Thailand's Draft Data Protection Bill: Many Strengths, Too Many Uncertainties
(2018) 153 Privacy Laws & Business International Report, 23-25
7 Pages Posted: 7 Aug 2018 Last revised: 23 Aug 2018
Date Written: May 20, 2018
Abstract
Thailand is the most economically significant country in East Asia which does not yet have anything resembling a general data privacy law, but on 22 May 2018, just before the EU’s GDPR came into force, a draft Personal Data Protection Bill (PDPB) was approved by the Thai Cabinet for submission to the Council of State and the National Legislative Assembly. After ten years of various draft Bills, there are a number of reasons why the current Bill is much more likely to be enacted. A local factor is that lack of data privacy has recently become very controversial in Thailand because a mobile phone operator, exposed 46,000 customer records (names, addresses, scans of ID cards and passports) but apparently faces no legal consequences. An external factor is the extra-territorial reach of the EU’s General Data Protection Regulation (GDPR), in force as of 25 May 2018, which is referred to constantly (although often with exaggeration) by Thai commentators as posing problems for Thai businesses unless Thailand adopts a compatible law. This article critically reviews the PDPB, by reference to the standards of international privacy instruments. It concludes that Thailand’s Bill is one of reasonable strength by current global standards, except for its major deficiencies in the independence of its DPA, and the excessive degree of potential exceptions to its operation.
Keywords: Thailand, data protecton, privacy, EU, GDPR
Suggested Citation: Suggested Citation