Thailand’s Personal Data Protection Act Starts June 1, 2022

The Royal Thai Police in Thailand have provided recommendations for using people’s photos, videos, and other files without violating the new Personal Data Protection Act, which takes effect on Wednesday, June 1, 2022.

According to Pol Col Siriwat Deepor, a deputy police spokesman, people can still take pictures and videos of others unintentionally and use them for personal purposes, as long as they do not cause any harm.

As a result of the new law, people can post pictures and videos online of themselves with others for personal purposes without any intention of attempting to make money or cause harm.

According to the deputy spokesman, CCTV installations intended to prevent crime and boost security will not require warning signs.

Pol Col Siriwat said personal data can be used without prior permission if it helps save lives, protects individuals’ interests and rights, and supports statistical research and the public interest.

Personal Data Protection Act

Personal Data Protection Act of Thailand

Thailand’s first consolidated data protection law will become fully enforceable in June 2022. As a result of a royal decree, PDPA’s enforcement was postponed from 2020 to June 1, 2022.

According to reports, the PDPA is the first Thai law designed to govern data protection in the digital age and has been compared to the General Data Protection Regulation (GDPR) of the European Union.

Data collection, storage, and consent protocols are among the key components of the PDPA. It is expected that the PDPA will transform the Thai data protection landscape once it is implemented.

A data controller or processor who uses personal data with the consent of the data owner and only for the stated purpose is required by law. Non-compliance with the PDPA can result in administrative fines of up to THB 5 million and criminal fines of up to THB 1 million.

The PDPA is largely influenced by the EU GDPR, but there are some unique aspects of Thai law, particularly consent.

Generally, the PDPA applies to all organizations that collect, use, or disclose personal data in Thailand or of Thai residents, regardless of whether they are incorporated or recognized under Thai law, and regardless of whether they are residents or have a business presence in Thailand.

PDPA’s extraterritorial scope represents a major expansion of Thailand’s data protection obligations, as it covers all processing activities related to Thailand-based data subjects.

The purpose for which personal data is collected must remain the same prior to June 1, 2022.

The data controller/processor must however disclose a withdrawal method and notify the data subject of the same so that the data subject has the option to withdraw their consent/opt-out.

However, if the data controller/processor intends to use or disclose personal data for a purpose other than that for which the data subjects previously consented, separate consent is required for each additional purpose.

Leave a Comment