Despite its significant growth, peer-to-peer (P2P) lending is a controversial sub-sector in financial technology (fintech), especially the practices of lenders that offer unsecured cash, or payday, loans. Consumer groups believe that existing personal data protection systems are inadequate to govern fintechs and that this has led to data abuse by the majority of fintech payday lenders. In the wake of strong criticism, OJK responded to complaints by banning the access to the data that many of the P2P lending operators rely on to develop their alternative credit scoring models. But on the other hand, aggressive personal data collection and use by fintech payday lending firms is primarily the result of an insufficient system for assessing the creditworthiness of Indonesians. In an effort to close the gap between the existing regulatory rules and the actual market conduct, the fintech industry association, AFPI, has stepped into a “co-regulatory” role with OJK. While the partnership of OJK and AFPI are already on the right track, both needs to improve their ability to collaborate when making, adopting, enforcing, and evolving their policies and regulations through series of regulatory and market reforms.