Multiple Streams Framework (MSF) Analysis on the Adoption of the Personal Data Protection Bill

Authors

  • Reine Taqiyya Prihandoko Universitas Indonesia, Depok, Jawa Barat, Indonesia
  • Andreo Wahyudi Atmoko Universitas Indonesia, Depok, Jawa Barat, Indonesia

DOI:

https://doi.org/10.51135/PublicPolicy.v6.i2.p391-409

Keywords:

Multiple Streams Framework, Data Protection, Digital Policy Adoption

Abstract

This research examines the adoption of Indonesia’s Personal Data Protection (PDP) Bill using the Multiple Streams Framework (MSF), with particular attention to how the 2022 Bjorka data breach catalyzed the convergence of the problem, policy, and political streams. Although this incident created a policy window, the subsequent stream coupling was largely reactive and premature, shaped more by symbolic political urgency than by institutional or policy readiness. The analysis demonstrates that the bill’s enactment proceeded without adequate groundwork for implementation, as evidenced by delayed regulatory development and unresolved issues concerning the establishment of an independent data protection authority. The study contributes to understanding digital governance reform in transitional political contexts, highlighting the pitfalls of crisis-driven convergence and symbolic legislative adoption. It underscores the critical need for institutional coherence, context-sensitive policy adaptation, and forward-looking governance in achieving substantive and sustainable digital policy outcomes.

Downloads

Download data is not yet available.

References

Aji. (2021, December 2). Survei CfDS UGM: Masih Sedikit Masyarakat yang Paham Data Pribadi. UGM. https://ugm.ac.id/id/berita/22036-survei-cfds-ugm-masih-sedikit-masyarakat-yang-mafhum-data-pribadi/

Aji, M. P. (2023). Sistem Keamanan Siber dan Kedaulatan Data di Indonesia dalam Perspektif Ekonomi Politik (Studi Kasus Perlindungan Data Pribadi) [Cyber Security System and Data Sovereignty in Indonesia in Political Economic Perspective]. Jurnal Politica Dinamika Masalah Politik Dalam Negeri Dan Hubungan Internasional, 13(2). https://doi.org/10.22212/jp.v13i2.3299

Alfarizi, M. K. (2021, September 2). Survei: 81 Persen Perusahaan di Indonesia Berpotensi Alami Kebocoran Data. Tempo. https://www.tempo.co/digital/survei-81-persen-perusahaan-di-indonesia-berpotensi-alami-kebocoran-data-478052

Ang, M. (2021). Consumer’s Data Protection and Standard Clause in Privacy Policy In E-Commerce: A Comparative Analysis on Indonesian and Singaporean Law. The Lawpreneurship Journal, 1(1). https://doi.org/10.21632/tlj.1.1.100-113

Anjawai, N. B., Amboro, F. Y. P., & Hutauruk, R. H. (2022). Perbandingan Perlindungan Hukum Terkait Data Pribadi di Indonesia dan Jerman. AL-MANHAJ: Jurnal Hukum Dan Pranata Sosial Islam, 4(2). https://doi.org/10.37680/almanhaj.v4i2.1791

Bappenas. (2019). Ringkasan Eksekutif Visi Indonesia 2045. In Sistem Manajemen Pengetahuan (Vol. 32).

BBC Indonesia. (2022, September 14). Bjorka Klaim Retas Dokumen Presiden Jokowi, pemerintah bentuk satgas dan ungkap motif. BBC Indonesia. https://www.bbc.com/indonesia/indonesia-62870532

Bestari, N. P. (2022, August 22). Setelah PLN, 26 Juta Data Indihome Bocor & Disebar Hacker. CNBC Indonesia. https://www.cnbcindonesia.com/tech/20220822062837-37-365431/setelah-pln-26-juta-data-indihome-bocor-disebar-hacker

CNBC Indonesia. (2022, September 10). Ini Ucapan HUT Spesial dari Bjorka untuk Johnny Plate. CNBC Indonesia. https://www.cnbcindonesia.com/news/20220910201645-4-371038/ini-ucapan-hut-spesial-dari-bjorka-untuk-johnny-plate

CNN Indonesia. (2021, June 23). Ahli Sebut Kerugian Kebocoran Data Penduduk-BPJS Rp600 T. CNN Indonesia. https://www.cnnindonesia.com/teknologi/20210623115637-199-658214/ahli-sebut-kerugian-kebocoran-data-penduduk-bpjs-rp600-t

CNN Indonesia. (2022a, September 10). Deret Aksi Hacker Bjorka: Data KPU, PLN hingga Doxing Menteri Johnny. CNN Indonesia. https://www.cnnindonesia.com/teknologi/20220910144839-192-846012/deret-aksi-hacker-bjorka-data-kpu-pln-hingga-doxing-menteri-johnny

CNN Indonesia. (2022b, September 12). Gara-Gara Bjorka, Jokowi Rapat dengan Menteri Bahas Kebocoran Data. CNN Indonesia. https://www.cnnindonesia.com/nasional/20220912164922-20-846765/gara-gara-bjorka-jokowi-rapat-dengan-menteri-bahas-kebocoran-data

CNN Indonesia. (2023, July 18). 6 Bahaya Kebocoran Data dan Cara Mengatasinya. CNN Indonesia. https://www.cnnindonesia.com/teknologi/20230718050914-192-974649/6-bahaya-kebocoran-data-dan-cara-mengatasinya

CNN Indonesia. (2025, May 9). UU PDP Disahkan lebih dari 2 Tahun, Bagaimana Kelanjutannya? CNN Indonesia. https://www.cnnindonesia.com/teknologi/20250509164326-185-1227818/uu-pdp-disahkan-lebih-dari-2-tahun-bagaimana-kelanjutannya

CSA Teddy Lesmana, Elis, E., & Hamimah, S. (2022). Urgensi Undang-Undang Perlindungan Data Pribadi dalam Menjamin Keamanan Data Pribadi Sebagai Pemenuhan Hak Atas Privasi Masyarakat Indonesia. Jurnal Rechten : Riset Hukum Dan Hak Asasi Manusia, 3(2). https://doi.org/10.52005/rechten.v3i2.78

Detikcom. (2022, September 13). 5 Pejabat RI Ini Kena Serangan Bjorka, Luhut hingga Jokowi. DetikNews. https://news.detik.com/foto-news/d-6289350/5-pejabat-ri-ini-kena-serangan-bjorka-luhut-hingga-jokowi

Dewi, I. R. (2022, September 14). Bikin Heboh RI, data apa saja yang dibocorkan hacker bjorka? CNBC Indonesia. https://www.cnbcindonesia.com/tech/20220914095826-37-371939/bikin-heboh-ri-data-apa-saja-yang-dibocorkan-hacker-bjorka?page=all

Ditjen Aptika. (2020a, February). Tahun 2020 Ditjen Aptika Fokus Bangun Ekonomi Digital di Indonesia Timur. Direktorat Jenderal Aplikasi Informatika Kementerian Komunikasi Dan Informatika. https://aptika.kominfo.go.id/2020/02/tahun-2020-ditjen-aptika-fokus-bangun-ekonomi-digital-di-indonesia-timur/

Ditjen Aptika. (2020b, May). Kominfo Hadirkan Tiga Program Pelatihan Online Selama Pandemi Covid-19. Direktorat Jenderal Aplikasi Informatika Kementerian Komunikasi Dan Informatika. https://aptika.kominfo.go.id/2020/05/kominfo-hadirkan-tiga-program-pelatihan-online-selama-pandemi-covid-19/

Ditjen Aptika. (2020c, August). Empat Fokus Kebijakan Pemerintah untuk Percepatan Transformasi Digital. Direktorat Jenderal Aplikasi Informatika Kementerian Komunikasi Dan Informatika. https://aptika.kominfo.go.id/2020/08/empat-fokus-kebijakan-pemerintah-untuk-percepatan-transformasi-digital/

Ditjen Aptika. (2021, May). Smart City Percepat Pemerintahan Digital di KPPN dan IKN Baru. Direktorat Jenderal Aplikasi Informatika Kementerian Komunikasi Dan Informatika. https://aptika.kominfo.go.id/2021/05/smart-city-percepat-pemerintahan-digital-di-kppn-dan-ikn-baru/

ELSAM. (2019, May 16). Penyalahgunaan Data Pribadi Meningkat, perlu Akselerasi Proses Pembahasan RUU Perlindungan Data Pribadi. Lembaga Studi & Advokasi Masyarakat. https://www.elsam.or.id/bisnis-dan-ham/penyalahgunaan-data-pribadi-meningkat--perlu-akselerasi-proses-pembahasan-ruu-perlindungan-data-pribadi

ELSAM. (2024, January 28). Siaran Pers ELSAM International Data Privacy Day 2024: Tantangan Implementasi Satu Tahun UU Pelindungan Data Pribadi. Lembaga Studi Dan Advokasi Masyarakat (ELSAM). https://www.elsam.or.id/storage/files/2/Siaran%20Pers%20ELSAM%20-%20International%20Data%20Privacy%20Day%202024.pdf

Finaka, A. W. (2023). Perjalanan UU Perlindungan Data Pribadi. Indonesia Baik. https://indonesiabaik.id/infografis/perjalanan-uu-perlindungan-data-pribadi

Fowler, L. (2022). Using the Multiple Streams Framework to Connect Policy Adoption to Implementation. Policy Studies Journal, 50(3). https://doi.org/10.1111/psj.12381

Gobel, T. (2020, February 14). Ini Kata Kominfo Soal Data Cookies di RUU PDP. Cyberthreat.Id. https://cyberthreat.id/read/5271/Ini-Kata-Kominfo-Soal-Data-Cookies-di-RUU-PDP

Goddard, M. (2017). Viewpoint: The EU General Data Protection Regulation (GDPR): European Regulation that has a Global Impact. In International Journal of Market Research (Vol. 59, Issue 6). https://doi.org/10.2501/IJMR-2017-050

Goyal, N., Howlett, M., & Taeihagh, A. (2021). Why and How Does the Regulation of Emerging Technologies Occur? Explaining the Adoption of the EU General Data Protection Regulation using the Multiple Streams Framework. Regulation and Governance, 15(4). https://doi.org/10.1111/rego.12387

Gunst, S., & de Ville, F. (2021). The Brussels Effect: How the GDPR Conquered Silicon Valley. European Foreign Affairs Review, 26(3). https://doi.org/10.54648/EERR2021036

Herweg, N., Zahariadis, N., & Zohlnhöfer, R. (2023). The Multiple Streams Framework Foundations, Refinements, and Empirical Applications. In Theories of the Policy Process: Fifth Edition. https://doi.org/10.4324/9781003308201-3

Hisbulloh, M. H. (2021). URGENSI RANCANGAN UNDANG-UNDANG (RUU) PERLINDUNGAN DATA PRIBADI. Jurnal Hukum Unissula, 37(2). https://doi.org/10.26532/jh.v37i2.16272

Islam, T., Bakar Munir, A., & Karim, M. E. (2021). Revisiting the Right to Privacy in the Digital Age: A Quest to Strengthen the Malaysian Data Protection Regime. JMCL, 48(1).

Jo, B. (2024, July 5). 6 Dampak Bahaya Kebocoran Data Pribadi serta Cara Mengatasinya. Tirto. https://tirto.id/dampak-bahaya-kebocoraan-data-pribadi-dan-cara-mengatasinya-gSTG

KataData. (2021, December 31). Laporan Persepsi Masyarakat atas Pelindungan Data Pribadi. Kementerian Komunikasi Dan Informatika Dan Katadata Insight Center. https://databoks.katadata.co.id/publikasi/2021/12/31/persepsi-masyarakat-atas-pelindungan-data-pribadi

Ketmaneechairat, H., Maliyaem, M., & Puttawattanakul, P. (2024). Towards a Management System Framework for the Integration of Personal Data Protection and Data Governance: A Case Study of Thai Laws and Practices. International Journal of Technology, 15(1). https://doi.org/10.14716/ijtech.v15i1.5885

Kingdon, J. W. (1984). Agendas, Alternatives, and Public Policy. In Political Science Quarterly (Vol. 100, Issue 1).

Kingdon, J. W. (2011). Agendas, Alternatives, and Public Policies (Updated). Longman Classics in Political Science.

Kurniawan, Y., & Gunawan, A. B. (2021). Mekanisme Difusi Kebijakan pada Tahap Perumusan Agenda Studi Kasus Wacana RUU pelindungan Data Pribadi di Indonesia. JWP (Jurnal Wacana Politik), 6(2). https://doi.org/10.24198/jwp.v6i2.35590

Labadie, C., & Legner, C. (2023). Building Data Management Capabilities to Address Data Protection Regulations: Learnings from EU-GDPR. Journal of Information Technology, 38(1). https://doi.org/10.1177/02683962221141456

Laybats, C., & Davies, J. (2018). GDPR: Implementing the Regulations. In Business Information Review (Vol. 35, Issue 2). https://doi.org/10.1177/0266382118777808

Lebang, C. G., Priyandita, G., Wijaya, T., Zakaria, N. A., & Rasyid, A. K. (2023). Transformasi Digital Indonesia: Kondisi Terkini dan Proyeksi. In Laboratorium Indonesia 2045 (LAB 45). Laboratorium Indonesia 2045 (LAB 45). lab45.id/detail/257/transformasi-digital-indonesia-kondisi-terkini-dan-proyeksi

Maharani, T. (2020, February 25). Menkominfo Ingin RI Jadi Negara Ke-5 di ASEAN yang Punya UU Perlindungan Data Pribadi. Kompas. https://nasional.kompas.com/read/2020/02/25/13383911/menkominfo-ingin-ri-jadi-negara-ke-5-di-asean-yang-punya-uu-perlindungan

Meodia, A. (2020, May 3). Pakar sebut 91 juta Data Bocor, Tokopedia Jamin tak ada Kebocoran Data. Antara. https://www.antaranews.com/berita/1461777/pakar-sebut-91-juta-data-bocor-tokopedia-jamin-tak-ada-kebocoran-data

Mintrom, M., & Norman, P. (2009). Policy Entrepreneurship and Policy Change. In Policy Studies Journal (Vol. 37, Issue 4). https://doi.org/10.1111/j.1541-0072.2009.00329.x

Möck, M., Vogeler, C. S., Bandelow, N. C., & Hornung, J. (2023). Relational Coupling of Multiple Streams: The Case of COVID-19 infections in German abattoirs. Policy Studies Journal, 51(2). https://doi.org/10.1111/psj.12459

Najib, A. (2023). Perlindungan Hukum Keamanan Data Cyber Notary Berdasarkan Undang-Undang Perlindungan Data Pribadi. Acta Diurnal Jurnal Ilmu Hukum Kenotariatan Dan Ke-PPAT-An, 7(1). https://doi.org/10.23920/acta.v7i1.1680

Neuman, W. L. (2014). Social Research Methods: Qualitative and Quantitative Approaches W. Lawrence Neuman Seventh Edition. In Teaching Sociology (Vol. 30, Issue 3).

Nugraheny, D. E., & Santosa, B. (2022, September 12). Pemerintah Bentuk Tim Khusus Hadapi Serangan “Hacker” Bjorka, Libatkan Polri dan BIN. Kompas. https://nasional.kompas.com/read/2022/09/12/17272831/pemerintah-bentuk-tim-khusus-hadapi-serangan-hacker-bjorka-libatkan-polri

Nurita, D. (2021, September 3). Sertifikat Vaksinasi Jokowi Bocor, PSI: Darurat Perlindungan Data Pribadi. Tempo. https://www.tempo.co/politik/sertifikat-vaksinasi-jokowi-bocor-psi-darurat-perlindungan-data-pribadi-477727

Peng, Z., Yang, S., Dong, L., & Sun, J. (2024). An Effective Alternative, Policy Experimentation, and the Multiple Streams Framework: An Empirical Study of Chinese Rural Governance Policy Output. SAGE Open, 14(1). https://doi.org/10.1177/21582440231220104

Prasad, D. M., & Menon, S. C. (2020). The Personal Data Protection Bill, 2018: India’s Regulatory Journey Towards a Comprehensive Data Protection Law. International Journal of Law and Information Technology, 28(1). https://doi.org/10.1093/ijlit/eaaa003

Prawira, Y., & Yola, L. (2023). Analisis Narrative Policy Framework (NPF) dalam Kebijakan Undang-undang Pelindungan Data Pribadi (UU PDP). Jurnal Transformative, 9(2). https://doi.org/10.21776/ub.transformative.2023.009.02.5

Putri, M. H. (2022, September 12). Komisi I DPR Bentuk Panja Kaji soal Peretasan Bjorka. IDN Times. https://www.idntimes.com/news/indonesia/komisi-i-dpr-bentuk-panja-kaji-soal-peretasan-bjorka-00-l9vk4-xcz2jg

Rizal, M. S. (2019). Perbandingan Perlindungan Data Pribadi Indonesia dan Malaysia. Jurnal Cakrawala Hukum, 10(2). https://doi.org/10.26905/idjch.v10i2.3349

Santosh, S., & Kane, S. (2023). Extending Kingdon’s Multiple Streams Policy Framework Through an Analysis of How Community Health Workers in India Are Driving Policy Changes. Community Health Equity Research and Policy. https://doi.org/10.1177/2752535X231222654

Shahrullah, R. S., Park, J., & Irwansyah. (2024). Examining Personal Data Protection Law of Indonesia and South Korea: The Privacy Rights Fulfilment. Hasanuddin Law Review, 10(1). https://doi.org/10.20956/halrev.v10i1.5016

Sulistianingsih, D., Ihwan, M., Setiawan, A., & Prabowo, M. S. (2023). Tata Kelola Perlindungan Data Pribadi di Era Metaverse (Telaah Yuridis Undang-Undang Perlindungan Data Pribadi). Masalah-Masalah Hukum, 52(1). https://doi.org/10.14710/mmh.52.1.2023.97-106

Sullivan, C. (2019). EU GDPR or APEC CBPR? A Comparative Analysis of the Approach of the EU and APEC to Cross Border Data Transfers and Protection of Personal Data in the IoT Era. Computer Law and Security Review, 35(4). https://doi.org/10.1016/j.clsr.2019.05.004

Tanzilla, F. D., Hanita, M., & Widiawan, B. (2023). Cyber Security in Indonesia Post Establishment of the Personal Data Protection Law. International Journal of Progressive Sciences and Technologies, 40(2). https://doi.org/10.52155/ijpsat.v40.2.5617

Wicaksana, R. H., Munandar, A. I., & ... (2020). … Narrative Policy Framework: Kasus Serangan Siber Selama Pandemi Covid-19 (A Narrative Policy Framework Analysis of Data Privacy Policy: A Case of Cyber …. … IPTEKKOM (Jurnal Ilmu …, 22(2).

Wisanggeni, S. P. (2020, May 22). Data Pribadi 2,3 Juta Penduduk Indonesia Bocor. Kompas. https://www.kompas.id/baca/ilmu-pengetahuan-teknologi/2020/05/22/data-pribadi-23-juta-penduduk-indonesia-bocor

Yuslianson. (2024, September 20). Pakar: Dugaan Kebocoran 6,6 Juta Data Pajak oleh Bjorka Harus Jadi Perhatian Serius Pemerintah. Liputan6. https://www.liputan6.com/tekno/read/5705815/pakar-dugaan-kebocoran-66-juta-data-pajak-oleh-bjorka-harus-jadi-perhatian-serius-pemerintah

Zahariadis, N. (2019). The Multiple Streams Framework: Structure, Limitations, Prospects. In Theories of the Policy Process. https://doi.org/10.4324/9780367274689-3

Downloads

Published

2025-08-12

How to Cite

Prihandoko, R. T., & Atmoko, A. W. (2025). Multiple Streams Framework (MSF) Analysis on the Adoption of the Personal Data Protection Bill. Public Policy ; Jurnal Aplikasi Kebijakan Publik Dan Bisnis, 6(2), 391–409. https://doi.org/10.51135/PublicPolicy.v6.i2.p391-409

Issue

Vol. 6 No. 2 (2025): Public Policy : Jurnal Aplikasi Kebijakan Publik dan Bisnis (on process)

Section

Articles

License

Copyright (c) 2025 author(s)

Creative Commons License

This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.

Authors whose manuscripts are published in the Journal of Public Policy must agree to the following terms;

  1. Publication rights for all manuscript materials published are held by the editorial board with the author's consent.
  2. The legal formalities for digital access to the Journal of Public Policy are subject to the Creative Commons Attribution Sharealike (CC BY SA) license, which means the Journal of Public Policy has the right to store, redistribute, reformat, manage in a database, maintain, and publish the manuscript without seeking permission from the author as long as the author's name is included as the copyright owner.
  3. Published manuscripts are open access for the purpose of disseminating research results. Besides this purpose, the editorial board is not responsible for copyright law violations.