By Rajen Ramiah, Consultant SIAM CITY LAW OFFICES LIMITED
With the wide use of the internet and social media, the issue of data protection and cyber security is becoming more important in our daily lives. In past times, there was more control over things written or printed on paper; however, now everything is uploaded onto the internet. Therefore, the safety of the information shared is becoming more and more of a concern.
Last year, The General Data Protection Regulation (GDPR) was the subject of wide discussion all over Europe. Although the effect of GDPR in the Asian region may be quite minimal, however, European companies intending to invest in Asia would very likely look at provisions that would adequately cover personal data protection issues.
The Asian region is fast developing laws and regulations relating to data protection and cyber securities, especially Singapore and Malaysia; Thailand has also been making the necessary laws to ensure it has adequate protection in these areas. This is seen as an essential move as Thailand is one of the most rapidly growing platforms for social media and e-commerce growth.
In this context, the Personal Data Protection Bill was drafted in 2017 and, despite some delays, heavy criticism and subsequent revisions, the said Bill has recently been approved to become law – Personal Data Protection Act (the “Act”).
It is understood that some of the GDPR principles have been incorporated in the Act, e.g. the conditions of a child’s consent (Article 8); definition of sensitive data (Article 9); and cross-border transfer of data (Articles 45, 46 & 48).
Prior to the Act coming in to effect, businesses in Thailand relied on various acts and provisions, such as the Constitution of the Kingdom of Thailand, the Thai Civil and Commercial Code and the Official Information Act, to protect personal data information. However, now that we have a specific piece of legislation which directly relates to the protection of personal data and information, businesses operating in Thailand will have to comply with the provisions of this Act. It is hoped that the Act will play a vital role in ensuring that all of the data being shared/uploaded on/across different platforms is adequately protected from threats.