https://injurity.pusatpublikasi.id/index.php/inj

LEGAL GUARANTEE OF CONFIDENTIALITY OF CUSTOMER

DATA IN ONLINE LOAN BUSINESS SERVICES

Ahmad Sahroni

, Faisal Santiago

, Ahmad Redi

Universitas Borobudur, Indonesia

Email : [email protected]

, f[email protected]

[email protected]

Abstract

Fintech emerged along with changes in people's lifestyles which are currently dominated by users of

information technology and the demands of a fast-paced life. Personal data and consumer behavior are part of

big data whose economic value can be high, and vulnerable to The Ministry of Communication and Information

(Kominfo), OJK, and the police in supervising online loan services. Customer data protection is regulated in

Ministerial Regulation (Permen) Number 20 of 2016 concerning Personal Data Protection.

Keyword

Legal protection, Customer data, Online loans.

INTRODUCTION

Financial technology or known as fintech is a combination of financial services and

technology that changes the business model from conventional to moderate where previously

payment transactions had to be done face-to-face and brought some cash, now payments can

be made anywhere, anytime even at any time. remotely and done in a short time. The

existence of fintech makes buying and selling transactions and payment systems more

efficient and economical but still effective. There are three types of financial technology,

which are as follows :

1. Third-party payment systems. Examples of third-party payment systems are

crossborderEC, online-to-offline (O2O), mobile payment systems, and payment platforms

that provide services such as bank payments and transfers.

2. Peer-to-Peer (P2P) Lending. Peer-to-Peer Lending is a platform that brings lenders and

borrowers together via the internet. Peer-to-Peer Lending provides credit and risk

management mechanisms. This platform helps lenders and borrowers meet their

respective needs and make efficient use of money.

3. Crowdfunding, Crowdfunding is a type of Fintech in which a concept or product such as

design, program, content, and creative work is publicly published, and people who are

interested and want to support the concept or product can provide financial support.

Crowdfunding can be used to reduce entrepreneurial financial needs, and predict market

demand.

The rapid development of fintech is marked by the existence of an online loan program,

with this technological advancement, someone who wants to get capital loan assistance,

simply downloads an application or accesses a loan service provider's website, fills in data,

uploads the required documents and in a matter of fast time, the loan has been received by the

customer (Priliasari, 2019). If the speed of this online loan is compared to conventional

banks, significant differences are found. In conventional banks, it takes 7-14 working days,

while online loans only take 4 hours to 3 days (Hadad, 2017).

The increase in loan distribution indicates that the public has trusted online loan service

providers (Ross & Squires, 2011). Based on the age classification in the OJK report, it is

known that the majority of online loan users are customers aged 19-34 years. The rise of

Injuruty : Interdiciplinary Journal and Humanity

Volume 2, Number 2, February 2023

e-ISSN: 2963-4113 and p-ISSN: 2963-3397

LEGAL GUARANTEE OF CONFIDENTIALITY OF CUSTOMER DATA IN ONLINE LOAN BUSINESS

SERVICES

https://injurity.pusatpublikasi.id/index.php/inj

online loans has given rise to new online loan companies in Indonesia, so to monitor the

growth of this online loan service, the OJK issued OJK Regulation (POJK) No.

77/POJK.01/2016 concerning Information Technology-Based Lending and Borrowing

Services which requires online loan service companies to register their companies with OJK.

In addition, the regulation also requires online loan service companies to prioritize

information disclosure to prospective borrowers so that they can assess the borrower's risk

level and determine the interest rate.

One of the impacts of the presence of this online loan is the misuse of customer data and

information (Karuniahaj, 2019). Customers do not realize that online companies also record

various personal data contained in their smartphones when they are used to registering. In

addition, customers sometimes unknowingly agree to a contract in which can use the contents

of their data, so be aware is needed in signing fintech contracts.

Until now, there is no special protection regarding personal data. This is a crime

loophole, which makes certain individuals dare to misuse public data, which is even more

fatal, these data can be traded (Gurning, 2022). If there is a case of someone who is a victim

of misuse of personal data, it will be very difficult to solve the case because there is no

agency or law enforcement can process it (Arifin et al., 2017). Personal data and consumer

behavior are part of big data whose economic value can be high. So, it is very tempting to

misuse it. For this reason, there is a need for a synergy of cooperation between the Ministry

of Communication and Information (Kominfo), OJK, and the police in supervising online

loan services.

Although the Minister of Communication and Information (Menkominfo) has recently

issued a Ministerial Regulation (Permen) Number 20 of 2016 concerning Personal Data

Protection, the Ministerial Regulation is only an implementing regulation, and has nothing to

do with Government Regulations and Laws..

METHOD RESEARCH

The method used in writing this applied paper is the descriptive analytical method,

namely by using data that clearly describes the problems directly in the field, then analyzing

and concluding to reach a problem solution. The method of collecting data is through

observation and literature study to obtain problem-solving in the preparation of this paper.

A normative juridical approach, which means that in this study the main materials

studied are primary legal materials, secondary legal materials, and tertiary legal materials.[4]

The data that has been obtained, then processed, and then analyzed qualitatively is done by

describing the data generated in the form of a descriptive sentence or explanation. From the

data analysis, it is continued by drawing conclusions inductively, a way of thinking based on

general facts, then proceeding with specific conclusions which are the answers to the

problems based on the results of the research, and then suggestions are given.

RESULT AND DISCUSSION

A. Definition of Financial Technology

Fintech comes from the term financial technology or financial technology. The

National Digital Research Center (NDRC) in Dublin, Ireland, defines fintech as "innovation

financial services" or "innovation in fintech financial services", which is an innovation in the

financial sector that gets a touch of modern technology. Financial transactions through

fintech include payments, investments, lending money, transfers, financial plans, and

comparisons of financial products (Gulamhuseinwala et al., 2015). Currently, there are 142

identified companies engaged in fintech (Ngani, 2012).

LEGAL GUARANTEE OF CONFIDENTIALITY OF CUSTOMER DATA IN ONLINE LOAN BUSINESS

SERVICES

https://injurity.pusatpublikasi.id/index.php/inj

B. Fintech Development

Fintech emerged in line with changes in people's lifestyles which are currently

dominated by users of information technology, the demands of a fast-paced life. With

Fintech, problems in buying and selling transactions and payments such as not having time to

look for goods to shopping places, to banks/ATMs to transfer funds, reluctance to visit a

place because of unpleasant services can be minimized. In other words, Fintech helps buying

and selling transactions and payment systems to be more efficient and economical but still

effective (Santi et al., 2017).

Globally, fintech shows rapidly growing in various sectors, ranging from payment

startups, lending, financial planning (personal finance), retail investment, crowdfunding,

remittances, financial research, and others. Indonesian Fintech players are still dominant in

the payment business (43%), loans (17%), and the rest are in the form of aggregators,

crowdfunding and others (Hadad, 2017).

C. Legal Protection of Customer Personal Data According to the Regulation of the

Financial Services Authority of the Republic of Indonesia Number 13 /Pojk.02/2018

concerning Digital Financial Innovation in the Financial Services Sector

The definition of Personal Data can be found in the Government Regulation of the

Republic of Indonesia Number 82 of 2012 concerning the Implementation of Electronic

Systems and Transactions. Personal data is certain personal data that is stored, maintained,

and kept true and protected by confidentiality (Situmeang, 2021). Article 1 number 22 of the

Law of the Republic of Indonesia Number 23 of 2006 concerning Population Administration,

also defines such personal data.

D. Consumer Data Protection according to Financial Services Authority Regulation

Number 77 /Pojk.01/2016 concerning Information Technology-Based Lending and

Borrowing Services, Following are the articles that regulate the Confidentiality of

Consumer Data:

Article 26

The organizer must:

1. Maintain the confidentiality, integrity, and availability of personal data, transaction

data, and financial data that it manages from the time the data is obtained until the

data is destroyed.

2. Ensure the availability of authentication, verification, and validation processes that

support denial in accessing, processing, and executing personal data, transaction

data, and financial data it manages.

3. Guarantee that the acquisition, use, utilization, and disclosure of personal data,

transaction data, and financial data obtained by the Operator is based on the

approval of the owner of personal data, transaction data, and financial data, unless

otherwise stipulated by the provisions of laws and regulations.

4. Provide other communication media other than the Electronic System of Information

Technology-Based Lending and Borrowing Services to ensure continuity of

customer service which can be in the form of electronic mail, call centers, or other

communication media.

5. Notify in writing the owner of the personal data, transaction data, and financial data

in the event of a failure to protect the confidentiality of personal data, transaction

data, and financial data managed by him.

LEGAL GUARANTEE OF CONFIDENTIALITY OF CUSTOMER DATA IN ONLINE LOAN BUSINESS

SERVICES

https://injurity.pusatpublikasi.id/index.php/inj

Article 26

Regulates the obligations of information technology-based lending and borrowing

service providers, which is one type of Fintech Business that is developing in Indonesia. The

obligations can be seen in letters a, b, c, d, and e above.

Article 29

The Operator is required to apply the basic principles of User protection, namely: a.

transparency; b. fair treatment; c. reliability; d. data confidentiality and security; and e. User

dispute resolution is simple, fast, and affordable.

Article 29

Stipulates that information technology-based savings and loan service providers are

required to apply the basic principles of User protection, namely: transparency, fair treatment,

reliability, confidentiality and data security, and User dispute resolution in a simple, fast, and

affordable way.

Article 39

1. The Operator is prohibited in any way from providing data and/or information

regarding Users to third parties.

2. The prohibition as referred to in paragraph (1) is exempted in the event that: a. User

gives consent electronically; and/or b. required by the provisions of the legislation.

3. Cancellation or partial amendment of approval for the disclosure of data and/or

information as referred to in paragraph (2) letter a shall be made electronically by the

User in the form of Electronic Document.

Article 39

Stipulates that the Operator is prohibited in any way from providing data and/or

information regarding Users to third parties. except in the case of The user gives consent

electronically; and/or, required by the provisions of laws and regulations. Cancellation or

partial change of consent for the disclosure of data and/or information is done electronically

by the User in the form of an Electronic Document (Azis & Rahmawati, 2021).

Article 47

1. For violations of obligations and prohibitions in this OJK regulation, OJK has the

authority to impose administrative sanctions on the Operator in the form of: a. written

warning; b. fines, namely the obligation to pay a certain amount of money; c.

limitation of business activities; and D. license revocation.

2. The administrative sanctions as referred to in paragraph (1) letters b to d, may be

imposed with or without being preceded by the imposition of administrative sanctions

in the form of a written warning as referred to in paragraph (1) letter a.

3. Administrative sanctions in the form of fines as referred to in paragraph (1) letter b

may be imposed separately or jointly with the imposition of administrative sanctions

as referred to in paragraph (1) letter c and letter.

Article 47

1. For violations of obligations and prohibitions in this OJK regulation, OJK has the

authority to impose administrative sanctions on the Operator in the form of: a. written

warning; b. fines, namely the obligation to pay a certain amount of money; c.

limitation of business activities; and D. license revocation.

2. The administrative sanctions as referred to in paragraph (1) letters b to d, may be

LEGAL GUARANTEE OF CONFIDENTIALITY OF CUSTOMER DATA IN ONLINE LOAN BUSINESS

SERVICES

https://injurity.pusatpublikasi.id/index.php/inj

imposed with or without being preceded by the imposition of administrative sanctions

in the form of a written warning as referred to in paragraph (1) letter a.

3. Administrative sanctions in the form of fines as referred to in paragraph (1) letter b

may be imposed separately or jointly with the imposition of administrative sanctions

as referred to in paragraph (1) letter c and letter.

Article 47 stipulates that in violation of the obligations and prohibitions in this OJK

regulation, OJK has the authority to impose administrative sanctions on the Operator in

the form of written warnings, fines, namely the obligation to pay a certain amount of

money, restrictions on business activities, and revocation of licenses. Administrative

sanctions can be imposed with or without being preceded by the imposition of

administrative sanctions in the form of a written warning. Administrative sanctions in the

form of fines can be imposed separately or together with the imposition of administrative

sanctions.

E. Financial Services Authority Circular Letter Number 14/SEOJK.07/2014 Regarding

Confidentiality And Security Of Consumer Data And/or Personal Information

Provisions regarding the implementation of the principles of Confidentiality and

Security of Consumer Data and/or Personal Information as regulated in Article 2 letter d,

Article 31 and Article 49 in the Circular Letter of the Financial Services Authority as follows:

In this Financial Services Authority Circular Letter, Consumer Personal data and/or

information is data and/or information, which includes the following:

1. Individual: Name, address, date of birth and/or age, telephone number, and/or Name

of the biological mother.

2. Corporation: Name, address, telephone number, the composition of directors and

commissioners including identity documents in the form of Identity

Card/passport/residence permit; and/or composition of shareholders.

Financial Services Business Actors, hereinafter abbreviated as PUJK, are Commercial

Banks, Rural Banks, Securities Companies, Investment Advisors, Custodian Banks, Pension

Funds, Insurance Companies, Reinsurance Companies, Financing Institutions, Pawn

Companies, and Guarantee Companies, both of which carry out activities conventional and

sharia business (Abdurrahman Konoras, 2021).

Consumers are parties who place their funds and/or take advantage of the services

available at PUJK, including customers in banking, investors in the capital market,

policyholders in insurance, and participants in pension funds, based on the laws and

regulations in the financial services sector.

Protection of Consumer Personal Data and/or Information, Financial Service Business

Actors are prohibited in any way from providing personal data and/or information regarding

their Consumers to third parties (Benuf et al., 2019). Except in the event that the Consumer

gives written consent and/or is required by laws and regulations.

If the Consumer gives written approval, the Financial Services Provider may provide

Consumer Personal Data and/or Information with the obligation to ensure that the third party

does not provide and/or use the Consumer's Personal Data and/or Information for purposes

other than those agreed between the PUJK and the third party.

The procedure for written approval from the Consumer can be stated in the form of,

among others, the choice of agreeing or disagreeing or giving a sign of approval. in

documents and/or product and/or service agreements (Satory, 2015).

If a PUJK obtains personal data and/or information of a person and/or group of people

from another party and the PUJK will use such data and/or information to carry out its

activities, the PUJK is required to have a written statement that the other party has obtained

LEGAL GUARANTEE OF CONFIDENTIALITY OF CUSTOMER DATA IN ONLINE LOAN BUSINESS

SERVICES

https://injurity.pusatpublikasi.id/index.php/inj

written approval from a person and/or a group of people to provide the said personal data

and/or information to any party including PUJK.

The FSB is required to establish written policies and procedures regarding the use of

Consumer Personal Data and/or Information which at least contains:

1. Explain in writing and/or verbally to Consumers regarding the purpose and

consequences of granting written consent as well as providing and/or disseminating

Consumer Personal Data and/or Information as referred to in number 2 letter a

(Amalia, n.d.).

2. Request for written approval from Consumers in the event that the FSB will provide

and/or disseminate Consumer Personal Data and/or Information to third parties for

any purpose, unless otherwise stipulated in the applicable laws and regulations.

CONCLUSION

Based on the description in the discussion above, the form of traffic accidents can be

resolved through restorative justice according to Article 236 (2) of Law No. 22 of 2009

which is only minor traffic accidents, according to Article 63 of the National Police Chief

Regulation No. 15 of 2009 2013 is a minor traffic accident, and based on the SE Chief of the

National Police No. 8 of 2018 is a crime that does not result in human casualties. In general,

the considerations of Unitlaka investigators in resolving traffic accidents and road

transportation outside the court carried out by Unitlaka only refer to the habits carried out in

Unitlaka and the basis for settlement outside the court is a letter of peace agreement by both

parties involved in traffic accidents.

REFERENCES

Abdurrahman Konoras, S. H. (2021). Jaminan Produk Halal Di Indonesia Perspektif Hukum

Perlindungan Konsumen-Rajawali Pers. Pt. Rajagrafindo Persada.

Amalia, S. N. (N.D.). Analisis Perlindungan Data Pribadi Nasabah Pada Bank Syariah

Mandiri Terhadap Regulasi. Jakarta: Fakultas Syariah Dan Hukum Uin Syarif

Hidayatullah.

Arifin, Z., Wahyuningsih, S. E., & Kusriyah, S. (2017). Proses Penegakan Hukum Terhadap

Pelaku Tindak Pidana Penipuan Dan Atau Penggelapan Berkedok Biro Jasa Ibadah

Umroh Dengan Biaya Murah (Studi Kasus Pada Penyidik Sat Reskrim Polrestabes

Semarang). Jurnal Hukum Khaira Ummah, 12(4), 777–784.

Azis, M. F., & Rahmawati, N. D. (2021). Tinjauan Hukum Terhadap Perjanjian Pinjaman

Online Dan Penggunaan Data Konsumen Aplikasi “Kredit Pintar.” Fortiori Law

Journal, 1(01), 111–148.

Benuf, K., Mahmudah, S., & Priyono, E. A. (2019). Perlindungan Hukum Terhadap

Keamanan Data Konsumen Financial Technology Di Indonesia. Refleksi Hukum:

Jurnal Ilmu Hukum, 3(2), 145–160.

Gulamhuseinwala, I., Bull, T., & Lewis, S. (2015). Fintech Is Gaining Traction And Young,

High-Income Users Are The Early Adopters. Journal Of Financial Perspectives, 3(3).

Gurning, E. A. (2022). Kebijakan Hukum Pidana Terhadap Penyalahgunaan Data Pribadi

Pada Pinjaman Online. Universitas Medan Area.

Hadad, M. D. (2017). Financial Technology (Fintech) Di Indonesia. Kuliah Umum Tentang

Fintech, Indonesia Banking School, 1–17.

Karuniahaj, S. E. (2019). Asas Privity Of Contract Dalam Layanan Pinjam Meminjam Uang

Berbasis Teknologi Informasi (Studi Kasus Pada Penyelenggara Danarupiah).

Universitas Airlangga.

Ngani, N. (2012). Metodologi Penelitian Dan Penulisan Hukum.

LEGAL GUARANTEE OF CONFIDENTIALITY OF CUSTOMER DATA IN ONLINE LOAN BUSINESS

SERVICES

https://injurity.pusatpublikasi.id/index.php/inj

Priliasari, E. (2019). Pentingnya Perlindungan Data Pribadi Dalam Transaksi Pinjaman

Online. Majalah Hukum Nasional, 49(2), 1–27.

Ross, L. M., & Squires, G. D. (2011). The Personal Costs Of Subprime Lending And The

Foreclosure Crisis: A Matter Of Trust, Insecurity, And Institutional Deception. Social

Science Quarterly, 92(1), 140–163.

Santi, E., Budiharto, B., & Saptono, H. (2017). Pengawasan Otoritas Jasa Keuangan

Terhadap Financial Technology (Peraturan Otoritas Jasa Keuangan Nomor 77/Pojk.

01/2016). Diponegoro Law Journal, 6(3), 1–20.

Satory, A. (2015). Perjanjian Baku Dan Perlindungan Konsumen Dalam Transaksi Bisnis

Sektor Jasa Keuangan: Penerapan Dan Implementasinya Di Indonesia. Padjadjaran

Jurnal Ilmu Hukum (Journal Of Law), 2(2).

Situmeang, S. M. T. (2021). Penyalahgunaan Data Pribadi Sebagai Bentuk Kejahatan

Sempurna Dalam Perspektif Hukum Siber. Sasi, 27(1), 38–52.

Ahmad Sahroni, Faisal Santiago, Ahmad Redi

(2023)

First publication right:

Injurity - Interdiciplinary Journal and Humanity

This article is licensed under a Creative Commons Attribution-ShareAlike 4.0

International