In the digital age, the exchange of information via the internet has become an integral part of society’s daily life, whether in communication, work, or social interactions. With the advent of digital media, all information can be easily accessed thanks to the supporting technology. While it offers positive benefits, the rise of digital media also carries the risk of giving rise to new forms of crime that threaten personal privacy. The most common practice is doxing, which is the act of disseminating a person’s personal data without consent for specific purposes. This phenomenon not only causes discomfort but also has the potential to lead to serious criminal acts
Currently, doxing has become a major concern as it is closely tied to the protection of personal data and individual security in cyberspace. Therefore, in this article, SIP Law Firm will further discuss the concept of doxing, its impacts, and legal protections for victims from a criminal law perspective.
The Concept and Various Types of Doxing in the Digital Age
Doxing is the unauthorized hacking of data that is subsequently published openly in the public domain without the consent of the data owner. According to Hukum Online, the term “doxing” originates from the acronym “dropping documents.” This is further clarified in the Cambridge Dictionary, which defines “doxing” as the act of seeking out or publishing another person’s personal data without their consent.
Furthermore, the data or information disseminated can include full names, addresses, phone numbers, employment details, and other sensitive information that falls within the private sphere. In practice, doxing is often carried out with the intent to intimidate, seek revenge, or humiliate the victim in the digital public sphere.
Based on common practices, doxing can be classified into several types. First, de-anonymization, which involves the disclosure of basic information such as a name, address, or identification number that was previously anonymous or known only through a pseudonym in the digital space. Generally, the perpetrator seeks to expose this personal information so that the victim no longer has the protection of anonymity.
Second, targeting, which is a form of doxing that focuses on disclosing specific information that allows others to identify or even track the victim’s physical location. The information typically shared includes residential addresses, work locations, or other data that could potentially lead to the identification of a specific location.
Third, delegitimization, which is a form of doxing aimed at damaging a person’s reputation, credibility, or public image. In this case, the information disseminated is often used to construct a negative narrative, causing the victim to lose the trust of their social and professional circles.
The Impact of Doxing on Victims
Doxing has far-reaching consequences, including psychological, social, and economic impacts. From a psychological perspective, victims often experience mental distress, such as anxiety, stress, and even trauma resulting from the dissemination of personal data beyond the control of the individuals concerned.
Furthermore, doxing can also have social consequences, as it can significantly damage a person’s reputation. It is not uncommon for the disseminated information to be accompanied by narratives that cast the victim in a negative light, thereby shaping harmful public opinion. Additionally, doxing can reinforce negative societal stigmas against the victim, affecting not only public perception but also their social interactions. For example, victims may face social exclusion, loss of trust within their workplace, and disruption of personal relationships, whether within the family or in their daily social circles.
Furthermore, doxing also has economic consequences for the victim. The dissemination of personal data, such as an address or workplace, can result in the victim losing their job, business opportunities, or even becoming a target of fraud and further criminal activity. In practice, doxing often creates opportunities for other crimes, such as stalking, extortion, and even physical threats.
Therefore, doxing cannot be viewed as a minor offense, but rather as a form of cybercrime with multidimensional impacts such as psychological, social, and economic—that has the potential to cause serious harm to victims.
read also : Payung Hukum Biohacking di Indonesia
Legal Protection for Victim of Doxing in Indonesia
Legal protection for victims of doxing has become increasingly crucial as the use of digital technology in daily life continues to rise. Under Indonesia’s legal system, such protection can be provided through both preventive (prevention) and repressive (law enforcement) measures.
Preventive actions that can be taken include clearly understanding how one’s personal data is used and by whom it is managed, as stipulated in Article 5 of Law No. 27 of 2022 on Personal Data Protection (“PDP Law”). This provision underscores that personal data protection extends beyond merely prohibiting misuse; it also encompasses the right to transparency and accountability in every data processing procedure. In this regard, Article 20 of the PDPA explicitly states that any party controlling an individual’s personal data must have a legal basis for processing such data, including: consent from the data subject, compliance with legal obligations, and other legitimate interests. Therefore, the practice of doxing carried out without consent is clearly a violation of the law.
The practice of doxing constitutes a prohibited act as explicitly stipulated in Article 27A of Law No. 1 of 2024 on the Second Amendment to Law No. 11 of 2008 on Electronic Information and Transactions (“EIT Law”), which states that:
“Any person who intentionally attacks the honor or reputation of another person by making an accusation, with the intent that such accusation be made public in the form of Electronic Information and/or Electronic Documents transmitted through an Electronic System.”
The above article provides clear boundaries regarding prohibited conduct, thereby serving as legal guidelines for users of information technology. The existence of this provision has the potential to encourage everyone to be more cautious in using digital media, particularly in accessing, processing, and disseminating information related to another person’s personal data.
Furthermore, punitive measures against doxing practices are fundamentally regulated under Article 45(4) of the ITE Law, which imposes criminal penalties of up to 2 years’ imprisonment and/or a maximum fine of Rp400 million on perpetrators of doxing. Additionally, Article 67(2) of the Personal Data Protection Act (PDP Act) also imposes criminal sanctions on doxing perpetrators, including imprisonment for a maximum of 4 years and/or a fine of up to Rp4 billion.
Therefore, doxing is not merely an ethical violation but a legal offense that can be prevented through preventive measures or addressed through repressive measures. Through these efforts, it will hopefully be possible to significantly minimize doxing in the digital space, in tandem with increased public legal awareness and optimal law enforcement by the relevant authorities. Without adequate protection, the practice of doxing has the potential to continue spreading and cause increasingly widespread impacts on society.
Doxing is a digital crime that not only violates an individual’s privacy but also has the potential to cause serious impacts, both psychologically, socially, and economically. Under Indonesia’s legal system, doxing is a prohibited act as stipulated in the Personal Data Protection Act (PDP) and the Electronic Information and Transactions Act (ITE). Therefore, public awareness and strengthened law enforcement are necessary to effectively prevent and address doxing.***
Daftar Hukum:
- Undang-Undang Nomor 27 Tahun 2022 tentang Pelindungan Data Pribadi (“UU PDP”).
- Undang-Undang Nomor 1 Tahun 2024 tentang Perubahan Kedua atas Undang-Undang Nomor 11 Tahun 2008 tentang Informasi dan Transaksi Elektronik (UU ITE”).
Referensi:
- Apa Itu Doxing dan Bagaimana Jerat Hukumnya?. Hukum Online. (Diakses pada 1 April 2026 Pukul 13.05 WIB).
- Doxing. Cambridge Dictionary. (Diakses pada 1 April 2026 Pukul 13.12 WIB).
- Akbar, H. R., Awalliyah, H., Tusaddyah, H., Putri, D. A., Aprilia, D. N. N., & Adriyani, A. (2025). Identitas yang Terbuka: Doxing dan Urgensi Keamanan serta Etika Komunikasi di Era Media Baru. Social Empirical: Prosiding Berkala Ilmu Sosial, Vol. 2, No. 2, Hal. 512. (Diakses pada 1 April 2026 Pukul 13.45 WIB).