By The Nation Weekend
Vunnaporn Devahastin, the ministry’s deputy permanent secretary, said the new law had been misunderstood, judging by allegations of infringement on social media. Instead, she said, the new legislation aimed to protect critical national infrastructure for public utilities, banking and financial services, and transportation etc from cyberattack.
Under this legislation, officials cannot access people’s personal data because they will need court approval first, she said. Court warrants are also required to search and confiscate computers used in moves to damage the country’s digital infrastructure.
The law puts cybersecurity threats in three categories. The first is not critical, so no special measures are required other than surveillance. The second level warrants a search of the computer network and other measures, which require court approval.
In the third category, action against threats that are deemed serious and likely to hurt public interest on a wide scale will be taken in line with the National Security Council Law. Hence, she said, there is no room for the enforcement |of the new legislation that |can hurt people’s rights or |privacy.
The National Legislative Assembly pushed the national cybersecurity law through on Thursday along with personal-data protection legislation, which requires owners’ explicit consent before any personal data can be used by commercial or other entities.
Previously, critics of the cybersecurity legislation said people’s right to expression could be affected if the law defines “threats” too broadly, including online content, instead of just computer networks and data theft.