JURNAL HUKUM IN CONCRETO Vol. No. 1 (FEBRUARI) 2025 E-ISSN: 2963-7724 The Legal Responsibilities of Advocates in the Digital Era for Client Data Protection Following the Enactment of Law No. 27 of 2022 on Personal Data Protection Yazrul Anuar1 Faculty of Law. Universitas Muhammadiyah Sumatera Barat. Indonesia yazrulanuar06@gmail. Abstract In practice. Advocates are involved with their client's data contained in the legal documents they create and have a responsibility to maintain the confidentiality of the information contained in the records they hold. The birth of the PDP Law to provide legal certainty and security for the community amidst the massive use of personal data. This research discusses the history of personal data protection and the implications of the PDP Law for the obligations and responsibilities of advocates in the event of a client data leak according to national law. The results of the research show that the history of the right to privacy can be seen from the Dutch presence in Indonesia on July 25, 1893, through the decision of the King of the Netherlands No. 36 and the Criminal Code through Koninklijk Besluit No. 33 (Stbl. 1915 No. , constitutionally a right This was recognized after the second amendment to the 1945 Constitution. Later, a new historical milestone was recorded on October 17, 2024, in the sector of cyber security and privacy regulations, specifically in Indonesia, because of establishing the Law PDP. After the PDP Law comes into effect, advocates are considered Personal Data Controllers. They have obligations as mandated by the PDP Law and carry out the obligations regulated by the Advocate Law. Therefore, advocates can be held responsible if client data is leaked in their documents by referring to the principle of responsibility for mistakes and absolute commitment. Keywords: advocate. personal data protection. Abstrak Dalam praktik. Advokat terlibat dengan data pribadi klien mereka yang tercakup dalam dokumen hukum yang mereka buat dan memiliki tanggung jawab untuk menjaga kerahasiaan informasi yang terkandung dalam dokumen yang dimilikinya. Lahirnya UU PDP untuk memberikan kepastian hukum dan keamanan bagi masyarakat ditengah masifnya penggunaan data pribadi. Penelitian ini membahas sejarah perlindungan data pribadi dan implikasi UU PDP terhadap kewajiban dan tanggung jawab advokat jika terjadi kebocoan data klien menurut hukum nasional. Hasil penelitian menujukan, sejarah hak privasi bisa dilihat kehadiran Belanda ke Indonesia pada tanggal 25 Juli 1893 melalui keputusan Raja Belanda No. 36 dan Kitab Undang-Undang Hukum Pidana melalui Koninklijk Besluit No. 33 (Stbl. 1915 No. , secara konstitusional hak ini diakui pasca Amandemen kedua UUD 1945 dan kemudian kemudian, tonggak sejarah baru tercatat pada 17 Oktober 2024 dalam sektor regulasi keamanan siber dan privasi secara *Yazrul Anuar Tel. : 62 811-7391-914 Email: yazrulanuar06@gmail. This work is licensed under a Creative Commons Attribution-Share Alike 4. Jurnal Hukum In Concreto. Vol 4 . Yazrul Anuar. The Legal Responsibilities of Advocates in the Digital Era A khusus di Indonesia karena telah dibentuknya UU PDP. Setelah UU PDP berlaku, advokat dianggap sebagai Pengendali Data Pribadi, mereka memiliki kewajiban sebagaimana yang diamanatkan UU PDP dan menjalankan kewajiban yang diatur UU Advokat. Oleh karena itu. Advokat dengan mengacu prinsip tanggung jawab pada kesalahan dan tanggung jawab mutlak, advokat dapat dimintakan tanggung jawab jika data klien bocor dalam dokumen yang mereka buat. Kata kunci: tanggung jawab. perlindungan data pribadi. INTRODUCTION One of the consequences of industrial progress is the transformation of social life within society. Since the advent of the Fourth Industrial Revolution (Industry 4. societal dynamics have continuously evolved, encompassing a wide range of activities, from electronic transactions and social media interactions to the utilization of various digital platforms. 1 This rapid technological advancement has brought both positive and negative implications for society. On the one hand, technological progress facilitates communication and access to information for individuals and groups. On the other hand, it simultaneously introduces vulnerabilities, mainly concerning personal data privacy. The use of technology is intrinsically linked to individuals' data, which is a fundamental component of Big Data and Artificial Intelligence (AI). Consequently, personal data has become a crucial asset for users and individuals. The rapid evolution of technology has undeniably reshaped societal structures while significantly impacting personal data protection. Personal data protection is closely related to the right to privacy, ensuring the integrity and dignity of individuals. 3 In essence, every person has the right to determine with whom they share their data and to set the conditions under which data transfer occurs. Yazrul Anuar. Raju Moh Hazmi dan Jasman Nazar Yazrul Anuar. AuTiktok Shop Vs E-Commerce Vs Negara: Mencari Titik Keseimbangan Dalam Bingkai Ekonomi Konstitusional,Ay Law Jurnal: Jurnal Ilmiah Penelitian, 4. , 2. Danrivanto Budhijanto. Cyber Law dan Revolusi Industri 4. 0 (Logos Publishing, 2. Bernhard Ruben Fritz Sumigar dan Blandina Lintang Setianti Wahyudi Djafar. AuPerlindungan Data Pribadi (Usulan Pelembagaan Kebijakan dari Perspektif Hak Asasi Manusi. ,Ay ELSAM, 2016, 3. Dhoni Martien. Perlindungan Hukum Data Pribadi. (Mitra Ilmu, 2. Jurnal Hukum In Concreto. Vol 4 . Yazrul Anuar. The Legal Responsibilities of Advocates in the Digital Era A From an international legal perspective5, personal or private data is a fundamental This is evident in Article 12 of the Universal Declaration of Human Rights (UDHR), which states: "No one shall be subjected to arbitrary interference with his privacy, family, home, or correspondence, nor to attacks upon his honor and reputation. Everyone has the right to the protection of the law against such interference or attacks. Similarly. Indonesia acknowledges the constitutional protection of personal data under Article 28H. and Article 28J of the 1945 Constitution of the Republic of Indonesia. Furthermore, personal data protection is regulated explicitly in Law No. 27 of 2022 on Personal Data Protection (PDP La. According to Article 1. of the PDP Law, personal data is defined as: "Data concerning an identified or identifiable individual, whether separately or in combination with other information, directly or indirectly, through electronic or non-electronic systems. Moreover. Article 1. "Personal data protection refers to all efforts to safeguard personal data in the process of data processing to ensure the constitutional rights of personal data As legal professionals, advocates hold an "officium nobile" status, underscoring their noble duty to uphold the rule of law independently and responsibly. Their primary function is to provide legal services within and outside court proceedings. 6 Ethical standards and statutory regulations govern the legal profession, including Law No. 18 of 2003 on Advocates (Advocate La. Article 1. of the Advocate Law defines an advocate as: "A person who practices law by providing legal services, both in and out of court, in accordance with the requirements established by this law. Advocates must adhere to legal principles and ethical standards in carrying out their professional duties, ensuring their actions are legally justifiable and accountable. AuLihat Human Rights Committee General Comment No. on the right to respect of privacy, family, home and correspondence, and protection of honour and reputation . Ay Zainuddin Hasibuan dan Fauziah Lubis Ibnu Qudama. AuPertanggung Jawaban Advokat Terhadap Klien Berdasarkan Undang-Undang Nomor 18 Tahun 2003,Ay Journal of Science and Social Research. , 6. , 168. Jurnal Hukum In Concreto. Vol 4 . Yazrul Anuar. The Legal Responsibilities of Advocates in the Digital Era A Advocates bear multiple responsibilities, including obligations towards society, the judiciary, fellow legal professionals, clients, the state, and divine authority. 7 As independent, autonomous, and accountable professionals, advocates represent individuals . egal subject. inside and outside court proceedings. Advocates inevitably require access to various legal documents when representing clients, such as client identification records, witness information, and other case-related materials. These documents contain sensitive personal information, including personal identity cards (KTP), medical records, tax records, asset declarations, and financial data. The PDP Law establishes a comprehensive legal framework for safeguarding personal data, ensuring legal certainty, and delineating the obligations of all stakeholders, including personal data subjects, data controllers, international organizations, corporations, and government entities. Since advocates frequently collect and store clients' data as part of their professional activities, they bear a significant responsibility for ensuring the secure handling of such information. 8 Consequently, advocates must comply with the applicable regulations governing personal data protection. The enactment of the PDP Law serves as a critical reference for advocates in fulfilling their professional responsibilities. This study seeks to address key issues, including the historical development of personal data protection in Indonesia, the legal obligations of advocates in safeguarding client data, and the professional accountability of advocates concerning client data, as examined under the Advocate Law and the PDP Law. The primary objective of this research is to explore the legislative history of the PDP Law and to analyze the extent of advocates' obligations in maintaining the confidentiality of clients' data. Additionally, this study aims to examine the legal accountability of advocates in the digital era in the event of personal data breaches within legal documents handled by advocates. Fauziah Lubis. Bunga Rampai Hukum Keadvokatan (CV. Manhaji, 2. Benny Djaja dan Maman Sudirman. Alifia Jasmine. AuTanggung Jawab Notaris dalam Perlindungan Data Pribadi Klien Berdasarkan UU No. 27 Tahun 2022 Tentang Perlindungan Data Pribadi,Ay Jurnal Ilmu Hukum. Humaniora dan Politik, 5. , 655. Jurnal Hukum In Concreto. Vol 4 . Yazrul Anuar. The Legal Responsibilities of Advocates in the Digital Era A RESEARCH METHODS This qualitative legal research employs a normative juridical approach based on secondary data, including legislation, legal doctrines, and legal encyclopedias. 9 It adopts a statute approach, which focuses on regulations and legislation related to the legal profession and personal data, and a conceptual approach, used to analyze the theory of responsibility as a fundamental framework in this research. RESULTS AND DISCUSSION The History of Personal Data Protection in Indonesia In general, the concept of personal data, often referred to as privacy, varies across different societies. These variations arise due to differences in individual interpretations, cultural traditions, and societal norms. Despite these diverse perspectives, the fundamental principle of protecting personal data remains universal. Personal data or privacy lacks a universally agreed-upon definition, as defining something inherently subjective is challenging. According to Slyke and Bylanger, privacy is an individual's ability to control information about themselves, while Warren and Brandeis famously described privacy as "the right to be left alone. "11 Historically, the need for personal data protection emerged from written correspondence, which was essential for communication and information exchange. The earliest efforts to safeguard personal data were recorded in Europe and the United States, where laws were established to prevent unauthorized access to private communications. In the United States, privacy rights gained formal recognition through the Bill of Rights within the U. Constitution, further reinforced through the Third. Fourth, and Fifth Amendments, each addressing different aspects of personal privacy and protection from Raju Moh Hazmi. Metode Penelitian Hukum, 1 ed. (Padang: CV. Gita Lentera, 2. Suratman dan Philips Dillah. Metode Penelitian Hukum, 3 ed. (Bandung: Alfabeta, 2. Supriyadi widodo Eddyono dan Wahyudi Djafar Anggara. AuMenyeimbangkan Hak: Tantangan Perlindungan Privasi dan Menjamin Akses Keterbukaan Informasi dan Data di Indonesia. ,Ay Institute for Criminal Justice Reform. , 2015, 3. Syahraki Syahrir. AuMemahami Asal Usul Pelindungan Data Pribadi (PDP) dan PenerapannyaAy . iakses 3 Januari 2. Jurnal Hukum In Concreto. Vol 4 . Yazrul Anuar. The Legal Responsibilities of Advocates in the Digital Era A government intrusion. 13 In the Indonesian historical context, the concept of privacy rights can be traced back to the colonial era. The Dutch colonial administration indirectly acknowledged privacy protection through the Royal Decree (Koninklijk Beslui. of July 25, 1893. No. This was later reinforced by Koninklijk Besluit No. 33 (Stbl. 1915 No. , which was integrated into the Indonesian Penal Code (Wetboek van Strafrech. on October 15, 1915. These regulations indicate that privacy rights have long been recognized in Indonesia. Constitutionally, these rights are explicitly acknowledged in Article 28G. and Article 28H. of the 1945 Constitution of the Republic of Indonesia (UUD NRI 1. following its Second Amendment. After this constitutional recognition, various laws further reinforced privacy rights, although they remained sectoral. Examples include Law No. 19 of 2016 on Electronic Information and Transactions (EIT La. and Minister of Communication and Informatics Regulation No. 20 of 2016 on Personal Data Protection. On October 17, 2022, a new milestone in Indonesia's legal history was marked with the enactment of Law No. 27 of 2022 on Personal Data Protection (PDP La. , which became the country's primary legal reference for personal data protection. The Professional Obligation of Advocates to Protect Clients' Personal Data from the Perspective of the Personal Data Protection Law (PDP La. A profession can be defined as a permanent occupation based on specialized scientific knowledge, bound by general and specific ethical standards, carried out with respect for human dignity, and driven by a commitment to the public interest. 15 According to the Advocate Law (UU Advoka. , legal professionals are authorized to provide legal consultation, representation, defense, and other legal actions in the interest of their clients. The legal profession must be independent and professional, as advocates play a critical role in upholding and implementing legal processes. Their work involves Daniel J. Solove. A Brief History of Information Privacy Law in Proskauer On Privacy (PLI, 2. Dwitri Waluyo. AuEra Baru Perlindungan Data Pribadi,Ay . iakses 4 Januari 2. Bernardus Arief Sidharta. AuEtika dan Kode Etik Profesi Hukum,Ay Veritas et Justitia, 1. , 224Ae Jurnal Hukum In Concreto. Vol 4 . Yazrul Anuar. The Legal Responsibilities of Advocates in the Digital Era A confirming specific legal relationships between their clients and various legal subjects or objects, whether public or private, including personal data attached to their clients. As a result, the relationship between an advocate and their client is rooted in the principle of trust, akin to a personal relationship that creates reciprocal rights and obligations. In carrying out these rights and obligations, advocates must adhere to ethical principles embedded in their profession. 16 According to the Advocate Law and the Code of Ethics for Advocates . dopted on October 7, 2002, by seven advocate organization. , advocates are prohibited from17 first, neglecting their clients' interests. misbehaving toward opposing parties or colleagues. third, acting or speaking in ways that violate legal norms. fourth, engaging in conduct that contradicts the dignity of the and fifth, violating their oath and professional commitments. Legal professionals are subject to rights and obligations as outlined in Articles 14 to 20 of the Advocate Law. Regarding personal data and client information. Article 17 of the Advocate Law states: "An advocate, in the exercise of their profession, has the right to obtain information, data, and other documents from government institutions or other relevant parties as necessary for the defense of their clients in accordance with applicable laws and Conversely. Article 19. of the same law imposes obligations on advocates, stating: "An advocate is obliged to maintain confidentiality regarding all information obtained from their client due to their professional relationship, except where otherwise required by law. Additionally. Article 19. "An advocate has the right to confidentiality in their relationship with clients, including protection of their case files and documents from seizure or inspection, as well as protection from electronic communication surveillance. The Personal Data Protection Law (PDP La. applies to various entities, including advocates, who frequently handle and store clients' data, former clients' data, or other related information. These personal data elements are often found in legal documents. Riki Irawan. Analisis Hukum Mengenai Pelanggaran Kode Etik Advokat Yang Dilakukan Oleh Seorang Advokat Dalam Menangani Perkara Berdasarkan Undang-Undang Nomor 18 Tahun 2003 Tentang Advokat (Studi Kasus Di Dkd Peradi Sumut ). (Tesis Universitas Medan Area, 2. Suparman Marzuki. Etika Dan Kode Etik Profesi Hukum (FH UII Press, 2. Jurnal Hukum In Concreto. Vol 4 . Yazrul Anuar. The Legal Responsibilities of Advocates in the Digital Era A which are authentic records and are categorized as personal data subjects, meaning "an individual to whom personal data pertains. " Therefore, advocates must comply with the PDP Law. As part of their professional duties, advocates utilize personal data for specific purposes, as permitted under the Advocate Law. Consequently, advocates can be classified as data controllers. According to Article 1. of the PDP Law, a data controller "Any person, public body, or international organization acting independently or jointly in determining the purpose of and controlling the processing of personal Advocates fit this classification from both a practical and functional standpoint. The reasoning behind this classification is that advocates process personal data obtained from clients, which is inherently embedded in legal documents drafted or managed by the The data processing steps typically include collecting personal data from clients or related parties, including identity information present in legal documents. analyzing client data to ensure its relevance for legal proceedings. and presenting, disclosing, transmitting, or distributing data to authorized parties, such as court administration and electronic litigation platforms. Advocates inevitably require and process clients' personal data for legal purposes. This involves determining the type of data needed, the relevance of documents, the timeframe for data usage, the method of data acquisition, and the rights of clients as personal data subjects. Advocates must ensure that the collection, storage, and processing of such data comply with the principles of transparency and accountability, serving the client's interests while obtaining their explicit consent as data subjects. Considering their role and legal responsibilities, advocates must protect their clients' data through the PDP and Advocate Law. From a legal perspective, advocates, as data controllers, must delete personal data that is no longer necessary, including both general and specific personal data. General personal data includes information that can identify an individual, such as name, address, date of birth, and contact details. Jurnal Hukum In Concreto. Vol 4 . Yazrul Anuar. The Legal Responsibilities of Advocates in the Digital Era A Specific personal data carries a higher risk of misuse and requires enhanced This category includes fingerprints, retinal scans, genetic information, religious beliefs, sexual orientation, health records, and financial details. If an advocate misuses this data, they may face administrative or criminal penalties, including fines and compensation claims from affected parties. The PDP Law prohibits data controllers from disclosing personal data to third parties without the data subject's consent, except where a valid legal basis exists. Furthermore, advocates must exercise caution to prevent misuse of client data in legal documents under their supervision. The enactment of the PDP Law serves as a legal safeguard to ensure data protection and imposes clear responsibilities on advocates. Compliance with these regulations is a mandatory requirement for legal professionals. The Responsibility of Advocates in the Event of Client Personal Data Breach The transformation from conventional practices to the digital era has significantly impacted legal professionals, including advocates in Indonesia. 18 The enactment of Supreme Court Regulation No. 1 of 2019 on Case Administration and Electronic Court Proceedings clearly shows how the advocate's role has evolved in the digital age. Since the introduction of this regulation, advocates are no longer required to be physically present at every court hearing to assist their clients, as many legal proceedings can now be conducted electronically. In this modern era, which heavily relies on digitalization and technology, various aspects of life, including legal practice, are increasingly influenced by digital While technology presents new opportunitiesAisuch as efficient, practical, and cost-effective storage of legal documents through electronic "cloud" systems it also introduces risks, particularly regarding data breaches. Since advocates are classified as Personal Data Controllers entrusted with safeguarding their clients' sensitive information, they are equally susceptible to data breaches. Widodo Dwi Putro. AuDisrupsi Dan Masa Depan Profesi Hukum,Ay Mimbar Hukum, 32. , 19Ae29. Willa Wahyuni. Au4 Tantangan Baru Advokat Muda di Era Digital. Berita Hukumonline,Ay Hukumonline, . iakses 5 Januari 2. Jurnal Hukum In Concreto. Vol 4 . Yazrul Anuar. The Legal Responsibilities of Advocates in the Digital Era A The legal profession is fundamentally rooted in trust, obligating legal practitioners to be accountable for their actions. Article 4. , point 3 of the Advocate Law explicitly states that advocates take an oath, affirming: "In performing my professional duties as a provider of legal services. I will act honestly, fairly, and responsibly in accordance with the law and justice. Responsibility is defined as the obligation of an individual to be accountable for their According to Hans Kelsen, legal responsibility is a person's duty to be held responsible for specific actions under the law, meaning that an individual may be punished if their actions contradict legal provisions. 21 This concept is closely linked to one's legal obligations and the consequences of violations. Legal responsibility can be categorized into: 22 Individual legal responsibility, where each person is accountable for their Collective legal responsibility, where a group or entity is held responsible for legal violations. Liability based on fault, legal responsibility arising from negligence. Strict liability, absolute legal responsibility, regardless of intent or anticipation of the As previously discussed, advocates are bound by professional trust and must be accountable for their actions, upholding their responsibility towards their clients and Additionally, advocates must comply with laws and uphold principles of honesty and caution in their work. Often, clients entrust their advocates with sensitive and personal information that must remain confidential throughout legal proceedings and document AuBertanggung JawabAy . iakses 12 Januari Ali SafaAoat Jimly Asshiddiqie. Teori Hans Kelsen Tentang Hukum (Sekretariat Jenderal & Kepaniteraan Mahkamah Konstitusi, 2. Raisul Muttaqien. Teori hukum murni : dasar-dasar ilmu hukum normatif / Hans Kelsen. (Bandung Nusa Media, 2. Jurnal Hukum In Concreto. Vol 4 . Yazrul Anuar. The Legal Responsibilities of Advocates in the Digital Era A The Advocate Law explicitly mandates that legal professionals safeguard their clients' data. Besides complying with the Advocate Law, advocates must also adhere to lex specialis, notably the Personal Data Protection Law (PDP La. , which governs personal data protection. Article 19. of the Advocate Law states: "An advocate is obliged to maintain the confidentiality of all information obtained from their client due to their professional relationship, except where otherwise required by law. If this obligation is breached, advocates may be subject to sanctions under Article 7 of the Advocate Law, including a verbal warning, a written reprimand, temporary suspension, or permanent disbarment. Under the PDP Law, advocates can also be classified as Personal Data Controllers, as they independently collect and process personal data for legal documentation. Moreover, under Article 35 of the PDP Law, advocates must protect clients' data while creating and storing legal documents, whether online or offline. Referring to Hans Kelsen's concept of liability based on fault and strict liability, both liability models may apply if a data breach occurs within an advocate's legal documents. Since advocates function as data controllers, they are legally responsible for any violation affecting the legal documents they store, whether electronically or physically. According to Article 19. of the Advocate Law and Article 20 of the PDP Law, violating data protection laws may lead to legal consequences for advocates. However, the PDP Law does not explicitly clarify whether administrative or civil sanctions precede criminal penalties. What is clear is that data controllers must notify both the data subject and relevant authorities in case of a data breach or misuse. If a data breach occurs in an advocate's legal documents. Article 57 of the PDP Law stipulates that the advocate may face sanctions, including a written warning, temporary suspension of personal data processing activities, deletion of the compromised personal data, or an administrative fine of up to 2% of the advocate's annual revenue, depending on the severity of the violation. Given these legal implications, advocates must exercise extreme caution in handling clients' data, whether before, during, or after the creation and storage of legal documents both online and offline. Compliance with the PDP Law serves Jurnal Hukum In Concreto. Vol 4 . Yazrul Anuar. The Legal Responsibilities of Advocates in the Digital Era A as a crucial legal safeguard, ensuring that advocates fulfill their obligation to protect the confidentiality and integrity of their client's personal information. CONCLUSION AND SUGGESTION Based on the discussion above, the history of personal data protection or privacy in the modern world originated from written correspondence as a means of communication and information exchange. In the Indonesian historical context, privacy rights were first recognized through the Dutch royal decree (Keputusan Raja Beland. No. 36 on July 25, 1893, followed by Koninklijk Besluit No. 33 (Stbl. 1915 No. on October 15, 1915, which was incorporated into the Indonesian Penal Code (Kitab Undang-Undang Hukum Pidana - KUHP). Constitutionally, privacy rights were formally acknowledged after the Second Amendment to the 1945 Constitution, particularly in Article 28G. and Article 28H. Although sectoral laws and regulations previously governed personal data protection, a significant milestone was reached on October 17, 2022, when Indonesia enacted the Personal Data Protection Law (UU PDP), marking an important development in cybersecurity and privacy regulation. Today, advocates are required to comply with the PDP Law in addition to the Advocate Law, as their profession qualifies them as Personal Data Controllers. This means advocates are responsible for processing client data, including obtaining, collecting, analyzing, and storing personal data within legal documents, where necessary, for specific legal purposes. By establishing the advocate's obligation to protect client data throughout legal proceedings, the PDP Law represents a significant advancement in safeguarding personal data in Indonesia's digital era. In the event of a data breach involving legal documents prepared by an advocate, the advocate bears liability under both the Advocate Law and the PDP Law, applying the principle of liability based on fault or strict liability. Therefore, advocates must perform their professional duties with integrity and diligence, ensuring compliance with the evolving legal framework, which will continue to adapt in response to technological and regulatory developments. Jurnal Hukum In Concreto. Vol 4 . Yazrul Anuar. The Legal Responsibilities of Advocates in the Digital Era A REFERENCE