New data law aimed at ensuring privacy

New data law aimed at ensuring privacy

After the biggest breach of personal information in Thai history, government considers a Data Protection Act to bring online privacy up to world standards.
After the biggest breach of personal information in Thai history, government considers a Data Protection Act to bring online privacy up to world standards.

Thai citizens' data privacy is expected to be secured with the Data Protection Act's enforcement this year after being approved by the cabinet this month.

The Electronic Transactions Development Agency (ETDA) will be responsible for the temporary Data Protection Knowledge Centre to educate the public about data privacy protection. Prior to the Cybersecurity Act, ETDA will also act temporarily as the National Cybersecurity Agency.

"The enforcement of Data Protection Act will enable Thailand to have data privacy in accordance with global international standards," said Pichet Duringkawaroj, after speaking at the seminar "Startup: Business insight" held by

The new law clearly defines data protection, covering three categories of data owners, data controllers and data processors. The proposal follows the revelations that mobile phone operator True Move exposed some 46,000 records — identity, addresses, scans of ID cards and passports — but faces no punishment.

Punishment has been stated for data controllers and data processors for any activities that violate or misuse the data owners' privacy.

Data controllers and data processors must be permitted by data owners to use their data.

"After the draft bill is approved by the cabinet and submitted to the National Legislative Assembly, it's expected to become effective by 2018," said Mr Pichet.

The law will be in line with the new EU General Data Protection Regulation, which will come into effect on May 25 and affects local businesses involved with EU citizens' data.

Mr Pichet said on May 3, the DE Ministry will join the first meeting of acting National Cybersecurity Committee before the Cybersecurity Act becomes effective.

The meeting will cover the working procedures of critical infrastructures in collaboration with responses to a cybersecurity incident.

ThaiCert, a unit under ETDA, will temporarily act as the National CERT (Computer Emergency Response Team) during the Cybersecurity Act and Cybersecurity Agency's absence.

Dhiraphol Suwanprateep, partner and senior associate for technology, media and telecommunications at Baker McKenzie, said the new bill encompasses data processor concept, additional consent exemptions in the case of public interest and legitimate interest, revised the structure of the commission, and removed imprisonment.

However, the bill does not exactly provide safe harbour or exemptions that will fit the nature of digital business, big data and cloud computing business, he said.

As the data flow is mandated by computer systems, in many cases the data controllers and the data processors will not know if the data flow complies with laws.

Do you like the content of this article?

Chelsea hold off Spurs 2-1

LONDON: Chelsea’s Olivier Giroud and Marcos Alonso returned to the starting lineup to stunning effect by grabbing a goal apiece in a crucial 2-1 home win over Tottenham Hotspur in the battle between the London rivals for fourth place on Saturday.

22 Feb 2020

Shining a light

Hundreds gather at the Tha Prachan campus of Thammasat University to demand a return of justice in the country following the dissolution of the Future Forward Party.

22 Feb 2020

Jump in virus cases outside China alarming

Iran, Italy and South Korea all reported additional deaths and a sharp rise in coronavirus cases on Saturday, stoking further alarm about the jump in infections outside China.

22 Feb 2020