The Covid-19 pandemic has had a global influence on humanity; with restrictions on home-based social activities, a transition to digital media is unavoidable. After the Covid-19 outbreak, a surge in internet activity has led to a spike in cybercrime. One of them is personal data breaches, such as the unauthorised disclosure of personal information to the public or the bulk trade of personal data. The purpose of this paper is to comprehend that the misuse and trafficking of sensitive personal data and its misuse can pose a threat to personal security, which is a violation of human rights, from the perspective of legal sociology theory and a philosophical examination of the formation of the PDP Bill. Although, in principle, the state is obligated to ensure the confidentiality of personal data, several Indonesian laws and regulations governing the management of personal data are deemed insufficient. In addition, the Personal Data Protection Bill (RUU PDP), the legislative framework for addressing the breach and misuse of personal data, was not passed due to worries that the PDP Bill would be a double-edged sword for MPs and their constituents. This issue is analysed using the empirical legal technique, a socio-legal perspective, and a socio-philosophical foundation. Because even though personal data protection is a part of Human Rights, the private sector and the Indonesian government have little motivation and competence to handle personal data. In addition, worldwide underground commercial groups functioning via the dark web, one of the driving causes behind private data unlawful trade regulations, will continue to exist despite removal efforts.