This article aims to identify the role of law in the protection of personal data and how to deal with violations of consumers' personal rights. The problem is focused on providing legal protection in electronic transactions, and how the role of law in Indonesia in handling cases of consumer privacy violations when transacting electronically, and also emphasizing strict sanctions against privacy data violations in accordance with applicable regulations. In order to approach this problem, theoretical references are used from legal protection theory, consumer protection theory, contract theory, communication privacy management theory and information theory. The data were collected through the study or review of literature books and analysed qualitatively. This study concludes that the importance of optimizing regulations to enforce the law in the event of a failure or leakage of personal data electronically; and the provision of public outreach to increase individual awareness of the importance of protecting personal data and that it should be kept confidential; and also, the completion and ratification of the Personal Data Protection Bill which cannot be delayed any longer.