The Personal Data Protection Act - ALSA TU - The Legal Newsletter

Our world nowadays is undeniably digital. We have to quickly sign up to communication platforms, online shopping websites, or other digital tools. Most of the time, we do it without actually understanding what those companies might do to our information. Moreover, we’re now living in a pandemic world, so the government of some countries might ask people to download applications to keep people safe, for example tracing apps. Thailand is one of those countries; the government asked us to install the app called “Morchana” or “the doctors win,” making individuals increasingly concerned about how their personal information may be used.

The Personal Data Protection Act B.E. 2562 (2019) (PDPA) remained as drafts for more than 20 years in Thailand, but in 2019 it was finally approved and became a full force in 2020. The law is modeled on the European Union’s General Data Protection Regulation (GDPR) but adapted some concepts to keep national perspective.

Under the PDPA, people have the right to have privacy notices, control how their personal data is collected, used, or transferred by organizations established in Thailand and even by organizations outside of Thailand if they collect, use, disclose or transfer personal data individuals in Thailand. Moreover, all organizations are obligated to protect people’s personal data, for instance, any data that could directly or indirectly identify an alive person, bank account number, racial or sexual orientation with appropriate. Violation of the PDPA may cause penalties including civil and criminal liability such as a fine of up to 5 million baht, imprisonment up to 1 year, and compensation for actual damages plus punitive damages up to twice the actual amount of damages.

People who have such rights are called data subject. The data subject doesn’t have absolute rights over their data. However, they are in control of their personal information, such as their personal identification number. They can’t change their Identification number as they don’t have the absolute right, but they are in control of it.

The reason behind the Personal Data Protection Act is to protect the usage of data subject personal data from data processor with purpose limitation. Data processor should use data minimization method with confidentiality integrity. However, PDPA can’t be enforced with various government-related organizations. These facts build significant concerns to the people as their personal data rights have been violated. Data subjects can’t track how government-related organizations process their personal data.

Nowadays, the covid-19 pandemic has drawn a significant role for the government to resolve the situation. A new mobile app, Mor Chana, has been launched by the government as a powerful tool to help people assess their infection risk, assist health authorities in tracking user’s location in close contact with infected people. Artificial intelligence systems will analyze data drawn from this application to assist the Department of Disease Control.

Such personal data are very sensitive information as it contains all users’ locations to track the risk of infection. The government claimed that there won’t be any individual data storage, including names, phone numbers, location, etc. But data subjects can’t be sure of those facts as there isn’t any PDPA enforcement or other laws protecting their personal data process from government organizations. Therefore, this awareness may also make the application ineffective. The government has to balance public interest without violating the data subject’s individual rights by enforcing PDPA with private and government-related organizations.

Citations
อิทธิพล โคตะมี และพิศิษฐ์ บัวศิริ, “ฐิติรัตน์ ทิพย์สัมฤทธิ์กุล: วางข้อมูลส่วนบุคคลบนตาชั่ง แล้วปฏิบัติต่อกันอย่างรับผิดชอบ,” Waymagazine, (8 มิถุนายน 2563) สืบค้นเมื่อวันที่ 21 มกราคม 2564, จาก https://waymagazine.org/thitirat-thipsumritkul-int erview /

“New virus app a powerful tool,” Bangkok Post, (10 มิถุนายน 2563) สืบค้นเมื่อวันที่ 21 มกราคม 2564, จาก https://www.bangkokpost.com/thailand/general/1897415/new-virus-app-a-powerful-tool?fbclid=IwAR3h1wczCcec6sStG8BftzQ-yoSWTBL5gT4cUbS0xMnN4SbXA-FoghCJhY8

“Thailand Personal Data Protection Act – Preparing for the New Law,” Blumenthal Richter & Sumet, สืบค้นเมื่อวันที่ 21 มกราคม 2564 จาก https://brslawyers.com/news/thailand-personal-data-protection-act-preparing-for-the-new-law/

“Thailand’s Personal Data Protection Act (PDPA),” KPMG, สืบค้นเมื่อวันที่ 21 มกราคม2564, จาก https://home.kpmg/content/dam/kpmg/th/pdf/2019/11/pdpa-brochure-english.pdf

Contributors
Napatchanok Insawang
Thanasapon Somnuek

เข้าสู่ระบบเพื่อแสดงความคิดเห็น