Thailand’s Privacy Law Passed

On the last day of February 2019, Thailand’s National Legislative Assembly finally approved its long-pending draft Personal Data Protection Act (the “TH PDPA”). After the royal endorsement (which is usually a formal procedure), the law is expected to be published within a couple of weeks.

Heavily affected by the EU General Data Protection Regulation (“GDPR”), the TH PDPA entitles data subjects the right to delete, in addition to other rights that are usually provided in other jurisdictions. Also, the TH PDPA will apply not only to companies located in Thailand, but also overseas companies which collect, use, or disclose personal data of subjects in Thailand, specifically for advertisements and “behavior monitoring.” This extraterritorial effect would no doubt increase the burden of compliance for a multinational company, provided that it targets the Thai data subjects.  This is also quite similar to the GDPR.

A Personal Data Protection Committee will be established to enforce compliance with the TH PDPA.  That said, the law provides a one-year grace time for enterprises to prepare the compliance of it.


Author: Donnie (豆哥)

Former academic in Law & Sociology, currently a lawyer, 15+ years experiences in IP and IT laws. 前任法律学者、现任滤师,专业过滤假货崴货(不限商品、服务、鸡汤鸡血);业余仁波切,负责解答精神问题。微信公号fadoufadou