The rapid acceleration of digital transformation has fundamentally reshaped social interaction, economic transactions, and governmental administration in Indonesia. The growing dependence on digital systems has significantly increased the collection, storage, processing, and dissemination of personal data by both public institutions and private corporations. While digitalisation offers efficiency, innovation and economic opportunities, it simultaneously creates substantial legal risks, including privacy violations, identity theft, data breaches, unauthorised profiling and weak regulatory enforcement. This research aims to analyse the politics of law underlying the enactment of Law Number 27 of 2022 concerning Personal Data Protection and to assess its role in safeguarding citizens’ privacy rights. This study employs a normative juridical method using statutory, conceptual, and comparative approaches. The findings indicate that the enactment of the