Joint Data Controller Responsibility in OSS RBA System Interoperability after the Personal Data Protection Law Enactment
DOI:
https://doi.org/10.24843/KP.2026.v48.i01.p01Keywords:
Personal Data Protection, Joint Controllership, OSS RBAAbstract
The business licensing reform enacted through Law Number 11 of 2020 concerning Job Creation has given rise to the Risk-Based Online Single Submission (OSS RBA) system, which relies on real-time data interoperability from various government agencies. The ratification of Law Number 27 of 2022 concerning Personal Data Protection (PDP Law) introduces a new legal regime that creates ambiguity regarding the legal status of the parties within the OSS RBA ecosystem. This research aims to analyze the legal qualification of the parties involved in personal data processing within the ecosystem, evaluate the application of the Joint Controllership concept in OSS RBA interoperability, and formulate a mechanism for allocating legal responsibility in the event of personal data protection failures. The research employs a normative juridical method with statutory and conceptual approaches. The result indicate that the relationship between the Ministry of Investment/BKPM and the data source agencies is more appropriately qualified as Joint Controllers, as they collectively determine the purposes and means of personal data processing. A legal void exists in the regulation of joint controllership within the OSS RBA. The absence of agreements or derivative technical regulations governing the allocation of responsibility creates ambiguity that can be detrimental to data subjects. Therefore, derivative regulations are necessary to stipulate in detail the joint controllership mechanism and to mandate the preparation of Data Sharing Agreements (DSAs) between agencies, which would define the responsibilities of each party in accordance with the provisions of the PDP Law.
Downloads
References
Agung, Hasbi Pratama Arya. "Perlindungan Data Pribadi Dalam Proses Pengurusan Perizinan Perusahaan Berbasis Elektronik Online Single Submission (OSS)." Jurnal Ilmiah Galuh Justisi 9, no. 1 (2021)
Anton Rosari dkk, “Penyederhanaan Izin Usaha Pasca Undang-Undang Cipta Kerja, Berdasarkan Prinsip Perizinan Berbasis Besarnya Resiko Berusaha,” Jurnal Ilmu Hukum, Humaniora, dan Politik (JIHPP). Rev. 4 (2024)
Ardita Esti Rahmadani, “Analisis Penerapan Perizinan Berusaha Melalui Sistem Online Single Submission () Berbasis Risiko,” Jurnal Media Hukum Indonesia. Rev. 2 (2024)
Ardita Esti Rahmadani, “Analisis Penerapan Perizinan Berusaha Melalui Sistem Online Single Submission (OSS) Berbasis Risiko,” Jurnal Media Hukum Indonesia. Rev. 2 (2024).
Bahir Mukhammad, “Pelaksanaan Perizinan Berbasis Risiko Pasca Undang-Undang Cipta Kerja,” Jurnal Nalar Keadilan. Rev. 1 (2021)
Dharmawan, Ni Ketut Supasti. “Protecting Traditional Balinese Weaving Trough Copyright Law: Is It Appropriate?” Diponegoro Law Review 2, no. 1 (2017): 57–84. https://doi.org/10.14710/dilrev.2.1.2017.57-84.
Diantha, I Made Pasek, and MS Sh. Metodologi Penelitian Hukum Normatif Dalam Justifikasi Teori Hukum. Prenada Media, 2016.
Fashion ID GmbH & Co. KG v Verbraucherzentrale NRW eV, C-40/17, Judgment of the Court (Second Chamber), 29 July 2019, ECLI:EU:C:2019:629, https://curia.europa.eu/juris/liste.jsf?num=C-40/17.
Hadiyantina, Shinta, Zainal Amin Ayub, Dewi Cahyandari, Amelia Ayu Paramitha, Sinta Devi Ambarwati, Yusuf Mustofa, Xaviera Qatrunnada Djana Sudjati, and Nur Auliya Rahmatika. Perlindungan Data Pribadi Dalam Bidang Rekam Medis. Universitas Brawijaya Press, 2023.
Haris Satiadi, “Perbedaan Pengendali dan Prosesor Data Pribadi Menurut UU PDP,” Hukum Online. (2022): https://www.hukumonline.com/klinik/a/perbedaan-pengendali-dan-prosesor-data-pribadi-menurut-uu-pdp-lt636d1861766bc
Lestariningtyas, Twotik, and Muhammad Roqib. "Perlindungan data pribadi pengguna sistem layanan perizinan berusaha terintegrasi secara elektronik OSS 1.1 dan OSS RBA (Risk Basic Approach)." Jurnal Jendela Hukum 8, no. 2 (2021): 25-34.
Marzuki, Mahmud. Penelitian hukum: Edisi revisi. Prenada Media, 2017.
Muhammad Firdaus Al Faaiz, “Pelatihan Pembuatan Legalitas Usaha NIB Secara Mandiri dan Sertifikasi Halal Sebagai Sarana Meningkatkan Kredibilitas Usaha Mahasiswa di Surabaya,” IMPACT: Jurnal Pengabdian Kepada Masyarakat. Rev. 1 (2025)
Pinky Eskah Prayoga dan R.A. Antari Inaka Turingsih, “Pelindungan Data Pribadi dalam Open Application Programming Interface (Open API) Payment: Studi Komparatif Inggris dan Indonesia,” Viva Justicia: Journal of Private Law 1, no. 2 (2025)
Prayoga, Pinky Eskah, and RA Antari Inaka Turingsih. "Pelindungan Data Pribadi Dalam Open Application Programming Interface (OPEN API) Payment: Studi Komparatif Inggris dan Indonesia." Viva Justicia: Journal of Private Law 1, no. 2 (2025): 22-45.
Riyan Latifahul Hasanah dan Prisilia Semestanti, “Pengaruh Kualitas Terhadap Kepuasan Pengguna Website OSS Kementerian Investasi Menggunakan Metode Webqual 4.0,” Jusifor: Jurnal Sistem Informasi dan Informatika. Rev. 3 (2024)
Ropiko Duri dkkd, “Efektivitas Online Single Submission Risk Based Approach ( RBA): Inovasi Perizinan Usaha Mikro Kecil di Perkotaan,” Jurnal Matra Pembaruan. Rev. 8 (2024): 104-105.
Salain, Made Suksma Prijandhini Devi, and I Palguna. “The Regulation of the Ownership of Flats by Foreigners after the Enactment of the Job Creation Law.” Indon. L. Rev. 12 (2022): 1.
Twotik Lestariningtyas, “Perlindungan Data Pribadi Pengguna Sistem Layanan Perizinan Berusaha Terintegrasi Secara Elektronik OSS 1.1 dan OSS RBA (Risk Basic Approach),” Jurnal Jendela Hukum, hlm. 30–32.
Unabhängiges Landeszentrum für Datenschutz Schleswig-Holstein v Wirtschaftsakademie Schleswig-Holstein GmbH, C-210/16, Judgment of the Court (Grand Chamber), 5 June 2018, ECLI:EU:C:2018:388, https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=celex:62016CJ0210.
Laws and Regulations
Peraturan Menteri Investasi dan Hilirisasi/Kepala Badan Koordinasi Penanaman Modal Nomor 7 Tahun 2025 tentang Tata Kelola Data Kementerian Investasi dan Hilirisasi/BKPM
Peraturan Pemerintah Nomor 28 Tahun 2025 tentang Penyelenggaraan Perizinan Berusaha Berbasis Risiko, Lembaran Negara Tahun 2025 Nomor 98, Tambahan Lembaran Negara Nomor 7115
Undang-undang (UU) Nomor 1 Tahun 2024 tentang Perubahan Kedua atas Undang-Undang Nomor 11 Tahun 2008 tentang Informasi dan Transaksi Elektronik, Lembaran Negara Tahun 2024 Nomor 1, Tambahan Lembaran Negara Nomor 6905
Undang-undang Nomor 27 Tahun 2022 tentang Pelindungan Data Pribadi, Lembaran Negara Tahun 2022 Nomor 196, Tambahan Lembaran Negara Nomor 6820
Undang-undang Nomor 11 Tahun 2020 tentang Cipta Kerja, Lembaran Negara Tahun 2020 Nomor 245, Tambahan Lembaran Negara Nomor 6573
Peraturan Pemerintah Nomor 71 Tahun 2019 tentang Penyelenggaraan Sistem dan Transaksi Elektronik, Lembaran Negara 2019 Nomor 185, Tambahan Lembaran Negara Nomor 6400
Peraturan Pemerintah Nomor 80 Tahun 2019 tentang Perdagangan Melalui Sistem Elektronik, Lembaran Negara Tahun 2019 Nomor 222, Tambahan Lembaran Negara Nomor 6420
Dewan Uni Eropa dan Parlemen Eropa, "Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation)" (OJ L 119, Brussel, Belgia, 4 Mei 2016), 13, eur-lex.europa.eu.
Peraturan Menteri Komunikasi dan Informatika Nomor 20 Tahun 2016 tentang Perlindungan Data Pribadi Dalam Sistem Elektronik
Undang-Undang Nomor 24 Tahun 2013 tentang Administrasi Kependudukan, Lembaran Negara Tahun 2013 Nomor 232, Tambahan Lembaran Negara Nomor 5475
Undang-Undang Nomor 40 Tahun 2007 tentang Perseroan Terbatas, Lembaran Negara Tahun 2007 Nomor 106, Tambahan Lembaran Negara Nomor 4756
Peraturan Presiden Nomor 95 Tahun 2018 tentang Sistem Pemerintahan Berbasis Elektronik, Lembaran Negara Tahun 2018 Nomor 182
Downloads
Published
Issue
Section
License
Copyright (c) 2026 Kertha Patrika

This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License.










