LEGAL ASPECTS OF OPEN BANKING AND CUSTOMER DATA PROTECTION IN THE DIGITAL ERA
DOI:
10.54443/sibatik.v5i1.4161Published:
2025-12-21Downloads
Abstract
Open banking represents a transformative innovation in the financial sector, enabling the secure exchange of customer financial data between banks and third-party service providers through Application Programming Interfaces (APIs). This study examines the legal framework governing open banking and personal data protection in Indonesia, emphasizing its alignment with key legal theories — namely, the Theory of Legal Protection, Theory of Justice, Theory of Legal Certainty, and Theory of Responsive Law. Employing a normative juridical method, this research analyzes statutory instruments, legal doctrines, and comparative regulations, particularly drawing insights from the European Union’s Payment Services Directive 2 (PSD2) and General Data Protection Regulation (GDPR). The findings reveal that Indonesia’s regulatory foundation — primarily based on the Personal Data Protection Law (Law No. 27 of 2022) and financial sector regulations issued by Bank Indonesia and the OJK — provides an essential starting point but remains fragmented and limited in enforcement. Major gaps exist in preventive and repressive protection, liability allocation, and technical standardization for data security. Integrating classical legal theories with core banking principles such as prudence, transparency, accountability, and consumer protection underscores the need for a responsive, principle-based regulatory model. This study concludes that Indonesia must strengthen its regulatory framework through detailed implementing regulations, adaptive governance mechanisms, and cross-institutional coordination to achieve a balance between innovation and data protection in the era of digital finance.
Keywords:
Open Banking Personal Data Protection Legal Protection Legal Certainty Responsive Law Financial Technology Consumer Rights Regulatory Framework Prudential PrincipleReferences
Bank Indonesia. (2021). Peraturan Bank Indonesia Nomor 23/6/PBI/2021 tentang Penyelenggaraan Penyedia Jasa Pembayaran. Jakarta: Bank Indonesia.
European Union. (2015). Directive (EU) 2015/2366 on Payment Services in the Internal Market (PSD2). Official Journal of the European Union.
European Union. (2016). Regulation (EU) 2016/679 on the Protection of Natural Persons with Regard to the Processing of Personal Data and on the Free Movement of Such Data (General Data Protection Regulation – GDPR). Official Journal of the European Union.
Hadjon, P. M. (1987). Perlindungan Hukum Bagi Rakyat di Indonesia. Surabaya: Bina Ilmu.
Hofmann, H., & Soriano, J. (2021). The legal foundations of open banking: Between innovation and regulation. Computer Law & Security Review, 41(1), 105524. https://doi.org/10.1016/j.clsr.2021.105524
Indonesia. (1998). Law No. 10 of 1998 concerning Amendment to Law No. 7 of 1992 on Banking. State Gazette of the Republic of Indonesia No. 182 of 1998.
Indonesia. (2011). Law No. 21 of 2011 concerning the Financial Services Authority. State Gazette of the Republic of Indonesia No. 111 of 2011.
Indonesia. (2022). Law No. 27 of 2022 concerning Personal Data Protection. State Gazette of the Republic of Indonesia No. 195 of 2022.
Indri, I. S. (2024). Regulatory sandbox and its implementation in financial technology innovation. Journal of Law and Applied Science, 2(1), 16–27. https://doi.org/10.33478/jlas.v2i1.16
Kerr, I., & Earle, J. (2018). Prediction, preemption, presumption: The legal aspects of predictive data analytics. Computer Law & Security Review, 34(3), 540–553. https://doi.org/10.1016/j.clsr.2018.01.007
Kuner, C. (2017). The Internet and the global reach of EU data protection law. International Data Privacy Law, 7(2), 76–89. https://doi.org/10.1093/idpl/ipx002
Mayer-Schönberger, V., & Cukier, K. (2014). Big Data: A Revolution That Will Transform How We Live, Work, and Think. Boston: Houghton Mifflin Harcourt.
Nonet, P., & Selznick, P. (2003). Law and Society in Transition: Toward Responsive Law. New Brunswick, NJ: Transaction Publishers.
OECD. (2022). Open Banking Policies and Data Governance in Asia. Paris: OECD Publishing. https://doi.org/10.1787/9789264754301-en
Otoritas Jasa Keuangan (OJK). (2013). Peraturan OJK Nomor 1/POJK.07/2013 tentang Perlindungan Konsumen Sektor Jasa Keuangan. Jakarta: OJK.
Otoritas Jasa Keuangan (OJK). (2018). Peraturan OJK Nomor 13/POJK.02/2018 tentang Inovasi Keuangan Digital di Sektor Jasa Keuangan. Jakarta: OJK.
Otoritas Jasa Keuangan (OJK). (2023). Peraturan OJK Nomor 3 Tahun 2023 tentang Penyelenggaraan Layanan Pendukung Pembayaran. Jakarta: OJK.
Palit, S. M. L., & Purba, T. L. D. (2025). Legal perspective on data privacy protection as a human right in Indonesia. Easta Journal of Law and Human Rights, 4(1), 24–32. https://doi.org/10.58812/eslhr.v4i01.783
Puschmann, T. (2017). Fintech and financial services: Disruptive innovation or incremental innovation? Electronic Markets, 27(4), 1–11. https://doi.org/10.1007/s12525-017-0266-2
Radbruch, G. (2006). Rechtsphilosophie (S. L. Paulson, Trans.). Oxford: Oxford University Press.
Rawls, J. (1971). A Theory of Justice. Cambridge, MA: Harvard University Press.
Soekanto, S., & Mamudji, S. (2001). Penelitian Hukum Normatif: Suatu Tinjauan Singkat. Jakarta: Raja Grafindo Persada.
Thakor, A. V. (2020). Fintech and banking: What do we know? Journal of Financial Intermediation, 41(1), 100833. https://doi.org/10.1016/j.jfi.2019.100833
World Bank. (2021). Open Banking: A Toolkit for Financial Regulators. Washington, DC: World Bank Group.
Zachariadis, M., & Ozcan, P. (2017). The API economy and digital transformation in financial services: The case of open banking. SWIFT Institute Working Paper No. 2016-001.
Zetzsche, D. A., Buckley, R. P., Arner, D. W., & Barberis, J. N. (2020). Decentralized finance (DeFi). European Banking Institute Working Paper Series, 80(1), 1–45. https://doi.org/10.2139/ssrn.3571335
Zetzsche, D. A., Buckley, R. P., Arner, D. W., & Barberis, J. N. (2021). Regulating fintech: Lessons from Asia. Asian Journal of Law and Economics, 12(2), 305–329. https://doi.org/10.1515/ajle-2021-0013
Zuboff, S. (2019). The Age of Surveillance Capitalism: The Fight for a Human Future at the New Frontier of Power. New York: PublicAffairs.
License
Copyright (c) 2025 William Hendrik Reba, Silvester Magnus Loogman Palit, Tumian Lian Daya Purba, Jeremy Edbert Reba
This work is licensed under a Creative Commons Attribution 4.0 International License.
Downloads
How to Cite
