THURSDAY, March 28, 2024
nationthailand

Government fast tracks personal data law

Government fast tracks personal data law

Cabinet expected to approve final draft this month; experts worry about impact on Thai businesses from new EU law.

THAILAND IS speeding up the enactment of its first-ever legislation on personal data protection while preparing to cope with the consequences of a European Union (EU) law on this matter, as it could negatively affect Thai businesses.
Pichet Durongkaveroj, the Minister of Digital Economy and Society, said the Cabinet is expected to approve the final draft of the personal data protection bill within a month after which it will go to the National Legislative Assembly for enactment.
Speaking at a seminar yesterday on the potential impact of the EU’s General Data Protection Regulation (GDPR) law, he said the public and private sectors needed to be aware of legal consequences for failing to protect the personal data of customers.
To prepare the country for enforcement of the new law, the ministry has set up the Data Protection Knowledge Centre (DPKC) in parallel with the office of personal data protection committee, which will be established under the new legislation.
Breach of data and violation of data owners’ rights are increasingly possible as the country moves ahead with its digital economy and society platforms, he said, adding that abuse of personal data for commercial benefit without proper consent from the data owners are already common.
In addition, passwords and personal data from social media such as Facebook, Google, e-commerce and other websites, mobile banking and other online services could be stolen by cyber-criminals, resulting in financial and other damage to data owners.
On the EU’s GDPR law, which will come into effect from May 25, he said there could be negative impacts on Thai businesses and industries, especially those doing online businesses with EU citizens.
Under the EU law, Thai and other foreign companies may be subject to hefty fines if there was any data breach involving EU citizens. For example, European customers of Thai Airways International and other Thai enterprises were understood to be protected under the EU law.
He said technology was changing fast so the DPKC will serve as a leader in educating the public on data protection issues, as many businesses dealing with EU customers have expressed concerns about the consequences of the new EU law on their operations.
While it remains unclear how the EU will enforce its law in foreign countries, he said all Thai businesses needed to come up with measures to manage their customers’ personal data properly. Otherwise, the country’s economy could be negatively affected due to the lack of good standards on personal data protection.
The government needed to quickly enact the new legislation to create a benchmark for Thai industries and businesses so as to avoid potential negative impacts on foreign trade and investment, he said.
Surangkana Wayuparb. executive director of the Electronic Transactions Development Agency, said Thais should have more awareness on personal data protection issues as it was their constitutional right, while both public and private-sector organisations were required to come up with measures to comply with the new law.
For example, if an online service provider faces a cyberattack and there is a data breach, there will be potential damage affecting their customers and public confidence.
As a result, personal data protection is a crucial factor for national cybersecurity and the economy, she said.

RELATED
nationthailand