CRIMINAL & CIVIL LIABILITY RELATED TO MISUSE OF ILLEGAL FINTECH CUSTOMER DATA DURING THE COVID-19 PANDEMIC

The Covid-19 outbreak that swept across the world has caused a crisis in the economic sector, where physical distancing policies affect the world of trade and tourism. The bankruptcy of companies, hotels, and small and medium-sized micro-enterprises resulted in massive job cuts. Therefore, many people lose their livelihoods and borrow money to meet their daily needs. Financial technology is an advancement of the times in the industrial era 4.0, as a form of convenience in financial services of tempted communities and applying for loans to financial technology. However, instead of getting a financial solution, what happens is the opposite. Where the public is even entangled in the existence of illegal financial technology and there is a misuse of their personal data. It is true that there is an agreement that allows the debtor to access the personal data of the creditor, but whether with it immediately the debtor can misuse the customer's personal data. Therefore, in this study, the author is interested in reviewing how criminal and civil liability related to the emergence of illegal financial technology agreements during the Covid-19 pandemic. The research methods used are normative juridical with statute approach and comparative approach, as well as qualitatively described legal material analysis. The result obtained is, illegal fintech e-agreements do not meet the subjective and objective requirements of the agreement and are related to the misuse of customer data, which can be held criminally accountable are fintech law bodies and debt collectors.

from the Ministry of Labor in 2020 which states the number of workers affected by layoffs is around 779,816. Therefore, with the outbreak that has paralyzed the economic sector, the most affected impact is the community (Pratama, Disemadi, & Prananingtyas, 2019). With the disconnection of the livelihood and to meet daily needs, some people borrow money through Financial Technology or fintech. According to the International Organization of Securities Commissions (IOSCO) (Salsabila, 2020), fintech is used as a picture of various forms of innovative business in utilizing technological sophistication to transform the financial services industry (Fajria, 2019). And the basic forms of fintech include Payments (digital wallets, P2P payments), investment (equity crowdfunding, Peer to Peer Lending), financing (crowdfunding, microloans, credit facilities), insurance (risk management), cross-process (big data analysis, predictive modeling), infrastructure (security).
In this new era of industrial revolution 4.0, financial technology should be one of the developments that can make it easier for humans to synergize with the digital world (Fajria, 2019). But in the case of fintech in Indonesia, illegal fintech comes into play in such a crisis, the lure of ease in borrowing money is not proportional to the interest given. Similarly, with the tenor of the payback period, in the written electronic agreement letter that the period of return is one month but within three days the creditor has been reminded to return the loan funds and after seven days the creditor is terrorized to return the loan funds (Anggraeny & Al-Fatih, 2020). And based on information obtained from customers or victims of their pinjol stated that there are death threats if not immediately paid off and berated every day. Even the impact of unethical billing customers are fired by the company because pinjol collects debts to superiors, divorced husbands because pinjol collect debts to in-laws, some are depressed to suicide, some sell kidneys to pay it off etc (Olifiansyah, 2021). Therefore, there are many problems in this illegal fintech case, even Mahfud M.D as the coordinating minister for politics, law and security said for customers who have been entangled in illegal fintech then there is no need to pay their debts again and if there is terror and threats report to the nearest police station (Mahfud MD, 2020).
But in this research article, the problem studied and arising from illegal fintech is related to the theft of misused customer data. In the practice of implementing illegal fintech companies often commit violations, namely leaking personal data of customers and abusing personal data by committing actions that are classified as extreme such as committing terror to customers in loan collection.
Therefore, whether the agreement is subject to the Civil Code and the principle of freedom of contract, immediately legalizes illegal fintech actions to take customer data and how criminally responsible. Because in the case of debt collectors who do billing, there is a spread of personal photos of creditors to all contacts on the victim's mobile phone, even worse they share photos of the victim's paradise, the victim's family, the victim's work, etc. This is done by them with the reason to embarrass creditors into immediately paying off debts, and therefore the author is interested in conducting a more comprehensive review of the case of illegal fintech.

II. METHODOLOGY
The legal research method used in this article is a normative juridical research method, where the focus of the study includes the rules and norms in positive law. While the purpose of normative E-ISSN : 2723-2476ISSN : 2723-1968ACLJ, Vol. 3, Issue 1, 2022 Hendrik Wijaya, Herwastoeti. pp. 1-9 Criminal & Civil Liability Related to Misuse of Illegal Fintech Customer Data During the Covid-19 | 3 juridical research is to provide a systematic exposition of the rule of law governing a particular area of law, analyze the relationship between one rule of law with another, explain the difficult parts to understand of a rule of law, it may even include predictions of the development of a particular rule of law in the future. So, in this article, the theft and misuse of illegal fintech customer data is reviewed based on positive laws that apply in Indonesia. While the goal is to understand how the context of civil and criminal law sees the misuse of customer data due to the existence of illegal fintech e-agreements.
As a form of normative juridical research, the approach method used in writing this article is statute approach and comparative approach. Where related to statute approach, the rules used as primary legal material include Civil Code, ITE Law, Criminal Code, Pornography Law, OJK Regulation No.77 of 2016and Bank Indonesia Regulation No.19 of 2017(Mahardika, 2021. As well as secondary legal materials including books, journals, legal principles, doctrines, etc. For the comparative approach method, the writing of this article will compare how the view of civil law related to electronic agreements agreed by both parties with criminal law related to the impact of misuse of customer data arising from the agreement (Sulistya, 2020).

Illegal Fintech Customer Data Retrieval & Misuse In View of Civil Law
Arrangements  (Disemadi & Regent, 2021).
In the view of civil law, an engagement in the form of an agreement (overenskomst) can be said to be valid if it meets the main elements based on book III articles 1320 and 1338 of the Civil Code. The agreement itself according to article 1313 of the Civil Code can be interpreted as a legal act in which one or more commits himself to one or more. So, in the case of online loans, pinjol and illegal fintech customers are the parties who bind themselves in the legal deeds of debt agreement through electronic applications.
And as a condition of the validity of an agreement article 1320 states that: 1. First there must be an agreement between the two parties, this agreement can be seen and proven by electronic signature in the letter of agreement when the victim installs, registers and applies for an online loan through the application. But whether the agreement to take personal data and disseminate it to third parties is permitted by law. Based on article 26-point (a) POJK states that the organizer (fintech) is required to maintain the confidentiality of customer data until it is destroyed, Article 29 points (d) of POJK states that the organizer must apply basic principles and user protection (customer) related to data confidentiality and security, and article 39 paragraph (1) POJK states that the organizer is prohibited in any way providing data and / or user information to the party when. Therefore, it is not permissible if the organizer disseminates customer data in any way to third parties. Moreover, the principle of contracting is limited by law that is coercive, and although everyone is free to make a treaty, the content of the agreement must not conflict with the Law, decency and public order. But article 39 paragraph (2) states otherwise, that in the case of across the personal data of creditors to third parties, there is a need for approval from the creditor. Therefore, if there is misuse of personal data of creditors arising from the agreement, then illegal fintech as the organizer cannot be civilly prosecuted because of it. Unless the dissemination of personal data smells sexual or violates public order, then the organizer can be criminally prosecuted and related to criminal matters will be further elaborated in the next discussion review. 2. The second is tired, in the case of the ability of article 1330 of the Civil Code mentions that a person is called legally capable when he is an adult and not in the mastership. According to article 330 of the Civil Code the adult age limit is 21 years old or married, then in the case of illegal fintech if there is someone applying for an online loan, the debtor will see the maturity of the creditor through the uploaded E-KTP. If illegal fintech passes a loan application, then the debt agreement can be seen in two sides. If the receivable agreement is done by an adult, then the agreement is valid before the law, but if done by an immature person then the agreement can be canceled (vernietigbaar). But the problem is, whether the status of illegal fintech as a legal subject can be accounted for. Based on article 2 paragraph (2) of POJK mentioned that the form of the legal entity (fintech) is a limited liability company or cooperative, then the establishment of fintech must be subject to the PT Law if the form of the legal entity is a limited liability company and is subject to the Cooperative Law if the form of the legal entity is cooperative. As well as in the case of fintech licensing is required to register it with the OJK based on article 7 of the POJK, but if the fintech legal entity is unclear and illegal then the status of its legal subjects is questioned due to the existence of formil defects as a legal entity. Therefore, related to the existence of this illegal pinjol, the Financial Services Authority (OJK) together with the Ministry of Trade, Ministry of Communication and Informatics, Ministry of Cooperatives and Small and Medium Enterprises, The Prosecutor's Office, the Indonesian Police, and the Investment Coordinating Board (BKPM) agreed to strengthen cooperation in the Task Force / Task Force on Investment Alert to prevent and deal with the rise of illegal investment offers and practices, including eradicating illegal online loans (Olifiansyah, 2021). 3. The third is related to a certain thing, that in the agreement must be determined the type. So, in the case of illegal fintech a specified type is a debt receivable agreement between creditors and debtors. 4. The fourth is a halal cause, in article 1337 mentioned that a halal agreement is an agreement that does not violate the Law, decency and general thinness. So, in the context of the debtreceivable agreement between creditors and debtors, the e-agreement between the two parties should not violate ITE law and POJK No.77 of 2016. But if it is not implemented, then the debtor can be prosecuted into the civil and criminal realm. Similarly, related to decency, if in the e-agreement has been agreed personal data of creditors can be taken by the debtor as a form of electronic guarantee. So, debtors as fintech organizers, it is not permissible to take photos of creditors let alone spread them to the 3rd party etc. Because the norms of community decency become an important measure in assessing the action meets the criteria of immorality or immorality (Lestari, 2017). Therefore, it is important that the debtor knows the values of decency in the community, so that the agreement does not violate the norms of decency. Likewise about public order, J. Satrio said that public order is related to the public interest, state security and unrest in society (Lestari, 2017). So, if the e-agreement between creditors and debtors disturbs the public and makes a public noise, it is necessary for fintech to change the contents of the agreement or maintain the confidentiality of the customer's personal data and no longer use the customer's personal data as a form of threat. But if it is not implemented, then the legal conditions of the agreement related to halal causes are not fulfilled. Then related to the legal consequences that arise if the e-agreement does not meet article 1320 of the Civil Code. If the subjective conditions between agreement and proficiency are not met, then the agreement can be limited. Similarly, if the objective conditions between a particular thing and a halal cause are not fulfilled then the agreement is null and void. But if both sides agree to make the e-agreement and meet the objective conditions and conditions, then the agreement is legally valid. Similarly, written under article 1338 of the Civil Code, if an agreement is in accordance with the Law and the parties agree to bind themselves, then the content of the agreement becomes law for both parties. So, in the case of online loans, the e-agreement agreed upon by both parties binds both and becomes law for creditors and debtors. But the problem in the case of illegal fintech, e-agreements agreed by both parties can be canceled and null and void.
In the case of illegal fintech, illegal fintech legal entities cannot be accounted for. Therefore, it cannot be illegal fintech to be the subject of law and make alliances. Moreover, in POJK No.77 of 2016 it has been explained that the form of fintech legal entity is a limited liability company or cooperative with OJK permission. So, in this case, illegal fintech does not meet the subjective requirements of agreements where the subject of law that is not recognized does not have the ability to enter an engagement. Similarly, with the objective terms of the agreement, illegal fintech that takes customer data and then misuses the data is due to violate the terms of a halal cause and therefore an agreement that does not meet objective requirements, the agreement is null and void (Herwastoeti, 2021).

Illegal Fintech Customer Data Retrieval & Misuse In View of Civil Law
In the industrial era 4.0, the presence of information technology is increasingly sophisticated and able to create financial services that are more efficient and in accordance with the needs of micro and macro communities (Cahyadi, 2020).
Fintech Peer to peer (P2P) lending or commonly known as financial technology is a money loan facility offered by financial service providers that operate online either through a smartphone application or the service provider's website. According to Article 3 paragraph (1) letter (e) PBI No.19/12/PBI/2017 mentioned that application-based lending services or information technology is one type of financial technology implementation in other categories of financial services. And based on the Regulation of the Financial Services Authority article 1 number 3 Number 77 / POJK.01 / 2016 mentioned that online lending services are the implementation of financial services to bring together lenders with loan recipients in order to make loan agreements in rupiah directly through electronic systems using the internet network.
Hendrik Wijaya, Herwastoeti. pp. 1-9 E-ISSN : 2723-2476ISSN : 2723-1968  In the case of illegal fintech, the problem that often occurs is when the agreement agreed by both parties contains a clause that the creditor allows the debtor to access the creditor's personal data as a form of electronic guarantee. And in the next problem, when the debtor is billing the problem creditor often the debtor charges the creditor with terror and verbal violence even sharing the personal data of the creditor without ethics. According to Saida Dita Hanifati's research, fintech sanctions that disseminate customer data are only given administrative sanctions based on Permenkominfo number 20 of 2016 Chapter IX where illegal fintech platforms are only blacklisted from play stores, so it is less effective and there is no deterrent effect (Hanifawati, 2021). Whereas in a criminal context, agreements, verbal violence and the dissemination of personal data have their own faults and responsibilities.
Related to the agreement, article 26 paragraph (1) of the OJK Law states that the use of a person's personal data must be through the consent of the person concerned unless otherwise specified by the Law. So, in accordance with the civil concept related to the principle of freedom of contract , the ITE Law also mentions the same thing regarding the permission and agreement of both parties for the use of personal data of the person concerned. But if in the agreement there is no mention of the clause and there is misuse of personal data, then in accordance with article 26 paragraph (2) the person who is violated his rights can file a lawsuit to the court. But in the case of illegal fintech e-agreements, if the clause on the use of creditor data by the debtor as a form of electronic guarantee has been written and agreed upon by both parties. So, in this case, illegal fintech as a debtor cannot be sued under article 26 paragraph (2) of the OJK Law.
Then related to the dissemination of customer data by the debtor, if the distribution of customer data contains immoral elements, based on article 27 paragraph (1) of the OJK Law mentioned that anyone who intentionally and without the right to distribute and / or transmit and / or make accessible electronic information and / or electronic documents that have a charge of violating decency will be punished with 6 years imprisonment or a maximum fine of Rp 1,000,000,000,000 (one billion rupiah). Similarly, based on article 4 paragraph (1) of the Pornography Law, it states that a person is prohibited to disseminate or broadcast sexual violence, masturbation, nudity, etc. So, the debtor as a party who is allowed to access the personal data of creditors is prohibited to disseminate personal data of creditors that smells of immorality. If the debtor continues to disseminate the data, then based on article 29 of the Pornography Law a person who disseminates the intended article 4 paragraph (1) is threatened with a maximum prison sentence of 12 years with a maximum fine of Rp 3,000,000,000 (three trillion rupiah). This is different context if the personal data controlled by the debtor has no connection or related to the debt receivable agreement, based on article 26 paragraph (3) of the ITE Law mentioned that the organizer can be required to delete irrelevant data based on the court's ruling. Likewise, if the misuse of creditor data related to family photos, colleagues, and others. If the debtor disseminates the data of people other than creditors, the debtor can be threatened with defamation article 310 of the Criminal Code jo article 27 paragraph 3 of the ITE Law with a maximum prison sentence of 6 years and a maximum fine of Rp 1,000,000,000 (One trillion rupiah). But the problem is, who can be held criminally responsible in this case, because in criminal law there is no way a company can be sentenced to prison.
In the case of the herald of free enterprise, the court examining, adjudicating and deciding the case of P&O European Ferries (Dover) Ltd. (1990) Cr App R72, broke a principle that a company could be found guilty of committing a criminal offence of manslaughter. Furthermore, E-ISSN : 2723-2476ISSN : 2723-1968ACLJ, Vol. 3, Issue 1, 2022 Hendrik Wijaya, Herwastoeti. pp. 1-9 Criminal & Civil Liability Related to Misuse of Illegal Fintech Customer Data During the Covid-19 | 7 Molan et al said, in order for the prosecution to occur must be identified who are the people representing the company and who has mens rea related to manslaughter crimes (Molan, Bloy, & Lanser, 2003). So, in the case of the dissemination of customer data, if the form of fintech legal entity is a limited liability company then the responsible is the board of directors and / or board of commissioners. And if the form of fintech legal body is cooperative then the responsible is the manager of the cooperative.
The latter is related to verbal violence, in the case of debtor billing against creditors. The words berating and swearing and swearing that are often thrown over the phone, is a form of bad ethics from fintech organizing companies. In the view of criminal law, the sentence of reviling cannot be punished except in billing cases accompanied by threats and/or extortion. But the same is the case with the dissemination of personal data, whether the subject of fintech law as a legal body of the lending institution can be punished with imprisonment.
The legal basis for criminal convictions on the criminal act of extortion and acidification is article 355 of the Criminal Code, Article 368 of the Criminal Code, Article 369 of the Criminal Code, and articles 29 and 45 of the ITE Law. And in the view of criminal law, known theories of error and criminal liability. According to this theory, there must be a mistake in the inner state of the perpetrator and the inner state of the perpetrator is related to the deed that can be reproached. In the case of threats and extortion against illegal fintech customers, who have the inner attitude to commit acts of acidification and extortion are human beings not legal entities, so debt collector as a party who has the authority to do billing must be responsible for the words of threats and extortion carried out.

IV. CONCLUSION
In the view of civil law, e-agreements between customers and illegal fintech have problems on subjective and objective terms. Related to subjective conditions, fintech that does not have an OJK permit is not known the form of its legal entity, then legally formal illegal fintech does not have the ability as a legal subject to do a deal in an e-agreement. Therefore, as an institution/organization that is flawed formil legal entity illegal fintech e-agreement can be canceled. Then related to the objective terms of the agreement, illegal fintech e-agreements often deviate from a halal cause by violating the law, decency and public interest. Misuse of customer data by illegal fintech by spreading personal data of customers who smell sexual has violated the Porngration Law, Norma decency and made noise through virtual media. Therefore, in the illegal fintech e-agreement the agreement of both parties is null and void. Furthermore, regarding the view of criminal law, in criminal law e-agreement is the realm of private law. So, the provisions regarding the validity of an engagement, criminal law follows the opinion of civil law. But in the context of misuse of responsible customer data is the legal body because the action is on behalf of the company. Then related to billing matters accompanied by threats and extortion, which can be held criminally accountable is a debt collector. Advice that can be given to the public is to be more careful about personal data, and in the event of misuse of personal data, threats and extortion report it to the nearest police station. Similarly, related to receivable debt agreements, people do not need to pay debts and illegal fintech interest, because in civil law the e-agreement is considered never to exist.