Criminal Liability for Perpetrators of Dissemination of Personal Data Through Social Media

Abstract

The proliferation of social media has created new avenues for the unauthorized dissemination of personal data. Such conduct not only infringes on individual privacy but may also produce serious harms ranging from reputational damage to threats against victims' safety. This study examines how Indonesian criminal law particularly Law Number 27 of 2022 on Personal Data Protection (UU PDP) and Law Number 11 of 2008 as amended by Law Number 19 of 2016 on Electronic Information and Transactions (UU ITE) constructs criminal liability for perpetrators who disseminate personal data through social media. A normative juridical method is employed, drawing on statutory and conceptual approaches. The study also analyzes the criminal elements that must be established, the penal sanctions prescribed, and the evidentiary challenges encountered in practice. The findings indicate that the regulatory framework has become more comprehensive following the enactment of UU PDP; however, its implementation remains hampered by significant obstacles particularly in identifying anonymous perpetrators, establishing mens rea, and ensuring inter-agency coordination. The study concludes that the effectiveness of criminal accountability in personal data dissemination cases requires strengthened digital forensics capacity among law enforcement actors and clearer technical guidance on UU PDP implementation.