Formulasi Kebijakan Perlindungan Data Pribadi di Muhammadiyah: Mewujudkan Amanah Digital
Abstract
The ongoing data security crisis, in conjunction with the recent enactment of the Personal Data Protection Law (PDP Law), has presented a substantial challenge to Indonesian civil society organizations as they seek to establish comprehensive and effective data governance frameworks. The objective of this study is to conduct a thorough analysis of the data protection policy formulation process at Muhamamdiyah, employing a qualitative case study methodology to elucidate the underlying dynamics. This study utilizes a multifaceted approach, incorporating document analysis and interviews with a diverse array of key actors, ranging from strategic leaders to operational implementers. This comprehensive methodology enables the study to address the following research question: What is the process by which member data management policies (NBM) are formulated? The results of the study indicate a robust synthesis, wherein Muhammadiyah not only adheres to the regulatory obligations of the PDP Law, but also deliberately incorporates noble Islamic values such as amanah (trust), syura (deliberation), and 'adl (justice) as the ethical foundation of its policies. A rigorous analysis employing Dunn and Anderson's theoretical framework substantiates that this collaborative endeavor is directed towards formulating effective, efficient, and equitable policies. In conclusion, Muhammadiyah offers a data governance model through the concept of "Digital Trust" that uniquely integrates the demands of modernity with its ideological foundations. This model is relevant as a reference for similar organizations.
References
Abu-Salama, Y., Krol, K., & Sadeh, N. (2021). A-PUP: A usable privacy policy for users and developers. IEEE Security & Privacy, 19(5), 23–31. https://doi.org/10.1109/MSEC.2021.3074495
Anderson, J. E. (2011). Public policymaking: An introduction. Cengage Learning.
Anggen Suari, K. R., & Sarjana, I. M. (2023). Menjaga privasi di era digital: Perlindungan data pribadi di Indonesia. Jurnal Analisis Hukum, 6(1), 132–142. https://doi.org/10.38043/jah.v6i1.4484
Bartoletti, A. (2020). Data protection by design in the EU: A legal and ethical analysis. Computer Law & Security Review, 39, Artikel 105479. https://doi.org/10.1016/j.clsr.2020.105479
Bunn, A., & Gudde, P. (2020). Accountability in the digital age: A framework for nonprofit organizations. International Journal of Public Sector Management, 33(2/3), 239–254. https://doi.org/10.1108/IJPSM-05-2019-0144
Cairney, P., & Heikkila, T. (2021). A comparison of theories of the policy process. Dalam Theories of the policy process (Edisi ke-5, hlm. 363–390). Routledge.
Campbell, D. F., & Cnaan, R. A. (2020). The digital transformation of faith-based organizations: A conceptual framework. Journal for the Scientific Study of Religion, 59(3), 450–468. https://doi.org/10.1111/jssr.12665
Campbell, H., & Connelly, L. (2020). Religion and digital media: Studying materiality in digital religion. Dalam The Wiley-Blackwell companion to religion and materiality. Wiley-Blackwell. https://doi.org/10.1002/9781118660072.ch25
Clearinghouse, P. R. (2023). Data breaches.
CNN Indonesia. (2022, 30 Desember). 10 kasus kebocoran data 2022. https://www.cnnindonesia.com/teknologi/20221230125430-192-894094/10-kasus-kebocoran-data-2022
Creswell, J. W. (2014). Research design: Qualitative, quantitative, and mixed methods approaches. Sage Publications.
Creswell, J. W., & Poth, C. N. (2016). Qualitative inquiry and research design: Choosing among five approaches. Sage Publications.
Cybersecurity Ventures. (2020). Cybercrime to cost the world $10.5 trillion annually by 2025. Cybercrime Magazine.
De Hert, P., & Gutwirth, S. (2018). The EU General Data Protection Regulation (GDPR): A legal analysis. Computer Law & Security Review, 34(1), 7–20. https://doi.org/10.1016/j.clsr.2017.10.003
De Hert, P., Papakonstantinou, V., Malgieri, G., Beslay, L., & Sanchez, I. (2018). The right to data portability in the GDPR: Towards user-centric interoperability of digital services. Computer Law & Security Review, 34(2), 193–203. https://doi.org/10.1016/j.clsr.2017.10.003
Dunn, W. N. (2003). Analisis kebijakan publik. Gadjah Mada University Press.
Dunn, W. N. (2017). Public policy analysis: An integrated approach (Edisi ke-6). Routledge. https://doi.org/10.4324/9781315181226
Fatmariyanti, Y., & Fauzi, A. (2023). Kebijakan publik versi William Dunn: Analisis dan implementasi. Journal of Humanities and Social Studies, 1(1), 1–9.
Fauzi, E., & Radika Shandy, N. A. (2022). Hak atas privasi dan politik hukum Undang-Undang Nomor 27 Tahun 2022 tentang Pelindungan Data Pribadi. Jurnal Lex Renaissance, 7(3), 445–461. https://doi.org/10.20885/jlr.vol7.iss3.art1
Fauzi, & Rostyaningsih, D. (2018). Analisis peran aktor dalam formulasi kebijakan Semarang Smart City. Journal of Public Policy and Management Review, 7(4), 1–18.
Floridi, L. (2020). The fight for digital sovereignty: What it is, and why it matters, especially for the EU. Philosophy & Technology, 33, 369–378. https://doi.org/10.1007/s13347-020-00423-6
Franz, V., Hayes, B., & Hannah, L. (2020). Civil society organizations and General Data Protection Regulation compliance: Challenges, opportunities, and best practices. Open Society Foundation.
Gal, U., & Aviv, I. (2020). The changing privacy calculus: The role of social influence in the valuation of personal data. Information & Management, 57(6), Artikel 103294. https://doi.org/10.1016/j.im.2020.103294
Gil-Garcia, J. R., & Pardo, T. A. (2020). Digital transformation in the public sector: A stakeholder-driven perspective. Government Information Quarterly, 37(4), Artikel 101497. https://doi.org/10.1016/j.giq.2020.101497
Grimmelikhuijsen, S. G., Piotrowski, S. J., & Van Ryzin, G. G. (2020). Latent transparency and trust in government: Unexpected findings from two survey experiments. Government Information Quarterly, 37(4), Artikel 101497. https://doi.org/10.1016/j.giq.2020.101497
Hadar, I., Hasson, T., & Seger, O. (2020). The multifaceted nature of privacy: A systematic review of the state of the art. ACM Computing Surveys, 53(4), 1–38. https://doi.org/10.1145/3394421
Hartley, K., & Jarvis, D. S. L. (2020). Policy making in a complex world: The role of values, evidence, and expertise. Policy and Society, 39(1), 1–10. https://doi.org/10.1080/14494035.2020.1721245
Hutchings, T. (2022). The materiality of digital religion. Dalam The Oxford handbook of digital religion. Oxford University Press.
Janssen, M., Brous, P., & van den Hoven, J. (2021). Data governance: A conceptual framework, guiding principles and research directions. Government Information Quarterly, 38(2), Artikel 101592. https://doi.org/10.1016/j.giq.2021.101592
Kennedy-Macfoy, M., & Kanyako, G. (2021). Data governance and the non-profit sector: Managing the tensions. Nonprofit and Voluntary Sector Quarterly, 50(5), 959–981. https://doi.org/10.1177/0899764021991823
Klijn, E. H., & Koppenjan, J. (2022). The role of trust in policy networks: Looking for the missing link. Public Management Review, 24(10), 1541–1560. https://doi.org/10.1080/14719037.2021.1947814
Kuziemski, M., & Misuraca, G. (2020). AI governance in the public sector: Three tales from the frontiers of automated decision-making. Government Information Quarterly, 37(4), Artikel 101516. https://doi.org/10.1016/j.giq.2020.101516
Leenes, R., van Brakel, R., & Prins, C. (Eds.). (2022). Data protection and privacy: The age of intelligent machines. Hart Publishing.
Lessig, L. (1999). Code: And other laws of cyberspace. Basic Books.
Luthfi, R. (2022). Perlindungan data pribadi sebagai perwujudan perlindungan hak asasi manusia. Jurnal Sosial Teknologi, 2(5), 431–436. https://doi.org/10.36418/jurnalsostech.v2i5.336
Mahler, T. (2022). GDPR compliance for small and medium-sized non-profits: A practical framework. Journal of Data Protection & Privacy, 5(2), 145–160.
Maksum, I. R. (2019). Birokrasi dan kebijakan publik. UI-Press.
Mäntymäki, M., & Riemer, K. (2021). The dual role of social media: A systematic literature review on the positive and negative effects of social media use. International Journal of Information Management, 59, Artikel 102340. https://doi.org/10.1016/j.ijinfomgt.2021.102340
Miles, M. B., Huberman, A. M., & Saldana, J. (2014). Qualitative data analysis: A methods sourcebook. Sage Publications.
Muhammadiyah, S. (2025). Gandeng VIDA, Muhammadiyah komitmen perkuat sistem identitas digital e-KTAM. Suaramuhammadiyah.id.
Nurhayati, R., Inar, W. F., & D, I. (2022). Kesalehan digital (Analisis fenomena popularisasi hadis pada status). Proceeding University of Muhammadiyah Yogyakarta Undergraduate Conference, 2(1), 1.
Nurul Sabila, S., & Atman, W. (2025). Studi kasus kebocoran data SIM card oleh Bjorka: Dampaknya terhadap kepercayaan publik terhadap keamanan digital di Indonesia. Sosial Simbiosis: Jurnal Integrasi Ilmu Sosial Dan Politik, 2(3), 142–154.
OECD. (2013). OECD guidelines on the protection of privacy and transborder flows of personal data. OECD Publishing.
Park, Y. J. (2020). The illusion of control: A critical review of the data privacy paradox. Journal of the Association for Information Science and Technology, 71(11), 1292–1303. https://doi.org/10.1002/asi.24345
Permana, A. (2021). Indonesia’s cyber defense strategy in mitigating the risk of cyber warfare threats. Syntax Idea, 3(1), 1–11.
Permata Sari, Y., & Kismartini, K. (2016). Analisis aktor pembentukan Bumdes Pagedangan Cahaya Madani dalam perspektif governance. Journal of Public Policy and Management Review, 1(1), 11–25. https://doi.org/10.14710/jppmr.v1i1.14499
Prabowo, W., Wibawa, S., & Azmi, F. (2020). Perlindungan data personal siber di Indonesia. Padjadjaran Journal of International Relations, 1(3), 218–239.
Rakodi, C. (2021). Faith-based organizations and digital technology: Opportunity, ambiguity and challenge. Development in Practice, 31(7), 875–886. https://doi.org/10.1080/09614524.2021.1947932
Ramadhan, K. R. (2022). The challenges of personal data protection policy in Indonesia. Technium Social Sciences Journal.
Romanosky, S., Telang, R., & Acquisti, A. (2011). Do privacy policies increase privacy? Economics of Innovation and New Technology, 20(3), 265–284.
Sabatier, P. A., & Weible, C. M. (Eds.). (2023). Theories of the policy process (Edisi ke-5). Routledge.
Samonas, S., & Coss, D. (2014). The data breach litigation guide. Law Journal Press.
Schwartz, P. M., & Solove, D. J. (2017). The law of data privacy and security. Aspen Publishers.
Siregar, N. (2022). Menentukan model implementasi kebijakan dalam menganalisis penyelenggaraan Pelatihan Kepemimpinan Administrator (PKA). Jisos: Jurnal Ilmu Sosial, 1(7), 713–722.
Solove, D. J. (2013). Nothing to hide: The false trade-off between privacy and security. Yale University Press.
Sorensen, E., & Torfing, J. (2021). Collaborative innovation in the public sector: A systematic review of the literature. Public Management Review, 23(12), 1801–1825. https://doi.org/10.1080/14719037.2020.1795767
Suwondo, D. (2023). The legal protection of personal data in Islamic perspective. International Journal of Law Reconstruction, 7(2), 221. https://doi.org/10.26532/ijlr.v7i2.33648
Tene, O., & Polonetsky, J. (2012). Privacy in the age of big data: Redefining the boundaries of personal privacy. Stanford Law Review, 64, 1149.
Tzafestas, S. G. (2022). Ethics and law in the digital age. Springer.
Van der Kaa, H., & de Vries, P. (2021). The role of data protection officers in public and non-profit organizations: A comparative study. International Review of Administrative Sciences, 87(1), 153–170. https://doi.org/10.1177/0020852319885823
Voigt, P., & von dem Bussche, A. (2017). The EU General Data Protection Regulation (GDPR): A practical guide. Springer.
Widhagdha, M. F., & Ediyono, S. (2022). Case study approach in community empowerment research in Indonesia. Indonesian Journal of Social Responsibility Review (IJSRR), 1(1), 71–76.
Yin, R. K. (2014). Case study research: Design and methods. Sage Publications.
Zuiderveen Borgesius, F. (2020). Strengthening legal protection against discrimination by algorithms and artificial intelligence. The International Journal of Human Rights, 24(10), 1572–1593. https://doi.org/10.1080/13642987.2020.1741492
Zulkarnaen, W., Fitriani, I. D., & Indra, S. (2021). Model tata kelola amal usaha muhammadiyah berbasis sistem informasi manajemen. Jimea, 5(1), 2021.
Copyright (c) 2026 Jurnal Manajemen dan Ilmu Administrasi Publik (JMIAP)
This work is licensed under a Creative Commons Attribution 4.0 International License.
