New data law aimed at ensuring privacy

New data law aimed at ensuring privacy

After the biggest breach of personal information in Thai history, government considers a Data Protection Act to bring online privacy up to world standards.
After the biggest breach of personal information in Thai history, government considers a Data Protection Act to bring online privacy up to world standards.

Thai citizens' data privacy is expected to be secured with the Data Protection Act's enforcement this year after being approved by the cabinet this month.

The Electronic Transactions Development Agency (ETDA) will be responsible for the temporary Data Protection Knowledge Centre to educate the public about data privacy protection. Prior to the Cybersecurity Act, ETDA will also act temporarily as the National Cybersecurity Agency.

"The enforcement of Data Protection Act will enable Thailand to have data privacy in accordance with global international standards," said Pichet Duringkawaroj, after speaking at the seminar "Startup: Business insight" held by

The new law clearly defines data protection, covering three categories of data owners, data controllers and data processors. The proposal follows the revelations that mobile phone operator True Move exposed some 46,000 records — identity, addresses, scans of ID cards and passports — but faces no punishment.

Punishment has been stated for data controllers and data processors for any activities that violate or misuse the data owners' privacy.

Data controllers and data processors must be permitted by data owners to use their data.

"After the draft bill is approved by the cabinet and submitted to the National Legislative Assembly, it's expected to become effective by 2018," said Mr Pichet.

The law will be in line with the new EU General Data Protection Regulation, which will come into effect on May 25 and affects local businesses involved with EU citizens' data.

Mr Pichet said on May 3, the DE Ministry will join the first meeting of acting National Cybersecurity Committee before the Cybersecurity Act becomes effective.

The meeting will cover the working procedures of critical infrastructures in collaboration with responses to a cybersecurity incident.

ThaiCert, a unit under ETDA, will temporarily act as the National CERT (Computer Emergency Response Team) during the Cybersecurity Act and Cybersecurity Agency's absence.

Dhiraphol Suwanprateep, partner and senior associate for technology, media and telecommunications at Baker McKenzie, said the new bill encompasses data processor concept, additional consent exemptions in the case of public interest and legitimate interest, revised the structure of the commission, and removed imprisonment.

However, the bill does not exactly provide safe harbour or exemptions that will fit the nature of digital business, big data and cloud computing business, he said.

As the data flow is mandated by computer systems, in many cases the data controllers and the data processors will not know if the data flow complies with laws.

Do you like the content of this article?

BMTA enforcing social distancing on buses

The Bangkok Mass Transit Authority is strictly enforcing social distancing on buses to contain the spread of Covid-19, requiring passengers to sit or stand on designated seats and spots, BMTA managing director Surachai Iamwachirasakul said.


Part of Poipet locked down amid Covid surge

Some areas in Poipet, some near the Thai border, have been closed by Cambodian authorities after a Covid-19 spike in the township.


Indonesian consumers show growing confidence – central bank

JAKARTA: Indonesia's consumer confidence index rose to 101.5 in April, from 93.4 a month earlier, indicating optimism returning for the first time in a year as worries over the coronavirus pandemic eased, a central bank survey showed on Monday.