Data Pribadi: Urgensi Untuk Harmonisasi Dan Reformasi Hukum di Indonesia. Jurnal Hukum Dan Pembangunan, 48(4), 823.

Aulia, M. Z. (2018). Hukum Pembangunan dari Mochtar Kusumaatmadja: Mengarahkan Pembangunan atau Mengabdi Pada Pembangunan? Jurnal Undang, 1(2), 370–371.

B. Sowmiya, V.S. Abhijith, S. Sudersan, R. Sakthi Jaya Sundar, M. T. & P. V. (2021). A Survey on Security and Privacy Issues in Contact Tracing Application of Covid-19. SN Computer Science, 2(136), 4.

Bradford, L., & Liddell, M. A. and K. (2020). COVID-19 Contact Tracing Apps: a Stress Test for Privacy, the GDPR, and Data Protection Regimes. Journal of Law and the Biosciences, 7(1), 3.

Bratajaya, A. K. S. and Y. (2020). Contact Tracing Apps in Asean : A Threat to Privacy and Personal Data. Kathmandu School of Law Review, 8(1), 53.

Budhijanto, D. (2019). Cyber Law dan Revolusi Industri 4.0. Bandung: Logoz Publishing.

Butarbutar, R. (2019). Initiating New Regulations on Personal Data Protection: Challenges for Personal Data Protection in Indonesia. 3rd International Conference on Law and Governance, 160. Atlantis Press.

Chris Jay Hoofnagle, Bart van der Sloot, and F. Z. B. (2019). The European Union General Data Protection Regulation: What it is and What it Means. Information & Communications Technology Law, 28(1), 87.

Denindah Olivia, Sinta Dewi Rosadi, dan R. R. P. (2020). Perlindungan Data Pribadi Dalam Penyelenggaraan Aplikasi Surveilans Kesehatan Pedulilindungi dan Covidsafe di Indonesia dan Australia. Datin Law Journal, 1(2), 14.

Dimitrova, D. (2021). The Rise of the Personal Data Quality Principle. Is it Legal and Does it Have an Impact on the Right to Rectification? SSRN, 3–4. Retrieved from

Eugenia Politou, et. al. (2018). Backups and the Right to be Forgotten in the GDPR: An Uneasy Relationship. Computer Law & Security Review, 34(6), 1247–1248.

European Commision. (2021). What are the responsibilities of a Data Protection Officer (DPO)? September 29, 2021, accessed from

European Data Protection Board. (2021). Opinion 32/2021 regarding the European Commission Draft Implementing Decision according to Regulation (EU) 2016/679 on the Adequate Protection of Personal Data in the Republic of Korea. September 28, 2021, accessed from

Fadhila, A. R. (2021). Sertifikat Vaksin Jokowi Tersebar, Ini 3 Hal yang Diketahui Hingga Kini, accesed on, September 30, 2021, accesed from

Gemma Newlands, Christoph Lutz, Aurelia Tamo`-Larrieux, Eduard Foschi Villaronga, R. H. and G. S. (2020).
Innovation Under Pressure: Implications for Data Privacy During the Covid-19 Pandemic. Big Data & Society, 7(2), 2.

Goddard, M. (2017). The EU General Data Protection Regulation (GDPR): European regulation that has a Global Impact. International Journal of Market Research, 59(6), 703.

Gray, N. R. and D. (2020). Mass Surveillance in the Age of COVID-19. Journal of Law and the Biosciences, 7(1), 17.

Greenleaf, G. (2017). Asian Data Privacy Law: Trade and Human Rights Perspectives. Oxford: Oxford University Press.

Gstrein, O. J. (2021). The EU Digital COVID Certificate: A Preliminary Data Protection Impact Assessment. European Journal of Risk Regulation, 12(2), 8.

Hadjon, P. M. (2011). Pengantar Hukum Administrasi Negara. Yogyakarta: Gajah Mada Univesity Press.

Harsha Perera, et. al. (2019). Towards Integrating Human Values into Software: Mapping Principles and Rights of GDPR to Values. 2019 IEEE 27th International Requirements Engineering Conference, 405.

Hino, R. A. F. dan A. (2020). COVID-19, Digital Privacy, and the Social Limits on Data-focused Public Health Responses. International Journal of Information Management, 55, 1.

Hustinx, P. (2009). The Role of Data Protection Authorities. In Reinventing Data Protection? (p. 131). Switzerland: Springer International Publishing.

Ibrahim, J. (2006). Teori dan Metodologi Penelitian Hukum Normatif. Malang: Bayu Media Publikasi.

Jaccard, J. J. (2014). A Survey of Emerging Threats in Cybersecurity. Journal of Computer and System Sciences, 80(5), 973.

Jasserand, C. (2018). Subsequent Use of GDPR Data for a Law Enforcement Purpose: The Forgotten Principle of Purpose Limitation? European Data Protection Law Review, 4(2), 22.

Jati, A. S. (2021). PeduliLindungi “Setor Data” ke Server Analitik Telkom?, 30 September 2021, accesed on

Kaya, M. B. (2020). The New Paradigm of Data Protection Law: The Principle of Accountability. Istanbul Law Review, 78(4), 1861.

Kletter, J. A. and R. (2018). Artificial Intelligence: Confronting The Revolution. California: Endeavour Media Ltd.

Kusumaatmadja, M. (2012). Konsep-Konsep Hukum dalam Pembangunan. Bandung: PT Alumni.

Kusumadewi, A. V. and R. (2021). Kewajiban Data Controller dan Data Processor Dalam Data Breach Terkait Pelindungan Data Pribadi Berdasarkan Hukum Indonesia dan Hukum Singapura: Studi Kasus Data Breach Tokopedia. Padjadjaran Law Review, 9(1), 14–15.

Lambert, P. (2016). The Data Protection Officer: Profession, Rules, and Role. New York: CRC Press.

Larry Ozeran, Anthony Solomonides, and R. S. (2021). Privacy versus Convenience: A Historical Perspective, Analysis of Risks, and an Informatics Call to Action. Applied Clinic Informatics, 12(2), 274.

Molla Rashied Hussein, Abdullah Bin Shams, Ehsanul Hoque Apu, Khondaker Abdullah Al Mamun, dan M. S. R. (2020). Digital Surveillance Systems for Tracing COVID-19: Privacy and Security Challenges with Recommendations. 2nd International Conference on Advanced Information and Communication Technology, 1–2. IEEE.

Monda, C. F. M. and C. (2019). The EU’s General Data Protection Regulation (GDPR) in a Research Context. In Fundamentals of Clinical Data Science (p. 64). Switzerland: Springer International Publishing.

Norjihan Abdul Ghani, Suraya Hamid, and N. I. U. (2016). Big Data and Data Protection: Issues with Purpose Limitation Principle. International Journal Advance Soft Computer Application, 8(3), 119.

Nurhidayati, Sugiyah, dan K. Y. (2021). Pengaturan Perlindungan Data Pribadi dalam Penggunaan Aplikasi PeduliLindungi. Widya Cipta: Jurnal Sekretari Dan Manajemen, 5(1), 44.

Paariadi, D. (2018). Pengawasan E-Commerce dalam Undang-Undang Perdagangan dan Undang-Undang Perlindungan Konsumen. Jurnal Hukum Dan Pembangunan, 48(3), 653.

Prilliasari, E. (2019). Pentingnya Perlindungan Data Pribadi Dalam Transaksi Pinjaman Online. Majalah Hukum Nasional, 49(2), 25.

Pujiyono, Kukuh Tejomurti, Pranoto, dan U. K. P. (2020). The Principle of Proportionality in Using Smart City Cloud Computing For Patients Privacy Rights Protection in Handling the Covid-19 Pandemic. Solid State Technology, 63(4), 1122.

Putri, C. A. (2021). Unduh 11 Aplikasi Ini, Pekan Depan Nyambung ke PeduliLindungi. CNBC Indonesia, 30 September 2021, accessed on

Quelle, C. (2018). Enhancing Compliance under the General Data Protection Regulation: The Risky Upshot of the Accountability- and Risk-based Approach. European Journal of Risk Regulation, 9(3), 502.

Recio, M. (2017). Data Protection Officer: The Key Figure to Unsure Data Protection And Accountability. European Data Protection Law Review, 3(1), 117.

Riahi, Y. (2015). Big Data and Big Data Analytics: Concept, Types and Technology. International Journal of Research and Engineering, 5(9), 525.

Riyanto, H. R. B. (2020). Pembangunan Hukum Nasional di Era 4.0. Rechtsvinding, 9(2), 179.

Rosadi, S. D. (2012). Balancing Privacy Rights and Legal Enforcement: Indonesian Practices. International Journal of Liability and Scientific Enquiry, 5(4), 233.

Rosadi, S. D. (2016). Implikasi Penerapan Program E-Health Dihubungkan dengan Perlindungan Data Pribadi. Arena Hukum, 9(3), 418.

Rosa, M. C. (2021). Benarkah Aplikasi PeduliLindungi akan Jadi Alat Pembayaran Digital?, September 30, 2021, accesed from

Santoso, W. J. and M. J. (2019). Perlindungan Data Pribadi: Pentingnya Otoritas Pengawasan Independen. Jakarta: ELSAM.

Sirie, M. I. (2018). The Mandatory Designation of a Data Protection Officer in Indonesia’s Upcoming Personal Data Protection Law. Padjadjaran Journal of Law, 5(1), 30.

Szekely, C. R. and I. (2017). Data Protection Authorities and Information Technology. Computer Law & Security Review, 33(4), 421.

Szydło, M. (2013). Principles Underlying Independence of National Data Protection Authorities: Commission v. Austria. Common Market Law Review, 50(6), 1812.

Taddeo, M. (2020). The Ethical Governance of the Digital During and After the COVID‑19 Pandemic. Minds and Machines, 30, 171.

Tiara Almira Raila, Sinta Dewi Rosadi, dan R. R. P. (2020). Perlindungan Data Privasi di Indonesia dan Singapura Terkait Penerapan Digital Contact Tracing Sebagai Upaya Pencegahan COVID-19 dan Tanggungjawabnya. Jurnal Kepastian Hukum Dan Keadilan, 2(1), 14.

Trotogott, R. L. (2020). A Comparative Analysis of Data Privacy Impacted by Covid-19 Contact Tracing in the European Union, the United States, and Israel: Sacrificing Civil Liberties for a Public Health Emergency. ILSA Journal of International & Comparative Law, 27(1), 70.