วัน พุธ ที่ 14 เดือน พฤศจิกายน พ.ศ.2561

logo

DataProtectionLaw-1 PDF พิมพ์
E-Government    and Data Protection Law (1)             
Paiboon  Amonpinyokeat                                                                                                                                        International Legal Counsellors Thailand Ltd.       

For the past few months, one of the most widely and hotly discussed issues has been the establishment of the Ministry of Information and Communication Technology (“ICT”) and the E- Government Policy. In order to provide e-infrastructure services for Thai people, the possibility of one-stop services by means of using information-technology systems as part of the E-Government Policy has been raised. Of particular interest is the idea of using an electronic ID card in the form of a smart card which contains all of your personal information such as name, surname, date of birth, address, race, religion, health record, political affiliation, financial credit and other personal data to allow transactions of state infrastructure services requiring such data. The expectation is that one simple electronic ID card can help eliminate delays common in bureaucratic procedures. Though this initiative is praiseworthy, the government should not overlook the significant issue of how to exploit and collect personal data while protecting people’s privacy rights under the Thai Constitution.

Most developed countries such as the U.S.A., the U.K., Japan and Singapore and the E.C. have enacted the Data Protection L aw in tandem with the use of technology to provide e-infrastructure for their citizens and also support e-business of the private sector, whether off-line or on-line. Collecting of personal data conducted by any business entrepreneur in surreptitious ways, transferring personal data to another country other than the country of origin, using cookies or web bugs, sending spam e-mails for direct marketing, cyberstalking (the use of internet to engage in repeated threats or harassing behaviors), and a governmental officer’s improperly using personal data for his/her own purpose are prohibited by the Data Protection Law of those countries. The lack of Data Protection Law may inevitably cause considerable damage to the data subject or citizens and violate their privacy right, the fundamental concept of the Good Governance.

Up to now, Thailand has not had any sui generis law regulating personal-data protection or the transfer of personal data or a customer’s data in business, whether in the private or government sector. Under this circumstance, those wishing to use, collect, transfer or disclose personal data of their customers, employees or members are allowed to do so freely under contractual obligation, norms or private rules having no legal binding or enforcement. The problems arising from the unregulated use of personal data may be far beyond control. So far, the only glimpse of hope for solving this problem is the enactment of the Personal Data Protection Bill (‘PDPB’), drafted by the National Electronics and Computer Technology Center (NECTEC), which is now under the Cabinet’s review and is expected to be promulgated around next year.

“The lack of Data Protection Law may inevitably cause considerable damage to the data subject or citizens and violate their privacy right, the fundamental concept of the Good Governance.”

Under the PDPB, the Data Controller, the Data Possessor and the Data Collector have legal obligations to comply with the 8 principle rules of PDPB, the summary of which are as follows:

First Principle - Personal data shall be processed fairly and lawfully  (Section 7 (1) of PDPB).

Second Principle - Personal data shall be obtained only for one or more specified and lawful purpose(s)  and shall not be further processed in any manner incompatible with those purposes (Section 7(2) of PDPB).

Third Principle - Personal data shall be appropriate, relevant and not excessive in relation to the purpose(s) for which they are processed (Section 10 of PDPB).

Fourth Principle - Personal data shall be accurate and, where necessary, updated (Sections 10, 14  and 15, paragraph 3 of PDPB).

Fifth Principle - Personal data processed for any purpose shall not be kept longer  than necessary for that purpose (Section 17 of PDPB)

Sixth Principle - Personal data shall be processed in accordance with the right of data subjects (Sections 8, 12,13 and 17 of PDPB).

Seventh Principle - Appropriate technical and organizational measures shall be taken against unauthorized or unlawful processing of personal data and against the accidental loss or destruction of or damage to personal data (Section 11 of PDPB).

Eight Principle - Personal data shall not be transferred to a country or territory  outside Thailand unless  that country or territory ensures an  adequate level of protection of the rights and freedom of data  subjects in relation to the processing of  personal data ( Section 16 of PDPB).

In addition, the Data Controller, Data Possessor and Data Collector (including the government section) have to obtain and comply with the consent of data subjects or consumers before processing their personal data under the following conditions:

a) Normal data - The Data Controller, Data Possessor and Data Collector have to specify to consumers 1) the purpose of the collection of personal data 2) the name of the legal provision(s) which authorize(s) the Data Controller, Data Possessor and Data Collector to collect such personal data, and 3) the person(s) or department(s) to which the Data Controller, Data Possessor and Data Collector have to disclose such personal data (Sections 8 and 10).

b) Sensitive data -The Data Controller, Data Possessor and Data Collector have to obtain the consent of consumers to collect their personal data regarding race or ethnicity, political opinions, religious beliefs, philosophical beliefs, sexual preferences, criminal record, health record, etc. (Section 9 of PDPB).

In light of the above, to collect personal data from consumers based on an ongoing basis, every business entrepreneur and governmental entity is required to comply with the aforesaid regulations. Even though some parts of the PDPB do not meet the standard of the Data Protection Law required at the international level, it may, so far, be the only shield to protect the privacy right of Thai people.

Subsequently, the underlying concept of the aforesaid principle rules will be further explored, together with the discussion of certain interesting sample cases relating to the Personal Data Protection Law in comparison with the PDPB. To provide a clear picture of the PDPB, we also will discuss loopholes of the PDPB.

 

เข้าสู่ระบบ



สถิติการเข้าชม

mod_vvisit_countermod_vvisit_countermod_vvisit_countermod_vvisit_countermod_vvisit_countermod_vvisit_countermod_vvisit_counter
mod_vvisit_counterวันนี้184
mod_vvisit_counterเมื่อวาน126
mod_vvisit_counterสัปดาห์นี้416
mod_vvisit_counterเดือนนี้1468
mod_vvisit_counterทั้งหมด388596
Visitors Counter 1.5

สมาคมส่งเสริมทรัพย์สินทางปัญญาแห่งประเทศไทย (IPPAT) อาคาร 253, ชั้น 22 ถนน สุขุมวิท แขวง คลองเตยเหนือ เขต วัฒนา กรุงเทพ 10110
โทรศัพท์ : (02) 664 - 4393 โทรสาร : (02) 664 - 4394 E-mail : ipm@ippat.org