Personal Data Protection in the Banking Sector from the Perspective of Contextual Integrity: An Analysis on the Privacy Policies of State-Owned Banks

Arbain; Dimas Fiancheto; Romadhon; Jane Latifarah Sriadi

doi:10.59141/jiss.v7i4.2312

Authors

Arbain Universitas Al-Azhar Indonesia
Dimas Fiancheto Universitas Al-Azhar Indonesia
Romadhon Universitas Al-Azhar Indonesia
Jane Latifarah Sriadi Universitas Al-Azhar Indonesia

DOI:

https://doi.org/10.59141/jiss.v7i4.2312

Keywords:

Personal Data Protection, Banking Sector, Contextual Integrity, Privacy Policy

Abstract

The banking sector is structurally dependent on the continuous collection and processing of personal data, making data governance an inherent component of banking operations rather than a discretionary practice. This study examines personal data protection in the Indonesian banking sector by applying Helen Nissenbaum’s theory of Contextual Integrity as a normative analytical framework. Using a normative juridical approach and qualitative textual analysis, the research analyzes the privacy policies of four state-owned banks Bank Mandiri, BRI, BTN, and BNI to assess how norms governing information flows are articulated at the policy level. The analysis focuses on five core elements of Contextual Integrity: social context, actors and social relations, data attributes, transmission principles (purposes), and the integrity of contextual boundaries across data uses. The findings show that privacy policies in state-owned banks largely function as instruments of formal legal compliance rather than as normative statements clarifying the appropriateness of information flows within the banking context. While purposes of data processing are relatively explicit, multiple processing contexts such as core banking services, digital platforms, and marketing activities are often aggregated without clear normative boundaries. This weakens the articulation of trust-based norms and increases the risk of context collapse, particularly in relation to secondary uses of customer data.

References

Abubakar, M., Hasan, R., & Abubakar, M. H. (2024). Data privacy and cybersecurity challenges in the digital transformation of the banking sector. Computers & Security, 144, 103560. https://doi.org/10.1016/j.cose.2024.103560

Aldboush, H. H., & Ferdous, M. (2023). Building trust in FinTech: An analysis of ethical and privacy considerations in the intersection of big data, AI, and customer trust. International Journal of Financial Studies, 11(3), 90. https://doi.org/10.3390/ijfs11030090

Ameen, N., Tarhini, A., Reppel, A., & Anand, A. (2021). Customer experiences in the age of artificial intelligence. Computers in Human Behavior, 114, 106548. https://doi.org/10.1016/j.chb.2020.106548

Boissay, F., Ehlers, T., Gambacorta, L., & Shin, H. S. (2021). Big techs in finance: On the new nexus between data privacy and competition. In D. Zetzsche, R. Buckley, & D. Arner (Eds.), FinTech Handbook (pp. 855–875). Springer. https://doi.org/10.1007/978-3-030-65117-6_31

Borges, André, dan Fernando Laurindo. (2022). Privacy and data protection in digital banking: Impacts on customer trust. International Journal of Bank Marketing, 40(6), 1231–1250.

Briones de Araluze, I., & Cassinello Plaza, N. (2022). Open banking: A bibliometric analysis-driven definition. Heliyon, 8(10), e10641. https://doi.org/10.1016/j.heliyon.2022.e10641

Cohen, Julie E. (2013). What privacy is for. Harvard Law Review, 126, 1904–1933.

Cohen, Julie E. (2019). Between truth and power: The legal constructions of informational capitalism. Oxford University Press.

Degeling, M., Utz, C., Lentzsch, C., Hosseini, H., Schaub, F., & Holz, T. (2019). We value your privacy… now take some cookies: Measuring the GDPR’s impact on web privacy. In Proceedings of the Network and Distributed System Security Symposium (NDSS 2019). Internet Society. https://doi.org/10.14722/ndss.2019.23378

Degutis, M., Urbanavičius, S., Hollebeek, L. D., & Anselmsson, J. (2023). Consumers’ willingness to disclose their personal data in e-commerce: A reciprocity-based social exchange perspective. Journal of Retailing and Consumer Services, 74, 103385. https://doi.org/10.1016/j.jretconser.2023.103385

Gillis, Tommaso, dan Colin McInnes. (2020). Data protection and open banking: Regulatory challenges and compliance strategies. Computer Law & Security Review, 36, 105392.

Gillis, Tommaso, et al. (2021). Data governance and accountability in FinTech–Bank partnerships. Journal of Banking Regulation, 22(4), 321–336.

Gstrein, O. J., & Beaulieu, A. (2022). How to protect privacy in a datafied society? A presentation of multiple legal and conceptual approaches. Philosophy & Technology, 35(1), 1–38. https://doi.org/10.1007/s13347-022-00497-4

Hornuf, L., Momtaz, P. P., Nam, R., & Bhatt, D. (2023). Promise not fulfilled: FinTech, data privacy, and the GDPR. Electronic Markets, 33(1), 33. https://doi.org/10.1007/s12525-023-00622-x

Lappeman, J., Marlie, S., Johnson, T., & Patel, T. (2023). Trust and digital privacy: Willingness to disclose personal information to banking chatbot services. Journal of Financial Services Marketing, 28, 337–357. https://doi.org/10.1057/s41264-022-00154-z

Lom, H. S., Thoo, A. C., Lim, W. M., & Koay, K. Y. (2024). Advertising value and privacy concerns in mobile advertising: The case of SMS advertising in banking. Journal of Financial Services Marketing, 29(3), 1135–1153. https://doi.org/10.1057/s41264-023-00240-6

Malkin, N., Wijesekera, P., Egelman, S., & Wagner, D. (2023). Contextual integrity, explained. IEEE Security & Privacy, 21(1), 28–38. https://doi.org/10.1109/MSEC.2022.3218081

Martínez-Navalón, J.-G., Fernández-Fernández, M., & Pedrosa Alberto, F. (2023). Does privacy and ease of use influence user trust in digital banking applications in Spain and Portugal? International Entrepreneurship and Management Journal, 19(2), 781–803. https://doi.org/10.1007/s11365-023-00839-4

Nissenbaum, H. (2019). Contextual integrity up and down the data food chain. Theoretical Inquiries in Law, 20(1), 221–256. https://doi.org/10.1515/til-2019-0008

Sanfilippo, M. R., Shvartzshnaider, Y., Reyes, I., Nissenbaum, H., & Egelman, S. (2020). Disaster privacy/privacy disaster. Journal of the Association for Information Science and Technology, 71(9), 1002–1013. https://doi.org/10.1002/asi.24327

Shaffer, G. (2021). Applying a contextual integrity framework to privacy policies for smart technologies. Journal of Information Policy, 11, 222–265. https://doi.org/10.5325/jinfopoli.11.2021.0222

Shvartzshnaider, Y., Apthorpe, N., Feamster, N., & Nissenbaum, H. (2019). Going against the (appropriate) flow: A contextual integrity approach to privacy policy analysis. Proceedings of the AAAI Conference on Human Computation and Crowdsourcing, 7(1), 162–170.

Wang, H., Ma, S., Dai, H.-N., Imran, M., & Wang, T. (2020). Blockchain-based data privacy management with nudge theory in open banking. Future Generation Computer Systems, 110, 812–823. https://doi.org/10.1016/j.future.2019.09.010

World Bank. (2021). Financial consumer protection and data governance. Washington, DC: World Bank.

Zimmer, M. (2018). Addressing conceptual gaps in big data research ethics: An application of contextual integrity. Social Media + Society, 4(2), 1–12. https://doi.org/10.1177/2056305118787083