HARMONIZATION OF FINANCIAL SECTOR REGULATIONS WITH THE FDIC LAW AND THE P2SK LAW REGARDING THE USE OF PRIVACY RELIABILITY CERTIFICATES BY FINANCIAL SECTOR BUSINESSES

Abstract


INTRODUCTION
The development of science and technology including telecommunications, media and informatics globally has had an impact on changing the mindset and perspective of the community in carrying out various activities that are oriented towards aspects of ease and speed in exchanging access to information. 1 The widespread use of Information and Communication Technology (ICT) globally is characterized by digitalization euphoria that impacts individuals, businesses/private sectors, governments, and influences almost all sectors.The use of digitalization has become a driver of economic and social growth with the context of an information-oriented world society. 2 In its development, the development of the internet economy in Indonesia is the massive number of internet users in Indonesia.The digital economy in Indonesia has a positive impact, but this has also become a new challenge for the government in producing policies.Emerging from the development of the digital economy, it also gave birth to new business models, there is integration between business sectors, as well as changes in business models in pre-existing sectors.
In the financial sector, which is one of the industrial sectors that is quite developed along with the development of Information and Communication Technology (ICT).The banking industry is one of the industries that uses ICT as a forum and means of service to its customers.
As a result of the development of information technology and fintech, it has made it easier for consumers and businesses to transact.Initially, transactions were carried out physically, which then developed to be carried out online, access to goods and services that were previously difficult to reach by consumers can now be easily accessed.Electronic transactions (E-Commerce) also provide fast access and services for consumers when purchasing goods.
For business actors, the presence of electronic transactions also provides convenience considering that they can easily promote and offer potential customers about the goods or services they have.
With the development of the fintech industry in Indonesia, it cannot be separated from the existence of government supervisory institutions.These institutions are Bank Indonesia and the Financial Services Authority (OJK), which are two government institutions that have the authority to monitor the development of the fintech industry.These two supervisory institutions carry out different tasks and functions.Bank Indonesia focuses on regulating and supervising fintech players in the field of payment financial services, while the Financial Services Authority facilities today, the internet is very vulnerable to information security attacks.Without an information security system, electronic transactions become very easy to experience information security disturbances which can cause a sense of distrust for electronic transaction actors, especially the financial sector.The inconvenience of conducting electronic transactions has led to the development of issues regarding trust in electronic transactions both within the national, regional and global scope.There are four criteria for information security in electronic transactions, namely confidentiality, authenticity, integrity and non-repudiation. 3 organize trusted e-transactions, the regulation stipulates that business actors offering products through Electronic Systems must provide complete and correct information relating to contract terms, producers, and products offered (Article 9 of the ITE Law).In addition, the regulation also stipulates that business actors who organize electronic systems can be certified by the Reliability Certification Institute (Article 10 of the ITE Law).Article 41 of PP PSTE also explains that the Implementation of Electronic Transactions in the public or private sphere that use Electronic Systems for the benefit of public services must use Reliability Certificates and / or Electronic Certificates.
These electronic transactions must be safe and reliable.Thus, every electronic transaction that uses an electronic system must have a certificate of reliability and electronic certificate.This is the mandate of Articles 41 and 42 of Government Regulation (PP) No.82 of 2012 concerning the Implementation of Electronic Systems and Transactions (PP PSTE).
Information security standards emphasize aspects of requirements, procedures, policies, management and education and training.The standardization referred to here is not like a technical standard (specification), the direction of a technology or product, and does not guarantee the functioning of an information security tool.
In many sectors, such as the banking industry where there has been competition in terms of the services that businesses provide.Information technology (IT) is widely used in a competitive environment in order to provide banking services to customers.In fact, the emergence of information systems technology in particular has changed the retail banking consumption process as community interaction in service delivery has become increasingly developed.Therefore, the community or face-to-face interaction between customers and bank employees is replaced by customer interaction through technology.Even a large amount of IT is used to improve the efficiency and effectiveness of banking services.With the changing patterns of consumer behavior with the increasing use of technology in banking services, it is necessary to foster customer confidence in using technology-based services, namely internet banking. 4oting from data from the Ministry of Communication and Information, in the last three years, there have been 29 institutions whose data was breached.In May 2021, the data of 279 BPJS Health participants was leaked and sold on Raid Forums for 0.15 Bitcoin or around IDR 87.1 million. 5It can be said that the issue of consumer protection and personal data protection in electronic transaction activities is still an important issue to be studied further.Furthermore, regarding consumer rights and obligations of business actors, there is an issue of personal data that still lacks protection and the issue of fraud and data leakage of both consumers and business actors who transact, especially in the financial sector.
Electronic transaction activities require consumers to enter a number of their personal data into the electronic system before they can carry out transaction activities, this personal data request can usually be used by businesses as data on consumer behavior and marketing interests of the products of business actors.However, it is not uncommon for the personal data owned by consumers to be misused by businesses when consumers enter their personal data for the first time on online buying and selling sites or in writing bank customers themselves.The sale of personal data that causes the leakage of customer data, to other companies or product offerings that violate consumer rights can occur from the lack of protection or security guarantees for personal data from consumers provided to business actors.Consumers who conduct online transactions are also faced with several examples of the risk of their rights being violated in the form of consumer fraud.Article 4 of Law of the Republic of Indonesia Number 8 of 1999 concerning Consumer Protection regulates basic consumer rights such as the right to choose, the right to comfort and safety and the right to be heard. 6However, in practice, in electronic transactions, consumer losses of products that do not match the advertisements, product defects or even products that are not delivered still often occur.Consumers who will carry out electronic transaction activities have the principle of trust that must be upheld by each business actor and consumer.The principle of trust will then lead to the desire of consumers to carry out electronic transaction activities on a particular site, starting from entering personal data to sending money for payment for the product.This gives consumers confidence and guarantees the security of the transaction so that a certificate of reliability of the sector owned by the business actor is needed.With various cases related to personal data, it certainly violates the privacy rights of Data Subjects which allow individuals to limit other people's access to themselves and their information.With the passing of the PDP Law, it is more accommodating regarding the use of personal data in the financial sector in more detail so that Financial Sector Business Actors who process personal data are no longer careless by discrediting the security systems they have to be adequate and equivalent to the PDP Law and Consumers can feel more secure about their personal data that will be processed.
The existence of this reliability certificate will ideally provide a sense of trust from potential consumers and consumers, because the inclusion of eligibility by business actors (Banks) issued by the Reliability Certification Institute will help implement security guarantees for consumers and the reliability of the Bank.This article will examine how the implementation of the obligation to use privacy reliability certificates in financial sector regulations by BI and OJK and its impact on practices by payment fintech businesses.

RESEARCH METHODOLOGY
The research method used is normative juridical.The research was conducted using primary data in the form of field studies as well as the use of library materials or secondary data which includes primary, secondary and tertiary legal materials. 7

Actors (Website and or Application).
The research stages carried out as follows, literature study in the form of, Primary Legal materials, namely applicable laws and regulations, Secondary Legal materials, are legal materials that provide explanations regarding information or as support for primary legal materials which can be in the form of books, journals, or magazines written by legal scholars, theories, and expert opinions, as well as internet sites related to these problems and the like, and Tertiary Legal materials, are legal materials that provide guidance from primary legal materials and secondary legal materials, general dictionaries, legal dictionaries, large dictionaries.
The data collection technique by collecting written data includes books, official documents, reports, especially those on consumer protection for personal data leaks and through primary data collection in the form of literature study, where literature study is a type of secondary data with data obtained not directly from the first source, but from data recorded in the form of legal materials. 9 Thus, the analysis design made by the author will use qualitative juridical data analysis techniques, which assess the results of data processing that are not in the form of numbers and emphasize legal analysis on the deductive inference process, in the form of drawing conclusions from general to specific and inductive inference using formal and argumentative ways of thinking. 10

Financial Payment Technology as a Financial Sector Business Actor
The definition of Fintek is contained in Bank Indonesia Regulation Number 19/12/PBI/2017 on the Implementation of Financial Technology, as the use of technology in the financial system that produces new products, services, technology, and/or business models and can have an impact on monetary stability, financial system stability, and/or the efficiency of the smoothness, security, and reliability of the payment system. 9Soerjono Soekanto and Sri Mamudji, Normative Legal Research A Brief Overview, Rajawali Press, Jakarta, 1990, pp.
14-15.14-15. 10M. Syamsuddin, Operationalization of Legal Research, Grafindo Persada, Jakarta, 2007, p. 133.133.According to Roy S. Freedman, Fintech is concerned with building systems that model, value, and process financial products such as bonds, stocks, contracts, and money.At the very least, financial products are represented by price, time, and credit.Like commercial systems, financial systems incorporate trading systems and trading technology to enable the buying and selling of products at different times and in different market spaces.This includes arbitrage, which is the simultaneous buying and selling of the same product in different markets, but at the same time. 11artup fintech companies and/or established companies, basically focus their efforts on innovating new business models to face the challenges that exist in the financial industry. 12ntech is also defined as the application of digital technology in terms of financial problems in society. 13As a digital technology innovation in financial services, fintech produces a product related to the provision of financial services. 14ntek relies on secure communication protocol standards to initiate and synchronize communication, to authenticate users, and to ensure that users can communicate smoothly.In the process, it enables the rapid exchange of information, news, and transmissions across both public and private communication networks.In its operation, fintech integrates mathematics, statistics, economic models, and analytical systems; which will be integrated with messages, transactions, order processing, and payment systems.All activities that occur in fintech must be carried out according to existing rules, procedures, and guidelines.2) of the PDP Law requires the Controller of personal data to implement a security system for personal data.The security system referred to in this case is a Certificate of Reliability.In the POJK, this is already stated in the phrase must use reliable information technology and ensure the security of data and / or consumer personal information, but the method used by the author feels inappropriate and ineffective, namely by checking feasibility and / or security periodically.

Overview of the Privacy and Personal Data Reliability Certificate
The word "Certification" comes from the Latin "certus" which means "determined, settled, fixed, settled, purposeful".Certification is a procedure by which a third party provides written assurance that a product, process or service conforms to specific characteristics. 15A certificate is a written or printed mark or certificate (statement) from an authorized person that can be used as evidence of ownership or an event. 16Reliable itself means: 1. trustworthy; 2.
giving the same results on repeated tests or trials. 17Whereas reliability is the act of being reliable.According to article 1 point 27 of the PSTE Regulation, a Reliability Certificate is, "A document stating that a Business Actor conducting an Electronic Transaction has passed an audit or conformity test from a Reliability Certification Body."Meanwhile, in article 67 paragraph (2) of PP PSTE, a Reliability Certificate is, "A guarantee that the business actor has met the criteria determined by the Reliability Certification Body."Some of the terms Certificate of Reliability found in the literature are Trustmark, including privacy certificates of reliability as Privacy Seals, are technological instruments that serve to protect consumers' personal data. 19other term Techopedia, mentioned the word certificate of reliability with E-Commerce trustmark.E-commerce trustmark is an electronic transaction badge, image or logo displayed on a website to indicate that the website's business has been proven trustworthy by the issuing institution. 20me call certificates of reliability other than trustmarks, trust icons.Trust icons are generally badges, signs, seals or the like that when displayed on a website are intended to increase trust in the website. 21ivacy Policy Reliability Certificate, according to the Explanation of Article 76 paragraph (1) letter c of PP PSTE is a Reliability Certificate whose guarantee of reliability is to provide certainty that consumers' Personal Data is properly protected. 22The Reliability Certification Body is responsible for several things in carrying out the certification process and aims to provide guarantees to business actors (in this case as electronic system organizers) so that the implementation of information technology and electronic transactions can run well.

Government Regulation Number 71 of 2019 concerning the Implementation of Electronic
Systems and Transactions Article 1 point 27 states: 23 "Reliability Certificate is a document stating that Business Actors organizing Electronic Transactions have passed an audit or conformity test from a Reliability Certification Body." Where "Business Actors" to include the reliability certificate as a sign that they have qualified a safe, reliable and trustworthy system.Reliability certificates in practice are issued where the guarantee of reliability is only in the form of security which states that the identity of the electronic system actor is true; Electronic System Security is a certificate of reliability where the guarantee of reliability is to provide certainty regarding the process of delivering or exchanging data through the website of the electronic system actor and Privacy Policy is a certificate of reliability where the form of guarantee of reliability is to provide certainty that the personal data of electronic system users is protected confidentially as it should be.
Protection guarantees must certainly be provided by electronic system actors to generate trust from electronic system users.The Certificate of Reliability itself has 3 principles, namely as follows: 1) Reliability Principle Reliability as an ability possessed by a particular system that can adapt to the needs of the Electronic System Operator is responsible for the implementation of its electronic system.

2) Safety Principles
According to the ITE Law, security can be proven by protecting the electronic system both physically and non-physically.The use of information technology service providers carried out by electronic system actors must be based on a written agreement, while still paying attention to the principles of prudence, risk management and based on a reasonable cooperative relationship.

3) Consumer Protection Principles on Reliability Certificates
The inclusion of a reliability certificate or trustmark logo on an electronic system signifies legal certainty, especially for electronic system users.As for legal certainty itself provides two understandings where the first, there are rules that are general in nature so that individuals can know an act that is permitted or an act that is prohibited.Second, the creation of legal security for individuals caused by the arbitrariness of the government (state), in this case security is obtained from these general regulations so that individuals can find out what the state can impose on individuals and outside of these things, and the state may not impose on its people as users of electronic systems.
In Indonesia, the protection of personal data is a growing issue and a matter of public concern.The government makes laws and regulations relating to privacy and personal data protection in various aspects.This raises the issue of data privacy when personal data is provided. 26 users to find ojek.From these problems, he observed that there is an opportunity to create a new business so that it can be a solution to the problem, namely a media link between ojek users and ojek drivers.
Then it has its own payment method (e-wallet), namely GoPay.GoPay is one of the payment services on the Gojek Application in the form of a digital wallet that can be used to make payment transactions or other financial transactions through the GoPay feature on the Gojek Application.GoPay payment services can be used to pay for services on the Gojek Application, Merchant GoPay business partners, use PayLater, to transfer balances to fellow GoPay users or bank accounts.

(
POJK) No. 6 of 2022 concerning Consumer and Community Protection in the Financial Services Sector.OJK focuses on fintech players in the field of funding financial services (lending).Each institution has regulations that must be known and obeyed by fintech players to maintain a balance of sustainability.Bank Indonesia has Bank Indonesia Regulation (PBI) No. 3 Year 2023 on Bank Indonesia Consumer Protection.Meanwhile, OJK has regulations governing fintech, namely Financial Services Authority Regulation (POJK) No. 6 of 2022 concerning Consumer and Community Protection in the Financial Services Sector.Electronic transactions run in the field or means of information and communication technology, called the internet.With the speed and sophistication of modern communication

Fintech
is categorized into two categories: Conventional and Sharia Fintech.In Indonesia, Fintek is categorized as Payment System (Payment, Settlement, and Clearing); Market Aggregator (Market Support); Investment Management and Risk Management (Personal/Financial Planning); Lending, Financing, and Capital Provision (Crowdfunding and P2P Lending); and Other Financial Services (Others).
Law Number 4 of 2023 Article 1 point 40 concerning Financial Sector Development and Strengthening (P2SK Law), "40.Financial Sector Business Actors, hereinafter abbreviated as FSIs, financial market infrastructure business actors, business actors in the payment system, supporting institutions in the financial sector, and other financial sector business actors both carrying out business activities conventionally and based on Sharia Principles in accordance with the provisions of laws and regulations in the financial sector."Then according to the Financial Services Authority Regulation Number 6 of 2022 Article 1 point 2 concerning Consumer and Community Protection in the Financial Services Sector, the definition of financial sector business actors is, " 2. Financial Services Business Actors, hereinafter abbreviated as PUJK, are Financial Services Institutions and / or parties that carry out business activities of raising funds, channeling funds, and / or managing funds in the financial services sector."According to Bank Indonesia Regulation Number 3 of 2023 Article 1 point 5 concerning Bank Indonesia Consumer Protection, "5.Payment Service Providers are banks or institutions other than banks that provide services to facilitate payment transactions to service users.Regarding the obligation of the Custodian Center, it is clearly stated in the P2SK Law Article 239 paragraph (2), "(2) The obligation of the Custodian Center as referred to in paragraph (1) shall be implemented by applying the basic principles of processing personal data protection as stipulated in the provisions of laws and regulations regarding personal data protection."In this article, it is clearly stated that it is the obligation of the Custodian to process customers' personal data by referring to the PDP Law.However, in PBI 3/2023, Article 32 and Article 36 regarding the obligations of PUSK do not mention the obligation to use a Privacy Reliability certificate.POJK 6/2022 states in Article 11 paragraph 5, "(5) In the event that a PUJK uses information technology to manage data and/or personal information of Consumers, PUJK must use reliable information technology and ensure the security of data and/or personal information of Consumers by conducting periodic feasibility and/or security checks."Compared to the PDP Law, Article 39 paragraphs (1) and (

Figure 2 .
Figure 2. Gopay Privacy Policy Source: Gopay Website GoPay as a payment fintech has facilitated the rules regarding the privacy reliability certificate, namely 27701.Where it can make it easier for fintech related to the problem of fulfilling legacy requirements.GoPay and Gojek are committed to the community to maintain digital security through the Aman Bersama Gojek initiative by continuing to urge the public Normative legal research includes research on legal principles, legal systematics, the level of legal synchronization, legal history and legal comparisons. 8Research on how the use of privacy reliability certificates by financial sector business actors will analyze and review secondary data by direct observation through electronic systems managed by Financial Sector Business Law Number 8 Year 1999 on Consumer Protection.Soerjono Soekanto, Introduction to Legal Research, 3rd Edition, Jakarta: UI Press, 2019, p. 52.Ibid, p.51.
The inclusion of a reliability certificate on the website of electronic system actors indicates that the website has gone through a certification process.The provision of reliability certificates in Indonesia is also more clearly regulated in Article 1 number 11 of Law Number 19 of 2016 Amendment to Law No. 11 of 2008 concerning Electronic Information and Transactions detailed through Government Regulation Number 71 of 2019 concerning the Implementation of Electronic Systems and Transactions Article 76 paragraph (1) which applies three aspects of security in the form of: 25 Identity Registration is a certificate of reliability its use, where Law Number 11 of 2008 concerning Electronic Information and Transactions amended by Law Number 19 of 2016 concerning Electronic Information and Transactions.
24 Article 75 paragraph (1) of Government Regulation Number 71 of 2019 concerning the Implementation of Electronic Systems and Transactions. 25Tesanolica, N. & Wulandari, T. B. (2021)."Inclusion of a Certificate of Reliability (Trustmark Logo) as a Form of E-Commerce Consumer Protection in Review of Applicable Regulations".Dialogia Iuridica: Journal of Business and Investment Law volume 13, no. 4. pp.83-84.
So that October 17, 2022 Indonesia passed Law No. 27 of 2022 concerning Personal Data Protection, Article 1 paragraph (2) of the PDP Law: "Personal Data Protection is an overall effort to protect Personal Data in the course of processing Personal Data in order to guarantee the constitutional rights of Personal Data subjects."It is emphasized that the subject of personal data according to Article 1 paragraph 6 of Law No. 27 Year 2022 on Personal Data Protection is an individual to whom Personal Data is attached.Furthermore, Article 24 of the PDP Law reads: "In processing Personal Data, the Personal Data Controller is obliged to show proof of consent given by the Personal Data Subject." 26Richard D. Emmerson, Soewita Suhardiman, Eddy Murhty Kardono, Indonesia Report in Annual Review of Data Protection and Privacy Laws, Financier World Wide, December 2012, p. 62.