Newsletter
  • Video
    • Thisrupt commentaries
    • Thisrupt Talk
    • Thisruptor
    • Thisrupt History
  • Article
    • Current Affairs
    • Business
    • Society
    • Lifestyle
  • About us
No Result
View All Result
  • Video
    • Thisrupt commentaries
    • Thisrupt Talk
    • Thisruptor
    • Thisrupt History
  • Article
    • Current Affairs
    • Business
    • Society
    • Lifestyle
  • About us
No Result
View All Result
Thisrupt
No Result
View All Result

PDPA: Thailand’s data protection law will be late, but it’s coming

Kanop SoponvijitbyKanop Soponvijit
May 13, 2020
in Lifestyle
PDPA: Thailand’s data protection law will be late, but it’s coming
Share on FacebookShare on TwitterShare on LINEShare on WhatsAppShare on Reddit

Almost one year ago, the Personal Data Protection Act (PDPA) was signed into law. It seemed Thailand was about to have its own data protection law that will safeguard the rights of internet users, similar to how the Europeans have their well-known General Data Protection Regulation (GDPR) law.

The new law had a one-year grace period until May 27, to allow some time for businesses to adapt to the new realities. 

However, the cabinet has announced on May 12 that the grace period will be extended for another year, because “not all sectors are ready yet” and “due to COVID-19.”  

Even with the extended grace period, it’s worth looking into the law that may become a reality, one year from now. 

Who’s covered by this law?

Everyone who resides in the country is covered by this law. This includes tourists and expats.

Also, if you are outside of Thailand, but the business that asks for your data is located in Thailand, then you are covered.

However, the law only protects data of the living. Deceased people are not covered.

What counts as personal data?

This law is written to protect your personal data. But what counts as personal data?

Namely, every piece of information that can be used to identify a person, can be considered personal data. 

This includes obvious things like name, phone number, email address and home address. But it also covers the not-so-obvious ones, such as the combination of age, occupation and hometown that can be used as a clue to identify a person.

What are your rights?

In a nutshell, this law gives you a range of powers to say “yes” or “no” when someone wants to make use of your data, such as collecting and sharing.

No one can collect, use or share your data without your explicit consent, which you can give in writing or by clicking or swiping “I agree” on a website or an app. You may also take back your consent at any time. 

Once you have given consent for a person or a business to use your data, they would become your data controller.

A data controller is also required to give you a “privacy notice” when asking for your consent, which mainly consists of an explanation of why they need your data, how long they will keep the data and whom they may share your personal data with. 

This notice is like a promise that a data controller must keep, once they have your data.

Here are some other important rights that you should know about:

  1. You have the right to access your data or obtain a copy of your data.
  2. You have the right to object to the collection, use or sharing of your personal data and request for its deletion or suspension of its use.
  3. You have the right to request deletion and destruction of your personal data when you withdraw your consent. You may also request for its use to be suspended, instead of deleted. 
  4. You have the right to make sure your personal data is accurate and request for its use to be suspended if it’s not.

That’s nice, but how can I make use of these rights in the real world?

These rights mean you no longer have to put up with people, who got hold of your data and use it without your permission.

You’ll be able to tell cold-callers, who try to sell you insurance or credit cards, to remove your number from their systems- and by law, they would have to comply. The law is quite clear on giving you the power to object the use of your data for direct marketing purposes.

If you are signing up for a new website account, you’ll be able to refuse if the website is trying to collect your data and sell it to other people. And still, you’ll be able to use the website. This is because the law requires that businesses do not ask for your data as a condition to provide services.

This also means you will need to squint and read the fine print before giving consent. But the law also dictates that “privacy notices” must be in plain language and must not mislead you of its true purpose in collecting, using or sharing your data. 

But of course, there are loopholes

Unfortunately, there are also plenty of exceptions in this law.

Some of them are fair. For example, there is an exception where doctors must know your medical history. Or, the collection of your personal data is required to make sure you keep up your end of a contract.

But many exceptions leave room for businesses, and especially government bodies, to wiggle.

For one, the collection, use or sharing of personal data without consent can be exempted if it is done for the sake of “public interests.” Obviously, this has a broad interpretation and gives a lot of leeway for the government to justify themselves for using your data.

Secondly, data controllers can reject most of the data requests, although they have to provide justification and keep records of the rejection.

In case there are disputes where data controllers refuse to comply with the data requests, data subjects have the right to complain to the Office of the Personal Data Protection Commission that will set up committees to resolve these disputes.

However, how the disputes will be resolved remain to be seen, at least until the law takes effect. Perhaps a year from now. 

Kanop Soponvijit

Kanop Soponvijit

Kanop Soponvijit is an IT consultant working in Database Marketing and Digital Marketing who spends his free time uploading interesting stories from the interwebs into his brain. Interests are tech affairs and digital native culture among many other things.

Related Posts

Loma Lookmoonbee: The first Thai to fight in the UFC
Business

Loma Lookmoonbee: The first Thai to fight in the UFC

September 27, 2020
Stigma and Harassment: the life of a female bartender
Business

Stigma and Harassment: the life of a female bartender

August 12, 2020
The Birthday Project: when Instagram meets K-pop fandom
Business

The Birthday Project: when Instagram meets K-pop fandom

August 12, 2020
Next Post
Chor Pannika: truth comes before reconciliation

Chor Pannika: truth comes before reconciliation

Emergency decree vs. “Seek the Truth”; authorities threaten legal action against campaign to commemorate 2010 red shirt protests

Emergency decree vs. “Seek the Truth”; authorities threaten legal action against campaign to commemorate 2010 red shirt protests

The Green Rush: prohibition-era laws need to change

The Green Rush: prohibition-era laws need to change

Follow Thisrupt

  • 39.2k Fans
  • 21.5k Followers
  • 1.2k Followers
  • 1.7k Subscribers

Support us

Click Here to Support Us

Highlights

The news you can trust (if you trust the army)

A kingdom of hatred and violence

The senator who wants to save the children

Only the mediocre are proud of mediocrity

Can’t get the paperwork done in one month? Seriously?

Warlords, mafias, and tycoons: a Siamese lavender field

    Facebook Twitter Youtube Instagram

    Thisrupt

    Brutally honest opinion and delicious analysis about what’s happening in Thailand.

    #WhatsHappeningInThailand

    #thisruptdotco

    Newsletter

    © 2020 Thisrupt | Contact

    No Result
    View All Result
    • Video
      • Thisrupt commentaries
      • Thisrupt Talk
      • Thisruptor
      • Thisrupt History
    • Article
      • Current Affairs
      • Business
      • Society
      • Lifestyle
    • About us

    © 2020 Thisrupt | Contact