The Legal Protection of Personal Data in Fintech peer-to-peer (P2P) Lending Practices: Orientation and Formulation

In the era of digital transformation, one prominent model of Fintech is Peer-to-Peer (P2P) lending, which offers alternative financing access through digital platforms. The protection of personal data in P2P lending becomes crucial as sensitive information such as financial and credit history is collected and processed by these platforms. Data protection regulations, like GDPR, play a vital role in maintaining the balance between Fintech innovation and individual privacy rights. This research aims to discuss the legal protection of personal data within the context of Peer-to-Peer (P2P) Lending in the realm of Financial Technology (Fintech) in Indonesia. The research methodology employed is normative law, using descriptive legal analysis. Data is gathered from various sources, including legal statutes, court decisions, legal literature, and government guidelines related to Fintech and personal data protection. Qualitative analysis is conducted to identify relevant legal provisions, explain their legal implications


Introduction
In the increasingly developing digital era, technological transformation has changed various aspects of human life, including in the world of finance (Maulidya & Afifah, 2021).One phenomenon that has emerged is the rapid growth of technology-based financial services, or better known as Financial Technology (Fintech).One of the Fintech service models that is receiving increasing attention is peer-to-peer (P2P) lending, which provides access to alternative financing for individuals and small and medium businesses without involving conventional financial institutions.P2P lending has opened new opportunities by facilitating direct meetings between lenders and borrowers through digital platforms.While this model has opened up new access to financial services and provided a more accessible alternative to lending for many individuals and small businesses, it also carries complex legal implications regarding the protection of personal data.The importance of personal data protection in the context of fintech P2P lending has been a major highlight in recent years.Personal data from lenders and borrowers that are collected, processed and used by P2P lending platforms can include highly sensitive information, such as financial information, credit history and other personal data (Tampubolon, 2019).Therefore, it is important to ensure that the use and protection of this personal data comply with applicable regulations.
In the context of fintech P2P lending, it cannot be separated from the statutory framework governing data protection.Regulations regarding data protection and regulations within the scope of fintech P2P lending require an in-depth understanding of the rules governing the financial industry, such as regulations regarding business licenses, financial reporting, and risk management.This needs to be considered so that fintech P2P lending services continue to operate according to regulations and are able to provide adequate protection for all parties involved.(Pakpahan et al., 2020).Within the framework of personal data protection, laws and regulations have a central role in maintaining a balance between fintech innovation and individual privacy rights.In this regard, this research will comprehensively examine aspects of legal protection of personal data in P2P lending fintech practices.This research will examine the orientation and formulation of personal data legal protection in the context of fintech P2P lending, with reference to relevant laws and regulations.Thus, it is hoped that this research can contribute to maintaining a balance between innovation in the fintech industry and protecting privacy rights and personal data security.The formulation of the problem in this research namely: 1) How is the legal protection of personal data in the context of Fintech P2P Lending practices in Indonesia?2) What is the orientation and formulation of personal data legal protection in Fintech P2P Lending practices?

Research Method
This research will use normative legal research methods to answer the questions posed in the title of this research.The normative legal research method is a research approach that focuses on the analysis of laws and regulations, legal doctrine, and legal principles that Erlina: Implementation of Legal Protection of Geographical Indication of …… are relevant in a field.In this study, normative legal methods are used to analyze the legal framework governing the protection of personal data in Fintech P2P Lending practices.This method will assist in identifying relevant legal provisions, explaining their meaning and legal implications, as well as assisting in formulating recommendations or improvements within the existing legal framework.
The research approach used is descriptive legal analysis.In this approach, research will focus on the description and analysis of various laws and regulations related to the protection of personal data in Fintech P2P Lending practices.The descriptive approach allows researchers to provide a clear picture of existing regulations, as well as identify weaknesses or gaps in personal data protection that need improvement.Sources of research material include statutory regulations such as laws, government regulations, and regulations from the Financial Services Authority related to Fintech and personal data protection, relevant court decisions in cases of personal data protection in the Fintech industry, legal literature in the form of books, journals , articles, and scientific publications that discuss personal data protection laws and Fintech P2P Lending, as well as official documents such as reports and guidelines issued by government agencies or related authorities that regulate Fintech regulations and personal data protection.
Data collection techniques will involve literature studies, namely searching, selecting, and analyzing written materials that are relevant to the research topic.This process will involve collecting various documents such as laws, regulations, court decisions, scientific articles, and other legal literature related to personal data protection and Fintech P2P Lending.The collected data will be analyzed qualitatively.The analysis will involve reading and in-depth understanding of the content of relevant legal documents and scientific literature.

Results and Discussion
The Legal Transactions.The Electronic Information and Transaction Law (UU ITE) is a legal regulation that regulates the protection of electronic information and data, including personal data.One of the relevant articles in the ITE Law is Article 26, which focuses on aspects of the implementation of personal data protection.This article requires parties who manage personal data to ensure the confidentiality and protection of said data from unauthorized access.This reflects the importance of maintaining individual privacy and preventing misuse of sensitive data (Djafar & Santoso, 2020).Apart from that, Article 27 of the ITE Law is an important point in recognizing the rights of owners of personal data.This article grants data owners the right to give consent or refuse consent to the collection, processing and utilization of their personal data (Sekretariat Jenderal Komisi Yudisial Republik Indonesia, 2019).
This upholds the principle of individual autonomy in controlling their personal information, while empowering them to determine how their data is used by others.This right is an important mechanism in ensuring that the processing of personal data is carried out transparently and in accordance with the wishes of the data owner.Overall, Articles 26 and 27 of the ITE Law outline the basics of personal data protection and the control that individuals have over their personal information.This encourages the responsibility of those who manage data to maintain data security and confidentiality, while giving data owners control over the permissions to use their data.This effort is in line with important principles in the digital era which increasingly emphasize the importance of privacy and ethical data management (Tsamara, 2021).
Whereas in Law Number 19 of 2016 concerning Amendments to Law Number 11 of 2008 concerning Information and Electronic Transactions has significant relevance in the context of personal data protection.In this law, there are provisions that specifically regulate aspects of personal data protection.This includes various stages, from collection, use, security, to deletion of personal data.As such, these laws provide a strong legal basis to ensure that individual personal information is not misused or accessed without proper permission (Pertiwi et al., 2023).Through the regulations contained therein, Law Number 19 of 2016 aims to create a safer digital environment and maintain public privacy in conducting transactions and activities electronically.By following the provisions contained in this law, parties who collect and process personal data are expected to be properly responsible for the sensitive information they have, thereby maintaining public confidence in the widespread use of information technology and electronic transactions.
In addition to the ITE Law, relevant regulations are Bank Indonesia Regulation (PBI) Number 19/12/PBI/2017 concerning the Implementation of Financial Technology which includes provisions regarding the protection of customers' personal data in the context of fintech, including fintech P2P lending.Bank Indonesia Regulation (PBI) Number 19/12/PBI/2017 concerning Implementation of Financial Technology has an important role in regulating aspects of customer personal data protection within the scope of the fintech industry, including fintech peer-to-peer (P2P) lending.This PBI directs fintech P2P lending providers to comply with a number of requirements specifically designed to ensure the confidentiality and security of customers' personal data.In carrying out this responsibility, PBI instructs fintech P2P lending providers to take effective steps to prevent unauthorized use of personal data.(Manik & Samariadi, 2023).
The first step regulated by PBI is the need to maintain the confidentiality of customer personal data.This means that fintech P2P lending providers are required to take appropriate technical and security measures to protect personal data from unauthorized access.These steps include the use of a strong encryption system, network security, and limited access arrangements for authorized parties.With this provision, it is hoped that customer personal data will remain safe and cannot be misused (Pakpahan et al., 2020).In addition to maintaining data confidentiality, PBI also emphasizes the need to prevent unauthorized use of personal data.P2P lending fintech operators are required to take the necessary actions to prevent misuse of customers' personal data.This includes strict monitoring of data access and use, implementation of strong identity verification procedures, and restrictions on parties who have access to personal data.(Wiratama Buana, 2022).
PBI Number 19/12/PBI/2017, with a focus on implementing financial technology, especially fintech P2P lending, provides a clear and firm legal basis for organizers in protecting customer personal data.By following the provisions stipulated in this PBI, it is expected that the interaction between fintech P2P lending and its customers will take place in a safe, trusted and guaranteed environment of personal data.(Stevani & Sudirman, 2021).Regulation of the Minister of Communication and Informatics Number 20 of 2016 concerning Protection of Personal Data in Electronic Systems has provided a significant step in regulating and supervising the management of personal data in Indonesia.With this regulation, the Ministry of Communication and Informatics shows its commitment to protecting individual privacy in the digital era.This regulation has a main focus on three important aspects, namely the principles of personal data management, individual rights regarding personal data, and the responsibilities that must be carried out by business actors in maintaining the security of personal data.The principles of personal data management regulated in this regulation aim to regulate how personal data must be treated, processed and stored so that it remains in accordance with the required privacy standards (Ayu et al., 2019).
In addition, this regulation also provides clear recognition of individual rights regarding personal data, such as the right to access, correct and delete their data.Equally important, this regulation stipulates the obligations attached to business actors in protecting the personal data they manage, including implementing appropriate security measures to prevent unauthorized access and misuse of data.Thus, Regulation of the Minister of Communication and Informatics Number 20 of 2016 plays an important role in presenting a strong legal basis for the protection of personal data within the electronic system environment in Indonesia, maintaining a balance between technological developments and individual privacy rights.Financial Services Authority Regulation Number 77/POJK.01/2016concerning Information Technology-Based Money Lending Services (POJK 77/2016) has played an important role in regulating the Fintech Peer-to-Peer (P2P) Lending industry in Indonesia.OJK, as the institution responsible for supervision and regulation of the financial sector in this country, with this step has provided a binding legal basis for Fintech P2P Lending companies in carrying out their operations (Aprita, 2021).
One of the aspects regulated in detail in this regulation is the protection of customers' personal data.Fintech P2P Lending companies are required to maintain the confidentiality of customer data in accordance with the provisions contained in the applicable laws and regulations.In this context, aspects of data security and confidentiality are priorities that must be enforced by Fintech P2P Lending companies.
Steps taken in POJK 77/2016 to protect customer personal data include arrangements regarding data collection, use, storage and deletion.By following these provisions, Fintech P2P Lending companies are expected to be able to maintain the integrity and security of their customers' personal information (Aziz et al., 2020).It also reminds companies to implement best practices in data protection and avoid violating customer privacy.Not only that, POJK 77/2016 also creates a more transparent framework in the relationship between Fintech P2P Lending companies and their customers.Information regarding data usage, risks, and terms of service must be explained clearly to customers, so that they have a better understanding before participating in lending and borrowing services.Overall, POJK 77/2016 reflects a progressive step in addressing the issue of personal data protection in the Fintech P2P Lending industry in Indonesia.These regulations help build trust between Fintech companies, customers, and regulations, and provide a solid foundation for the sector's sustainable development in the future.
Apart from that, Indonesia also has Law Number 11 of 2020 concerning Job Creation which in article 153 regulates the protection of personal data in the realm of consumer protection.Law Number 11 of 2020 concerning Job Creation is an important milestone for Indonesia in strengthening personal data protection, especially in relation to consumer protection.One of the aspects covered in this law is the regulation regarding the protection of personal data, which is described in Article 153.This article outlines a stronger legal basis in order to protect consumer personal data, including in the context of Fintech P2P Lending practices.With the existence of article 153, Indonesia has provided a stronger legal platform for monitoring and controlling the use of consumer personal data by various entities, including Fintech P2P Lending companies.This step not only provides legal certainty, but also reflects the government's commitment to presenting a safe and trustworthy environment for consumers in various modern financial transactions (Suryono et al., 2021).Thus, the Job Creation Law has played a vital role in formulating a more inclusive and comprehensive legal framework in protecting consumers' personal data in the digital era, with a significant impact especially on the Fintech P2P Lending sector.
In practice, Fintech P2P Lending in Indonesia must ensure that they comply with all the provisions of the regulation.This includes protection of users' personal data, use of data only for permitted purposes, secure storage of data, and providing clear information to users about how their data will be processed (Agusta, 2021b).All of the above regulations contribute to providing stronger legal protection for personal data in the context of Fintech P2P lending practices in Indonesia.Fintech P2P lending platforms are required to comply with these provisions in order to maintain the confidentiality and security of customer personal data and prevent unauthorized misuse of data.With these regulations, it is hoped that legal protection of personal data in Fintech P2P Lending practices in Indonesia can be properly guaranteed.

Orientation and Formulation of Personal Data Legal Protection in Fintech P2P Lending Practices
In the practice of Fintech P2P lending, the orientation and formulation of personal data legal protection in accordance with relevant laws and regulations must be based on the principles of personal data protection as well as fair and ethical Fintech business principles.In designing the orientation and formulation of personal data legal protection, Fintech P2P Lending should consider the following principles:

.Transparency
Transparency is a crucial principle in the context of using the Fintech Peer-to-Peer (P2P) Lending platform.The importance of this principle lies in providing users with clear and comprehensive information regarding how their personal data will be managed by the platform (Suryono et al., 2021).In this case, the P2P Lending platform must clearly explain to users how their personal data will be used, stored and processed.This information should be presented in language that is easy to understand without ambiguity or double interpretation.Users must be provided with a detailed description of the types of personal data to be collected, such as personal, financial and transactional information.In addition, they must also know the purpose of collecting the data, whether it is for identity verification, credit analysis, or other purposes.The importance of transparency is also related to users' understanding of how their data will be stored and processed.The P2P Lending Platform must clearly explain the data retention policy, including security measures taken to protect users' personal data from unauthorized access or leakage.If any third party is involved in data management, this also needs to be clearly disclosed, along with the steps taken to maintain the confidentiality and security of the data (Napitupulu & Susilowati, 2019).
In addition, users must be provided with clear information regarding how their data will be processed and used by the P2P Lending platform.Whether the data will be used to make appropriate loan offers, for market analysis purposes, or for other purposes, all must be explained in detail.It is important for users to have a clear understanding of how their data will impact their experience using this P2P Lending service.Overall, transparency is an essential foundation in maintaining user trust in the Fintech P2P Lending platform (Fatahuddin et al., 2020).By providing clear and comprehensive information regarding the collection, storage and use of personal data, this platform can ensure that users feel comfortable and confident in interacting with the services they offer.

Consent
Consent is an important principle in the protection of personal data which underscores the importance of clarity and control for individuals regarding the use of their personal information.As an ethical and legal foundation in data processing, explicit consent from users before the collection and use of personal data is a fundamental step to maintain their integrity and privacy.Users have the right to know exactly how their data will be used, including the purpose and type of information to be collected.In addition, they also have the right to have full control over data related to their identity (Muravyeva et al., 2020).The right to access, correct and delete data is a key element in giving users control over their personal information.Users have the right to access data that has been collected by an entity, so they can ensure that the data is accurate and relevant.If there are errors or inaccuracies in the data, the user also has the right to correct the information so that it reflects the actual conditions.Also, in order to maintain flexibility and control, users have the right to delete their data if it is no longer needed or if their original consent is revoked (Djafar et al., 2018).Overall, the principle of consent and control over personal data is the foundation of a mutually beneficial relationship between the entities that collect the data and the individuals who provide the information.Active involvement of users in decision-making processes regarding their personal data enables an environment in which privacy is respected and information is managed responsibly.With explicit consent and control given to individuals, personal data protection can be realized more effectively and in accordance with ethical principles and applicable regulations.

Data Security
Data security is a critical aspect of Fintech Peer-to-Peer (P2P) Lending operations that must be prioritized.To maintain user trust, Fintech P2P Lending platforms need to implement effective technical and organizational measures to prevent potential leakage or misuse of users' personal data.Technical measures can include using strong encryption to protect data in transit and in storage, implementing dual authentication for access to accounts, and active monitoring of suspicious activity (Syafitri & Latifah, 2023).In addition, regular software and system updates are also an important step in maintaining data security.From an organizational perspective, the platform must have a clear and transparent privacy policy, conduct regular training for employees on data security, and have a structured incident response plan to deal with emergency situations.By carrying out a combination of these technical and organizational steps, Fintech P2P Lending can guarantee users that their personal data is safe and protected from risks that may arise.

Data Usage Limitations
The importance of protecting personal data cannot be ignored in this digital era.One of the crucial aspects of managing personal data is understanding and respecting the limitations of data use.The personal data obtained should only be used for purposes that have been clearly explained to the user.This includes all information provided by users on various digital platforms, such as names, addresses, telephone numbers, email addresses, and so on.The use of personal data for other purposes that are not in accordance with what has been described can be considered as a violation of privacy.Furthermore, one of the important principles in managing personal data is to prohibit the use of this data for interests that are harmful or outside ethical boundaries.Personal data may not be misused or sold to other parties without express consent from the data owner.Selling or transferring personal data to third parties without consent is a serious violation of individual privacy (Dewi Rosadi & Gumelar Pratama, 2018).
Efforts to maintain limitations on data usage require the active involvement of digital service providers and companies that collect personal data.They must have a clear and transparent privacy policy, and ensure that users are given full control over their personal data.In addition, education regarding the importance of data privacy for users also needs to be improved, so that they can be more careful in sharing their personal information in the digital world.Overall, the principle of limiting the use of data is an important basis for maintaining the integrity and privacy of personal data.By respecting these limitations, we can build a safer digital environment and respect each other's individual privacy (McGraw & Mandl, 2021).

Fair and Ethical Business
In running a Fintech Peer-to-Peer Lending business, it is important for these platforms to follow fair and ethical business principles.One of the main aspects that need attention is the openness and clarity of information.Borrowers and investors must be provided with accurate, complete and easy-to-understand information about interest rates, fees, loan terms and associated risks.By providing clear information, they can make sound financial decisions based on sound understanding (Safitri & Asnita, 2023).Not only that, transparency must also be applied in the entire loan and payment process.The process of loan applications, credit evaluations, loan offers, and payments must occur without fraud or manipulation of information.Borrowers and investors should have full visibility of the status of the loan, including progress on payments and outstanding balances.By ensuring that all stages run transparently, the P2P Lending platform can build trust from both borrowers and investors (Majid et al., 2021).
Apart from that, the principle of justice also needs to be upheld in the Fintech P2P Lending business.This can be realized by treating all borrowers and investors fairly, without discrimination.All borrowers must go through an objective credit evaluation process, so that the level of loan risk can be assessed accurately.Likewise, investors should be given equal access to borrower information to support their investment decisions (Disemadi, 2021).Overall, fair and ethical business principles are an important foundation in running a Fintech P2P Lending platform.Through the provision of clear information, transparency in the process, and fair treatment of borrowers and investors, these platforms can create a sustainable ecosystem and build strong trust from all parties involved.

Individual Rights
The importance of individual rights in the context of Peer-to-Peer (P2P) Lending platforms cannot be ignored.This right includes access, correction and deletion of personal data that has been stored by the P2P Lending platform.Providing individuals with access to view the personal data collected is an essential transparency measure in maintaining their privacy and control over their information.In addition, providing the ability to correct inaccurate or incomplete information is crucial to maintaining data integrity (Agusta, 2021a).However, even more important is the right to delete personal data.This gives individuals the power to control how their data is used and stored by the P2P Lending platform.With this right, individuals have more trust in the platform, because they know that the privacy and control of their personal data is respected.Therefore, implementing and complying with individual rights is an important step that must be taken by P2P Lending platforms to ensure a balanced relationship between advances in financial technology and individual privacy protection.

Principle of Data Integration
The Principle of Data Integration is an important foundation in information management, especially in an era where has an increasingly crucial role in decision making and analysis.This principle upholds the value of consistency and non-contradiction in all stages of the data cycle, from collection to use.Data integrity does not only refer to technical aspects, such as uniform data formats and structures, but also involves semantic and contextual dimensions.In the context of data collection, this principle requires the use of consistent methods to avoid errors or bias that can arise due to changes in methods.In addition, all the same entities must be identified in a uniform way to avoid duplication or confusion in further processing.Once the data has been collected, the next step is to clean and process the data consistently, including dealing with missing values or outliers that could impact the analysis (Prastyawan & Lestari, 2014).
The importance of data integration is also seen when the data is used for analysis and decision making.If the data is inconsistent or conflicting, the results of the analysis may be unreliable and decisions may be made in the wrong direction.In this context, the principle of data integration encourages the use of clear definitions for all variables and indicators used in the analysis.In addition, if the data comes from different sources, efforts need to be made to ensure that the conversion and integration of data is carried out carefully to avoid inconsistencies or double interpretations.By adhering to the principle of data integrity, organizations and individuals can build a strong foundation for quality decision making.Data integrity does not only cover technical aspects, but also integrity values in information management.By maintaining consistency and avoiding inconsistencies in data, organizations can optimize the value of their data, minimize the risk of errors, and gain more from the analysis they perform.
The orientation and formulation of personal data legal protection in fintech P2P lending practices must integrate relevant laws and regulations with the principles of personal data protection and ethical fintech business values, in order to create a safe, fair and reliable ecosystem for all parties involved.involved.Thus, referring to the principles of personal data protection, Fintech P2P lending must ensure that customer personal data is collected only with valid permission, used only for the purposes described, managed securely, not accessed without permission, and not misused.
In addition, fair and ethical Fintech business principles must also be applied, including providing clear and transparent information to customers regarding the use of data and the lending process.By complying with relevant laws and regulations and applying the principles of fair personal and business data protection, Fintech P2P Lending can build user trust and maintain their operational integrity.It is important for Fintech P2P lending to actively monitor the development of laws and regulations to the protection of personal data and Fintech so that they remain in compliance with applicable regulations and maintain customer trust and the integrity of the Fintech industry as a whole.

Conclusion
Based on the presentation of the research discussion above, the conclusions of this study are as follows: b. b.In the practice of Fintech P2P lending, the orientation and formulation of personal data protection laws must be based on the principles of fair and ethical personal and business data protection, and refer to relevant laws and regulations.Important principles in this regard include transparency in the management of personal data, explicit consent from individuals, strong data security, limitations on the use of data for the intended purpose, fair and ethical business, individual rights to their personal data, and the principle of data integration.By integrating legal, ethical and technical aspects, Fintech P2P lending can build a safe, fair and trusted environment for users and maintain their operational integrity in complying with regulations and ethical business values.It is important for them to stay abreast of regulatory developments and maintain a commitment to personal data protection in order to maintain user trust and the integrity of the Fintech industry as a whole.

Refrences
a. a. Legal protection of personal data in the context of Fintech Peer-to-Peer (P2P) Lending practices in Indonesia is regulated by a number of relevant laws and regulations.Law Number 11 of 2008 concerning Information and Electronic Transactions (UU ITE) and Law Number 19 of 2016 concerning Amendments to the ITE Law are important foundations in securing personal data and giving control rights to individuals regarding the use of their data.In addition, the Financial Services Authority (OJK) Regulation Number 77/2016 and the Minister of Communication and Informatics Regulation Number 20 of 2016 also play a role in regulating the protection of personal data in the Fintech P2P Lending industry.Furthermore, Law Number 11 of 2020 concerning Job Creation, especially article 153, provides a more solid footing in the protection of consumers' personal data, including within the scope of Fintech P2P Lending.All of these regulations encourage transparency, security and better control of personal data, ensuring that legal protection of personal data in Fintech P2P Lending practices in Indonesia is implemented effectively.