The porpose of this study is to solve public doubts about the security of personal data in the PeduliLindungi application. This study uses a normative research method that is oriented to the rule of law and a case approach. The law in Indonesia has not regulated the violation of personal data leakage, so there are no strict sanctions against the perpetrators who leak personal data. Because there is no legal certainty in the protection of personal data, there are many crimes and result in the misuse of personal data. Currently the guarantee of personal data protection is only based on the ITE Law but there are no criminal provisions against perpetrators of spreading personal data. Because there is a legal vacuum, a draft law on the protection of personal data has been made, rules that can protect citizens’ personal data have been made, but these regulations have not been ratified. The government should provide provisions so that legal certainty is achieved. In this era of technological development 4.0, the government is required to be firm in establishing regulations related to cyber crime. Another way is to add the KTP function to replace the PeduliLindungi application to track the spread of the Corona virus because the KTP has guaranteed the security of one’s personal data.