The Limitations of Lex Generalis: Analyzing the Readiness of the GDPR and PDP Law for AI-Based Facial Recognition Technology
Abstract
The implementation of AI-based FRT creates a fundamental conflict between security innovation and the protection of the human right to personal data. This research aims to (1) analyze the fundamental juridical-ethical challenges of AI-based identity systems; (2) examine the effectiveness and limitations of the GDPR (European Union) and the PDP Law (Indonesia) in responding to these risks; and (3) formulate recommendations for an adaptive regulatory framework. This research employs a normative legal research method, utilizing critical-comparative and prescriptive approaches. The analysis reveals two main findings. First, FRT presents unique systemic risks. These risks include discriminatory algorithmic bias, the normalization of mass surveillance, and an accountability crisis resulting from its “black-box” nature. These risks cannot be mitigated by conventional legal frameworks for privacy. Second, critical analysis proves that the GDPR and the PDP Law, as lex generalis instruments, are normatively and practically insufficient in regulating the specific and predictive dynamics of AI technology. This limitation creates a significant rechtsvacuüm, wherein technology adoption operates without adequate juridical oversight. Therefore, this research concludes that reliance on these two regulations is no longer sufficient. This research recommends a shift in Indonesia’s regulatory paradigm. The prescriptive solution proposed is the adoption of a lex specialis (derivative regulation) framework that is proactive, preventive, and adopts a risk-based approach. This framework is essential to ensure that AI innovation remains aligned with the principles of data protection and human dignity.
Downloads
References
Almeida, D., Shmarko, K., & Lomas, E. (2022). The Ethics of Facial Recognition Technologies, Surveillance, and Accountability in an Age of Artificial Intelligence: A Comparative Analysis of US, EU, and UK Regulatory Frameworks. AI and Ethics, 2(3), 377-387. https://doi.org/10.1007/s43681-021-00077-w
Atmawijaya, R., & Radiyah, U. (2024). Perancangan Autentikasi Multi Faktor dengan Pengenalan Wajah dan Fido (Fast Identity Online). INTI Nusa Mandiri, 19(1), 46-53. https://doi.org/10.33480/inti.v19i1.5263
Azam, M., Javaid, N., Rafiq, T., Zafar, S., Adnan, M., & Munir, K. (2024). Smart Cities towards Artificial Intelligence. The Asian Bulletin of Big Data Management, 4(2), 344-359. https://doi.org/10.62019/abbdm.v4i02.185
Cole, M. D. (2024). AI Regulation and Governance on a Global Scale: An Overview of International, Regional and National Instruments. Journal of AI Law and Regulation, 1(1), 126-142. https://doi.org/10.21552/aire/2024/1/16
Ekawati, D., Herdiana, D., & Haryanti, A. (2025). Phishing in the Banking Sector: Between Cybercrime and Consumer Protection. SIGn Jurnal Hukum, 7(1), 133-151. https://doi.org/10.37276/sjh.v7i1.422
Gasiokwu, P. I., Oyibodoro, U. G., & Nwabuoku, M. O. I. (2025). GDPR Safeguards for Facial Recognition Technology: A Critical Analysis. International Research Journal of Multidisciplinary Scope, 6(1), 407-423. https://doi.org/10.47857/irjms.2025.v06i01.02025
Girsang, S. Y. B. (2024). Pentingnya Regulasi Khusus Sistem Face Recognition Technology Sebagai Produk Artificial Intelligence dalam Peningkatan Keamanan dan Penegakan Hukum di Indonesia. Nommensen Journal of Legal Opinion, 5(2), 86-98. https://doi.org/10.51622/njlo.v5i2.1817
Gültekin-Várkonyi, G. (2024). Navigating Data Governance Risks: Facial Recognition in Law Enforcement under EU Legislation. Internet Policy Review, 13(3), 1-36. https://doi.org/10.14763/2024.3.1798
Hilmi, F., & Marpaung, Z. A. (2025). Perlindungan Hukum bagi Korban Penggunaan Teknologi Pengenalan Wajah. Jurnal Antologi Hukum, 5(1), 18-37. https://doi.org/10.21154/antologihukum.v5i1.5128
Illinois General Assembly: Biometric Information Privacy Act (Public Act 095-0994). https://www.ilga.gov/Legislation/publicacts/view/095-0994
Irwansyah. (2020). Penelitian Hukum: Pilihan Metode & Praktik Penulisan Artikel. Mirra Buana Media.
Irwanto, H. T., Wiranti, W., Dahlan, M. F., & Kadir, N. K. (2025). Ethics and Law of Personal Data Protection for Smartwatches in the Healthcare Sector. SIGn Jurnal Hukum, 7(1), 421-436. https://doi.org/10.37276/sjh.v7i1.489
Kavoliūnaitė-Ragauskienė, E. (2024). Right to Privacy and Data Protection Concerns Raised by the Development and Usage of Face Recognition Technologies in the European Union. Journal of Human Rights Practice, 16(2), 658-674. https://doi.org/10.1093/jhuman/huad065
Kennedy, A. (2025). Tantangan Implementasi dan Perkembangan Hukum Telematika di Indonesia. Ethics and Law Journal: Business and Notary, 3(2), 1-9. https://doi.org/10.61292/eljbn.262
Kim, M. W., Kim, I. H., Kim, J., Oh, J. H., Chang, J., & Park, S. (2023). A Study on the Protection of Biometric Information against Facial Recognition Technology. KSII Transactions on Internet & Information Systems, 17(8), 2124-2139. https://doi.org/10.3837/tiis.2023.08.009
Law of the Republic of Indonesia Number 27 of 2022 on Personal Data Protection (State Gazette of the Republic of Indonesia of 2022 Number 196, Supplement to the State Gazette of the Republic of Indonesia Number 6820). https://www.dpr.go.id/dokumen/jdih/undang-undang/detail/1814
Mas’adi, D. R. A. (2025). Digitalisasi Administrasi Migrasi: Implementasi Teknologi dalam Pengelolaan Imigrasi dan Kependudukan. Journal of Administrative and Sosial Science, 6(1), 24-33. https://doi.org/10.55606/jass.v6i1.1832
Montgomery, L. R. (2025). Facebook and the Biometric Information Privacy Act Litigation. Endnotes: The Journal of the New Members Round Table, 13(1), 72-82. Retrieved from https://journals.ala.org/index.php/endnotes/article/view/8492
Parliament of Singapore: Personal Data Protection Act 2012 [2020 Revised Edition]. https://sso.agc.gov.sg/Act/PDPA2012
Poirson, C. (2021). The Legal Regulation of Facial Recognition. In K. Miller & K. Wendt (Eds.), The Fourth Industrial Revolution and Its Impact on Ethics: Solving the Challenges of the Agenda 2030 (pp. 283-302). Springer. https://doi.org/10.1007/978-3-030-57020-0_21
Purwanti, N., Barthos, M., & Saputra, T. E. (2025). The Role of Artificial Intelligence in the Implementation of Personal Data Protection Law in Indonesia. INJURITY: Journal of Interdisciplinary Studies, 4(6), 325-336. https://doi.org/10.58631/injurity.v4i6.1448
Qamar, N., & Rezah, F. S. (2020). Metode Penelitian Hukum: Doktrinal dan Non-Doktrinal. CV. Social Politic Genius (SIGn). https://books.google.co.id/books?id=TAQHEAAAQBAJ
Rambe, R., & Abdurrahman, L. (2024). Implikasi Etika dan Hukum dalam Penggunaan Teknologi Pengenalan Wajah: Perlindungan Privasi Versus Keamanan Publik. Jurnal Hukum Caraka Justitia, 4(2), 90-104. https://doi.org/10.30588/jhcj.v4i2.1828
Raposo, V. L. (2023). (Do Not) Remember My Face: Uses of Facial Recognition Technology in Light of the General Data Protection Regulation. Information & Communications Technology Law, 32(1), 45-63. https://doi.org/10.1080/13600834.2022.2054076
Razaq, M. L. (2023). Penggunaan Teknologi Pengenalan Wajah dalam Keamanan Publik. Journal of Education Religion Humanities and Multidiciplinary, 1(2), 482-486. https://doi.org/10.57235/jerumi.v1i2.1403
Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the Protection of Natural Persons with Regard to the Processing of Personal Data and on the Free Movement of Such Data, and Repealing Directive 95/46/EC (General Data Protection Regulation). http://data.europa.eu/eli/reg/2016/679/oj
Regulation (EU) 2024/1689 of the European Parliament and of the Council on Laying Down Harmonised Rules on Artificial Intelligence and Amending Regulations (EC) No 300/2008, (EU) No 167/2013, (EU) No 168/2013, (EU) 2018/858, (EU) 2018/1139 and (EU) 2019/2144 and Directives 2014/90/EU, (EU) 2016/797 and (EU) 2020/1828 (Artificial Intelligence Act) [OJ L, 2024/1689, 12.7.2024]. https://eur-lex.europa.eu/eli/reg/2024/1689/oj
Salami, E. (2025). Personal Data Protection in Emotional AI: The Facial Coding Example. In R. Ballardini et al. (Eds.), Emotional Data Applications and Regulation of Artificial Intelligence in Society (pp. 113-124). Springer. https://doi.org/10.1007/978-3-031-80111-2_7
Sampara, S., & Husen, L. O. (2016). Metode Penelitian Hukum. Kretakupa Print.
Sihombing, R. P., Kusno, K., & Siregar, A. A. (2024). Investigative Effectiveness in the Digital Era: A Case Study of Technological Innovation at the Rokan Hilir Police Resort. SIGn Jurnal Hukum, 6(2), 52-67. https://doi.org/10.37276/sjh.v6i2.368
Simanjuntak, Y. K., Putra, D. T., Panjaitan, G. L., Siregar, C. G., & Pangaribuan, N. S. P. (2023). Privacy Protection and the Use of Facial Recognition Technology in Public Surveillance: Legal Perspectives and Policy Implementation in the Digital Era. Problematika Hukum, 9(1), 14-23. https://doi.org/10.33021/ph.v9i1.5200
Soemitro, D. P., Wicaksono, M. A., & Putri, N. A. (2023). Penal Provisions in the Personal Data Protection Law: A Comparative Legal Study between Indonesia and Singapore. SIGn Jurnal Hukum, 5(1), 155-167. https://doi.org/10.37276/sjh.v5i1.272
Surden, H. (2019). Artificial Intelligence and Law: An Overview. Georgia State University Law Review, 35(4), 1305-1337. Retrieved from https://readingroom.law.gsu.edu/gsulr/vol35/iss4/8
Urquhart, L., & Miranda, D. (2022). Policing Faces: The Present and Future of Intelligent Facial Surveillance. Information & Communications Technology Law, 31(2), 194-219. https://doi.org/10.1080/13600834.2021.1994220
Verheij, B. (2020). Artificial Intelligence as Law: Presidential Address to the Seventeenth International Conference on Artificial Intelligence and Law. Artificial Intelligence and Law, 28(2), 181-206. https://doi.org/10.1007/s10506-020-09266-0
Wibowo, A. M. (2025). The Future of Copyright Protection for AI-Generated Art: Lessons from the Ghiblification Phenomenon. SIGn Journal of Social Science, 6(1), 1-27. https://doi.org/10.37276/sjss.v6i1.436
Zahro, A. K. (2025). Perlindungan Privasi Individu dalam Penggunaan Face Recognition Tinjauan Hukum dan Etika. Jurnal Spektrum Hukum, 21(2), 150-159. https://doi.org/10.56444/sh.v21i2.5779
Copyright (c) 2025 Komang Suputra Kurniawan, I Gede Agus Kurniawan
This work is licensed under a Creative Commons Attribution 4.0 International License.
