The problems about data privacy regulations in Thailand

The problems about data privacy regulations in Thailand, The current issue with Thailand's Personal Data Protection Act, The restriction on Data Controller and/or Data Processor, The consent from the data subject

The problems about data privacy regulations in Thailand

Personal data protection is one of Thailand’s major focuses in recent times. Accordingly, this country has set out many new regulations as well as practical solutions to protect its citizen’s personal data. This also means the complete eradicate of any factors or problems that damages or can cause harm to personal data. One of the problems with data privacy regulations in Thailand is about the Data Controller and/or Data Processor that will likely be resolved in the upcoming update of the data privacy law.

In Thailand, Personal Data is defined as any information relating to a natural living person. Personal data enables the identification of such a person whether directly or indirectly. 

Personal data can be big or small, from name, surname, ID card number, address, telephone number, e-mail address, financial details, race, religious or philosophical belief, sexual behavior, criminal record, health records, etc.

Personal data, in general, and sensitive personal data, in particular, needs to be protected from malicious individuals and organizations both domestically in Thailand and foreignly, in other countries around the world.

The current issue with Thailand’s Personal Data Protection Act

The Personal Data Protection Act (PDPA) and before it, the Official Information Act were established to govern data protection under the possession or control of state agencies.

Accordingly, the enforcement of data protection is not wide and not as encompassing as needed, especially when the population of Thailand increases and more people gain access to the Internet every day, leaving them vulnerable.

In addition, most of the provisions of the PDPA have not been implemented because the government has issued the Royal Decree to exempt most types of businesses, including most state and private entities, from the enforcement of the PDPA initially until 31 May 2021. This exemption has been extended for another year – making the PDPA set to be fully enforced on 1 June 2022. 

Consequently, there is currently a big loophole in the PDPA and we can never know if the PDPA’s exemption provision will be extended for another period of time.

The restriction on Data Controller and/or Data Processor

Although the term Data Controller and/or Data Processor might seem very strange, it is actually a very commonly used term in the technology area. 

Principally, The data controller determines the purposes for which and the means by which personal data is processed, and The data processor processes personal data only on behalf of the controller. The data processor is usually a third party external to the company.

In Thailand, the PDPA applies to any natural person or legal person acting as Data Controller and/or Data Processor in the Kingdom of Thailand that collects, uses, or discloses the personal data of a natural living person, whether or not the collection, use or disclosure is done in or outside the Kingdom of Thailand. 

Because DC and DP have so much power, they are capable of making immense consequences if not properly controlled. 

According to the PDPA, the Data Controller can only be allowed to perform their duty if they have been given consent prior to or at the time of the collection, use, or disclosure of personal data. 

The consent from the data subject

At the moment, the PDPA does not provide a request for consent form but they require the Data Controller to request for data subject’s consent using the form and statements as will be prescribed by the PDPC. 

As per protocol, the Data Controller must clearly inform the data subject of the purpose of their action in a written statement or via electronic means. When receiving the request, the data subject has full authority to give his/her consent and, if they do, they can withdraw their consent at any moment, except where there is a restriction by law or contract that benefits the data subject. 

*** Other Articles***

– You could visit here to see Procedure of Thailand Trademark Registration.

– You could visit here to check the required documents for filing trademark in Thailand here.

– You could read 06 Frequent Questions About Filing Trademark In Thailand here.

– You could visit here to see Power of Attorney of trademark in Thailand here.

– You could read 07 Legal Notes To Thailand Trademark Law You Need To Know here

Contact AAA IPRIGHT: Email:

Or sending your inquiry by filling the form:








    Share this post

    WhatsApp chat

    By continuing to use the site, you agree to the use of cookies. more infomation

    The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.