Microsoft Thailand, the local operating unit of the US-based technology firm, suggests the Thai government endorse artificial intelligence (AI) regulation under its new Personal Data Protection Act (PDPA) to build more trusted security and privacy infrastructure.
The company says Thailand faces higher security threats than the global average from malware, cryptocurrency mining, ransomware and drive-by download attacks.
The company expects the Cybersecurity Act will boost spending in security protection, particularly among enterprises that have their own data centres and critical infrastructure.
Microsoft is gearing up to cooperate with the Digital Economy and Society (DE) Ministry as well as AI-related associations to bring forward the "AI Principle" as a self-regulating blueprint.
"The endorsement of the new Cybersecurity Act and PDPA represents an important step forward in increasing trust and confidence in a digital society and economy," said Ome Sivadith, national technology head of Microsoft Thailand.
In the EU, the General Data Protection Regulation (GDPR) has organic laws/ancillary laws specific to AI to regulate automated decision-making algorithms that need to be transparent and fair, with an appeals process for results.
"Thailand should consider this AI regulation under the PDPA to prepare for the rise of AI adoption," said Mr Ome.
The company is in discussions with the DE Ministry, research academics and technology associations for multi-stakeholder collaborations to make an AI framework for best practices cover fairness, inclusivity, transparency and governance.
He cited a joint study by Microsoft and IDC Asia Pacific entitled "Understanding Consumer Trust in Digital Service in Asia Pacific" that covers 6,372 consumers in 14 countries, including 452 from Thailand, which found Thai consumers feel government and technology firms should be responsible for ensuring that AI is used in a trusted manner.
Generation Z feels private firms should take the lead to establish policy to building digital services, compared with Gen X and baby boomers who say the government should take the lead.
The study also found Thais have the highest trust in manufacturing, automotive, telecom and media companies' ability to harness AI to improve their lives, while Thais have the lowest trust in retailers and the government. Compared with the Asia-Pacific, financial securities insurance (FSI), healthcare and education are considered the three most trustworthy while government and retailers received the lowest trust.
"Thai e-commerce was worth 3.15 trillion baht in 2018 and grew rapidly, but retailers were perceived to be the least trustworthy," Mr Ome said.
In addition, 51% of those surveyed in Thailand are not confident organisations will treat their information in a trustworthy manner, less than the 70% average of Asia-Pacific.
He said the upcoming PDPA law will shift the personal data protection regime in Thailand as businesses and the public sector need to get consent from data owners and consumers to store and share or use data.
The PDPA also mandates firms have minimum security to protect data that will drive spending in data protection and security services.
Microsoft believes the Azure public cloud service and Office 365 will assist businesses in complying with the new PDPA, as both services comply with the GDPR.
He said enforcement of the Cybersecurity Act will increase security protection and encryption in critical infrastructures. Microsoft sees Thailand as still having a higher threat occurrence rate than the global average going forward.
The top four cybersecurity threats in Thailand are malware, higher the than global average by 107%, cryptocurrency mining (133% higher), ransomware (140% higher) and drive-by download attacks (33% higher than the global average).
The joint study shows 42% of Thai consumers have faced issued that have damaged trust in digital services and 62% of these consumers turned to alternative services immediately after encountering such issues, while 33% chose to stop using the service.