Regulatory Gaps in Data Protection and Proportionality in Digital Banking: Legal Issues in ASEAN

Regulatory Gaps in Data Protection and Proportionality in Digital Banking: Legal Issues in ASEAN

Authors

  • Agustianto Universitas Internasional Batam
  • Michael T. Sacramed Mariano Marcos State University
  • Winda Fitri Universitas Internasional Batam
  • Nadia Carolina Weley Universitas Internasional Batam
  • Hari Sutra Disemadi Universitas Internasional Batam

DOI:

https://doi.org/10.58223/syura.v4i1.811

Keywords:

Data Proportionality, Digital Banking, Legal Gaps, Data Protection, ASEAN

Abstract

This study examines the legal gaps in regulating data proportionality in ASEAN digital banking, particularly in Indonesia, the Philippines, and Malaysia. The main legal issue lies in the absence of clear standards governing the limitation, justification, and classification of personal data, which leads to excessive and potentially invasive data processing practices in digital banking systems. This research aims to examine the concept of data proportionality in digital banking and to assess the adequacy of legal frameworks governing data proportionality in Indonesia, the Philippines, and Malaysia in order to identify existing regulatory gaps. This study employs a normative legal research method with a comparative approach. The findings reveal that although all three countries have established data protection frameworks, none comprehensively integrate data proportionality into digital banking regulations, resulting in fragmented and ineffective legal protection. Indonesia lacks detailed standards and risk-based mechanisms, while the Philippines and Malaysia show regulatory gaps in governing conventional digital banking services. These weaknesses contribute to increased risks of privacy violations and legal uncertainty. Therefore, this study suggests the need for regulatory reform, including clearer data classification, proportionality standards, and mandatory risk assessments, to ensure a balance between digital banking innovation and the protection of consumer privacy rights.

References

Ab Rahim, S. F., & Ab Rahman, M. F. (2025). To Share or Not to Share Patient Health Data Without Consent for Public Interest Purposes: A Critical Comparative Analysis of EU GDPR 2018 and Malaysia PDPA 2010. Akademika, 95(01), 391–408. https://doi.org/10.17576/akad-2025-9501-22

Agustianto, A., Sohheng, N., Sudirman, L., Seroja, T. D., & Nurlaily, N. (2025). Consumer Privacy and Data Tracking in the Digital Economy: Legal Frameworks and Future Challenges in Indonesia and Thailand. Kosmik Hukum, 25(3), 573–588. https://doi.org/10.30595/kosmikhukum.v25i3.25948

Agustiawan, D. A. (2024). Digital Banking Transformation AI Enhances Efficiency And Customer Experience Seminar Perspective Industry. WACANA: Jurnal Ilmiah Ilmu Komunikasi, 23(1), 191–200. https://doi.org/10.32509/wacana.v23i1.4130

Ahmed, F., Hussain, A., Khan, S. N., Malik, A. H., Asim, M., Ahmad, S., & El-Affendi, M. (2024). Digital Risk and Financial Inclusion: Balance between Auxiliary Innovation and Protecting Digital Banking Customers. Risks, 12(8), 1–21. https://doi.org/10.3390/risks12080133

Alcantara, Y. F. B., Casas, C. B., Dela Torre, R. D., & Flores, G. C. (2025). Security and Vulnerability: Using One-Time Pin to Access Data for Online Transactions. Multidisciplinary International Journal of Research and Development, 4(3), 167–181.

Amin, M. (2016). Internet banking service quality and its implication on e-customer satisfaction and e-customer loyalty. International Journal of Bank Marketing, 34(3), 280–306. https://doi.org/10.1108/IJBM-10-2014-0139

Andrade, V. C., Gomes, R. D., Reinehr, S., Freitas, C. O. D. A., & Malucelli, A. (2022). Privacy by Design and Software Engineering. Proceedings of the XXI Brazilian Symposium on Software Quality, 1–10. https://doi.org/10.1145/3571473.3571480

Anggriani, D., Febriyani, E., & Situmeang, A. (2026). Pertanggungjawaban Pidana Korporasi Atas Kebocoran Data Pribadi di Indonesia: Studi Komparatif dengan Amerika Serikat dan Uni Eropa. Jurnal Fundamental Justice, 7(1), 127–146. https://doi.org/10.30812/fundamental.v7i1.6237

Bimantara, G., Handayani, T. A., & Al Irsyad, M. A. Y. (2024). The Corporate Legal Responsibility for The Leak of Personal Data of Application Consumers in Indonesia. Jurnal Akta, 11(4), 1213–1221. https://doi.org/10.30659/akta.v11i4.41409

Cele, N. N., & Kwenda, S. (2025). Do cybersecurity threats and risks have an impact on the adoption of digital banking? A systematic literature review. Journal of Financial Crime, 32(1), 31–48. https://doi.org/10.1108/JFC-10-2023-0263

Ching, M. R. D., Fabito, B. S., & Celis, N. J. (2018). Data Privacy Act of 2012: A Case Study Approach to Philippine Government Agencies Compliance. Advanced Science Letters, 24(10), 7042–7046. https://doi.org/10.1166/asl.2018.12404

Cifaldi, G. (2023). Evolution of Concepts of Privacy and Personal Data Protection under the Influence of Information Technology Development. Sociology and Social Work Review, 7(1), 35–60. https://doi.org/10.58179/sswr7103

Disemadi, H. S. (2022). Lenses of Legal Research: A Descriptive Essay on Legal Research Methodologies. Journal of Judicial Review, 24(2), 289–304. https://doi.org/10.37253/jjr.v24i2.7280

El Achari, S., & Hattab, S. (2024). L’impact de la transformation digitale sur le secteur bancaire. Journal of Economics, Finance and Management (JEFM), 3(3), 873–886. https://doi.org/10.5281/zenodo.12723055

Fang, L., & Quintos, D. G. (2023). Security Measures Applied on Digital Banking Towards Service Improvement Proposal. Journal of Business and Management Studies, 5(5), 47–77. https://doi.org/10.32996/jbms.2023.5.5.5

Fintech News Philippines. (2024, November). 5 Key Highlights from the Philippines Fintech Report 2024. Fintech News Philippines.

Fitri, W., Disemadi, H. S., & Rindiyani, M. (2024). Data Leakage of Consumer Personal Data in Telecommunications Services Customer Registration: Who Is Responsible? Yustisia Tirtayasa: Jurnal Tugas Akhir, 4(1), 98–112. https://doi.org/10.51825/yta.v4i1.22518

Fitzgerald, E., Pioro, M., & Tomaszwski, A. (2018). Energy-Optimal Data Aggregation and Dissemination for the Internet of Things. IEEE Internet of Things Journal, 5(2), 955–969. https://doi.org/10.1109/JIOT.2018.2803792

Găbudeanu, L., Brici, I., Mare, C., Mihai, I. C., & Șcheau, M. C. (2021). Privacy Intrusiveness in Financial-Banking Fraud Detection. Risks, 9(6), 1–22. https://doi.org/10.3390/risks9060104

Gupta, V., & Shukla, S. (2024). Consumer Trust in Digital Banking: A Qualitative Study of Legal and Regulatory Impacts. Interdisciplinary Studies in Society, Law, and Politics, 3(2), 18–24. https://doi.org/10.61838/kman.isslp.3.2.4

Hassani, H., Huang, X., & Silva, E. (2018). Digitalisation and Big Data Mining in Banking. Big Data and Cognitive Computing, 2(3), 1–13. https://doi.org/10.3390/bdcc2030018

Kaur, S. J., Ali, L., Hassan, M. K., & Al-Emran, M. (2021). Adoption of digital banking channels in an emerging economy: exploring the role of in-branch efforts. Journal of Financial Services Marketing, 26(2), 107–121. https://doi.org/10.1057/s41264-020-00082-w

Kiayias, A., Kohlweiss, M., & Sarencheh, A. (2022). PEReDi: Privacy-Enhanced, Regulated and Distributed Central Bank Digital Currencies. Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security, 1739–1752. https://doi.org/10.1145/3548606.3560707

Kumalasari, E. N., & Pratama, P. A. (2025). Analysis of the Role of Increasing Financial Inclusion Through Digital Transformation on the Stability of the Financial System in Indonesia. Journal of Accounting, Finance, and FinTech Advancements, 1(2), 55–69.

Lee, V. (2025, May). Beyond Cash: Growth of E-Wallets and Digital Banks in Malaysia [Infographic] – Progressive Market Research Company In Malaysia. Oppotus.

Librawenson, W., Disemadi, H. S., & Afdal, W. (2026). Regulating the Right to Be Forgotten in Indonesia’s Digital Banking: Lessons from the EU GDPR. Jurnal Mediasas: Media Ilmu Syari’ah Dan Ahwal Al-Syakhsiyyah, 8(4), 1008–1028. https://doi.org/10.58824/mediasas.v8i4.501

Malek, A. (2021). Bigger is always not better; less is more, sometimes: the concept of data minimization in the context of Big Data. European Journal of Privacy Law and Technologies, 2021(1), 212–223.

Mazurek, G., & and Małagocka, K. (2019). Perception of privacy and data protection in the context of the development of artificial intelligence. Journal of Management Analytics, 6(4), 344–364. https://doi.org/10.1080/23270012.2019.1671243

Mecerhed, B., & Guettar, F. Z. (2023). The Impact of Digital Transformation in Banks on Economic Growth: A Study of a Sample of Countries from 2012 to 2021. The Journal of Contemporary Issues in Business and Government, 29(4), 248–262.

Melnyk, V. (2024). Transforming the nature of trust between banks and young clients: from traditional to digital banking. Qualitative Research in Financial Markets, 16(4), 618–635. https://doi.org/10.1108/QRFM-08-2022-0129

Morake, A., Khoza, L. T., & Bokaba, T. (2021). Biometric technology in banking institutions: ‘The customers’ perspectives’. SA Journal of Information Management, 23(1), 1–9. https://doi.org/10.4102/sajim.v23i1.1407

Nasir, K. (2025). The Evolution of Privacy Laws in the Digital Age. International Journal of African Sustainable Development Research, 7(2), 269–278. https://doi.org/10.70382/tijasdr.v07i2.033

Negara, T. A. S. (2023). Normative Legal Research in Indonesia: Its Originis and Approaches. Audito Comparative Law Journal (ACLJ), 4(1), 1–9. https://doi.org/10.22219/aclj.v4i1.24855

Nissim, K., & Wood, A. (2018). Is privacy privacy? Philosophical Transactions of the Royal Society A: Mathematical, Physical and Engineering Sciences, 376(2128), 1–17. https://doi.org/10.1098/rsta.2017.0358

Onik, M. M., Kim, C.-S., Lee, N.-Y., & Yang, J. (2019). Personal Information Classification on Aggregated Android Application’s Permissions. Applied Sciences, 9(19), 1–24. https://doi.org/10.3390/app9193997

Patel, U. (2024). Data Privacy and Security in Financial Services. Journal of Artificial Intelligence & Cloud Computing, 3(5), 1–13. https://doi.org/10.47363/JAICC/2024(3)E204

Rachmalia, M. (2025, May). Mulai 17 Agustus 2025 Belanja di China dan Jepang Bisa Pakai QRIS. Detik Jatim.

Reis, O., Eneh, N. E., Ehimuan, B., Anyanwu, A., Olorunsogo, T., & Abrahams, T. O. (2024). Privacy Law Challenges in the Digital Age: A Global Review of Legislation and Enforcement. International Journal of Applied Research in Social Sciences, 6(1), 73–88. https://doi.org/10.51594/ijarss.v6i1.733

Romadiah, A., Zulfa, Z., & Puannandini, D. A. (2025). Efektivitas Penerapan UU Perlindungan Data Pribadi dalam Transaksi E-Commerce: Tinjauan Terhadap Keamanan Konsumen. SYARIAH: Jurnal Ilmu Hukum, 2(2), 205–210. https://doi.org/10.62017/syariah.v2i2.3818

Ruslan, S. (2023). Challenges and Opportunities for Legal Practice and the Legal Profession in the Cyber Age. International Journal of Law and Policy, 1(4), 1–10. https://doi.org/10.59022/ijlp.59

Shukla, G., & Puranik, M. (2025). A Study on Security and Privacy in E-Banking. International Journal For Multidisciplinary Research, 7(1), 1–8. https://doi.org/10.36948/ijfmr.2025.v07i01.35701

Situmeang, A., Park, J., Sudirman, L., Silviani, N. Z., & Agustini, S. (2025). Evaluating Data Breach Notification Protocols. Lentera Hukum, 12(1), 42–61. https://doi.org/10.19184/ejlh.v12i1.47621

Situmeang, A., Weley, N. C., & Disemadi, H. S. (2025). Kepastian Pertanggungjawaban Hukum Pidana Korporasi atas Penyalahgunaan Data Pribadi di Indonesia. Proceedings Series on Social Sciences & Humanities, 23, 8–15. https://doi.org/10.30595/pssh.v23i.1544

Sudarso, S., & Yusuf, H. (2024). Landasan Filosofis Hukum Transaksi Bank Digital di Indonesia. Journal of Comprehensive Science, 3(6), 1061–1071. https://doi.org/10.59188/jcs.v3i6.744

Sulfaunsilah, S., Hokamah, W., Sari, S. F., & Astuti, R. P. (2025). Peran Aktif Bank Indonesia Dalam Menjaga Stabilitas Sistem Keuangan Melalui Sistem Pembayaran. Menulis: Jurnal Penelitian Nusantara, 1(5), 214–220. https://doi.org/10.59435/menulis.v1i5.255

Tan, D. (2021). Metode Penelitian Hukum: Mengupas dan Mengulas Metodologi dalam Menyelenggarakan Penelitian Hukum. NUSANTARA: Jurnal Ilmu Pengetahuan Sosial, 8(5), 2463–2478. https://jurnal.um-tapsel.ac.id/index.php/nusantara/article/view/5601

Union, P. O. of the E., Graux, H., Gryffroy, P., Gad-Nowak, M., & Boghaert, L. (2024). The role of artificial intelligence in processing and generating new data – An exploration of legal and policy challenges in open data ecosystems. Publications Office of the European Union. https://doi.org/doi/10.2830/412108

Wewege, L., Lee, J., & Thomsett, M. C. (2020). Disruptions and Digital Banking Trends. Journal of Applied Finance & Banking, 10(6), 15–56.

Windasari, N. A., Kusumawati, N., Larasati, N., & Amelia, R. P. (2022). Digital-only banking experience: Insights from gen Y and gen Z. Journal of Innovation & Knowledge, 7(2), 100170. https://doi.org/https://doi.org/10.1016/j.jik.2022.100170

Wong, R. Y., & Mulligan, D. K. (2019). Bringing Design to the Privacy Table. Proceedings of the 2019 CHI Conference on Human Factors in Computing Systems, 1–17. https://doi.org/10.1145/3290605.3300492

Zainal, A. (2023). Role of Artificial Intelligence and Big Data Technologies in Enhancing Anomaly Detection and Fraud Prevention in Digital Banking Systems. International Journal of Advanced Cybersecurity Systems, Technologies, and Applications, 7(12), 1–10.

Downloads

Published

2026-04-05

How to Cite

Agustianto, A., Sacramed, M. T., Fitri, W., Weley, N. C., & Disemadi, H. S. (2026). Regulatory Gaps in Data Protection and Proportionality in Digital Banking: Legal Issues in ASEAN. Syura: Journal of Law, 4(1), 55–86. https://doi.org/10.58223/syura.v4i1.811

Issue

Vol. 4 No. 1 (2026)

Section

Articles

License

Copyright (c) 2026 Syura: Journal of Law

Creative Commons License

This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License.