Fintech Without Protection, Indonesia’s Digital Inclusion at a Crossroads -By Moh. Ja’far Sodiq Maksum & Edy Rudyanto

Indonesia’s ambition to become Southeast Asia’s leading digital economy is increasingly anchored in the rapid expansion of financial technology (fintech). From peer-to-peer lending to digital payments, fintech has been widely celebrated as a powerful tool for financial inclusion, particularly for the unbanked and underbanked populations.

Yet beneath this optimistic narrative lies a more troubling reality: the expansion of access has not been matched by an equally robust framework of consumer protection. As a result, Indonesia now faces a critical policy dilemma—whether fintech will serve as a vehicle for inclusive growth, or as a new mechanism of digital vulnerability.

Inclusion Without Protection

Fintech’s promise is simple: faster, cheaper, and more accessible financial services. In practice, however, this accessibility often comes at the cost of informed consent.

Most users engage with fintech platforms through click-wrap agreements—standardized contracts that are accepted with a single tap. While legally binding, these agreements are rarely understood. Users frequently consent to complex terms governing interest rates, penalties, and data usage without meaningful awareness of their implications.

This creates a structural imbalance in bargaining power between providers and users. From a policy perspective, such asymmetry undermines the very foundation of consumer protection. Access alone cannot be equated with empowerment; without safeguards, it risks becoming a form of regulated exposure.

In ethical terms, economic activity must be grounded not only in legality but also in fairness and responsibility. As emphasized in business ethics scholarship, market transactions that exploit informational asymmetry—even if formally valid—raise serious concerns about justice and legitimacy .

The Political Economy of Data

Perhaps the most critical issue in Indonesia’s fintech ecosystem is the treatment of personal data. In the digital economy, data has become a strategic asset—one that shapes not only business models but also power relations.

Fintech platforms routinely collect extensive user data, ranging from financial behavior to personal contacts and location history. While such data can improve credit scoring and service delivery, it also creates significant risks of misuse.

Cases involving illegal lending platforms have demonstrated how personal data can be weaponized for coercive debt collection, including threats and reputational harm. These practices highlight a deeper structural problem: the commodification of personal data in the absence of effective enforcement.

Indonesia’s Personal Data Protection Law (Law No. 27/2022) represents an important regulatory milestone. However, legislation alone is insufficient. Without strong enforcement mechanisms, regulatory capacity, and institutional coordination, data protection risks remaining symbolic rather than substantive.

From a governance perspective, data protection should be treated not merely as a technical issue, but as a matter of digital sovereignty and public trust.

Regulatory Lag and the Rise of Informality

A key challenge in Indonesia’s fintech landscape is the persistent gap between technological innovation and regulatory adaptation. Fintech evolves at a pace that traditional regulatory frameworks struggle to match.

This regulatory lag has enabled the proliferation of illegal platforms operating outside official oversight. Despite repeated crackdowns, these platforms continue to re-emerge, often exploiting regulatory blind spots and low levels of digital literacy.

The current regulatory approach remains largely reactive—focused on enforcement after harm has occurred. This model is increasingly inadequate in a digital environment where risks are systemic and rapidly evolving.

To address this, Indonesia must shift toward proactive and technology-driven regulation, including the adoption of supervisory technology (SupTech) to monitor fintech operations in real time.

Accountability and the Burden of Risk

Another critical issue is the allocation of responsibility within the fintech ecosystem. In many cases, when fraud or data breaches occur, users are held accountable for “negligence,” such as sharing one-time passwords (OTPs).

While user awareness is important, this approach oversimplifies the problem. It effectively transfers systemic risk onto individuals, ignoring the role of platform design, cybersecurity standards, and institutional safeguards.

From a public policy standpoint, this represents a failure of accountability. Complex digital systems require a shared responsibility framework, in which:

• providers are accountable for system security and transparency,
• regulators ensure compliance and oversight, and
• users are protected from risks beyond their control.

Without such a framework, consumer protection becomes fragmented and ineffective.

Policy Priorities for a Sustainable Fintech Ecosystem

If Indonesia is to harness fintech as a driver of inclusive growth, several policy priorities must be addressed.

First, strengthen real-time supervision.

Regulators should invest in SupTech tools capable of monitoring fintech activities, including algorithmic credit scoring, to prevent discriminatory or opaque practices.

Second, standardize digital contracts.

The government should introduce minimum standards for electronic agreements, ensuring that key terms—such as interest rates, fees, and data usage—are presented in a clear and accessible manner.

Third, enforce data protection rigorously.

The implementation of the Personal Data Protection Law must be accompanied by strong enforcement, institutional capacity, and meaningful sanctions for violations.

Fourth, reform debt collection practices.

Clear and enforceable guidelines are needed to prevent abusive or coercive collection methods, particularly in the digital lending sector.

Fifth, invest in public digital literacy.

While not a substitute for regulation, literacy remains essential. Public education campaigns should be integrated into broader financial inclusion strategies.

Reframing Digital Inclusion

Indonesia’s fintech sector stands at a crossroads. The country has the opportunity to build a digital financial ecosystem that is not only innovative, but also equitable and trustworthy.

However, this requires a fundamental shift in policy orientation—from prioritizing growth to balancing growth with protection. Digital inclusion should not be measured solely by the number of users or transactions. It must also be assessed by the quality of protection, the fairness of contracts, and the security of personal data.

Ultimately, the success of Indonesia’s digital economy will depend not on how quickly fintech expands, but on how effectively it safeguards the rights and interests of its users. Without that protection, inclusion risks becoming an illusion—and innovation, a source of new inequalities.

Moh. Ja’far Sodiq Maksum & Edy Rudyanto

Doctoral Students in Law Universitas 17 Agustus 1945 Surabaya