Cyber-laws still falling short of needs

Enforcement of Thailand’s newly enacted national cyber-security legislation will pose multiple challenges for the executive branch in balancing national interests against basic public freedoms.
There is also a potential risk of political manipulation in the enforcement of the law. This concern stems chiefly from the broad definition it attaches to cyber-security threats, which should in fact be strictly defined as threats to computer networks and to data – and nothing else. Unfortunately, though, the legislation appears to have facilitated a broader definition, covering any online content deemed “inappropriate” or “undesirable” to those responsible for enforcement. Such lax terminology will only beg for stricter definitions of those two terms themselves. What is inappropriate to some people might be entirely acceptable to others.
The invitation to confusion and conflict does not bode well for freedom of expression in cyber-space, especially in view of the social media’s immense popularity in this country. The government should recognise this legislative shortcoming as a potential troublemaker and revamp the law with clear, objective definitions to which everyone can adhere.
Another area of concern is that the authorities are given significant leeway in enforcing the law when an event is deemed an emergency or a critical threat to the national interest or to infrastructure. The authorities will, in cases deemed urgent, be able to hack into and confiscate computers and computer networks without court warrants. To ensure that executive power is not easily abused in the name of national security or for the benefit of any political entity in power, the threshold for what constitutes an emergency or critical threat must be understandable to all.
Accompanying the legislation is a built-in checks-and-balances mechanism in the form of a powerful national cyber-security committee that will screen cases prior to action being taken. This should be assured of diverse and sufficient representation for all key stakeholders in civil society. Were the majority of committee members to be bureaucrats and government appointees, fundamental rights might be harmed, so there ought to be more independent and non-government members empowered to enforce the law.
Meanwhile the National Legislative Assembly has enacted the personal data protection bill as part of legal infrastructure to support the fast-growing digital economy and digital society. The legislation is partly modelled on the European Union’s General Data Protection Regulations, which are designed to protect citizens’ right to privacy regarding their personal data and to prevent snooping by data processors. The Thai variant will ensure legal compliance for domestic firms doing business with customers in the 28-nation EU.
Massive amounts of personal and consumer data are collected these days by online vendors, e-commerce sites, banks, airlines, hotels and any other digitally enabled business, resulting in a growing incidence of privacy violations and other abuses. Legally, consumers must give explicit consent before businesses and other entities can begin gathering and storing their data online. They also have the right to stop data processors from using the information at any time and are entitled to remedial measures and monetary compensation if violations occur.
In this regard, the legislation will serve as a consumer safeguard as the country moves ahead with its plans for a digital economy and digital society.