About the Forum:
In the absence and delay of a general data protection framework in Thailand, local companies have largely relied on international frameworks such as EU’s General Data Protection Regulation (GDPR) and the APEC Privacy Principles to guide their own privacy policies. These same frameworks have also inspired Thailand’s own Draft Personal Data Protection Act which contains similar terms and requirements, such as defining the role of data processors and data controllers, the need for explicit consent to be provided, provisions on cross-border data transfers where the destination country needs to have its own set of comparable data protection measures and so on.
By establishing an Act that enables cross-border data transfers yet protects the rights of citizens, Thailand may be on its way to create an environment conducive for businesses to operate in while empowering citizens to have ownership over their personal data. Furthermore, references to international frameworks reduce compliance costs for businesses in Thailand to comply with multiple frameworks. While current reads of the draft Act seem to indicate a lower level of protection compared to the GDPR, this may actually benefit smaller businesses who may not have resources to comply fully with the GDPR’s requirements, yet leave room for more straightforward compliance in the future.
With the impending passing of Thailand’s Personal Data Protection Act, how can we ensure we best leverage this opportunity to create an enhanced framework for the protection data subject rights and also allow businesses to leverage compliance as a competitive advantage when trading across-borders and going global? How can we ensure a right balance between protecting user rights and building trust between businesses and consumers?
In this session, organised by the Academy of Public & Enterprise Policy and Regulation (APaR), University of the Thai Chamber of Commerce, the International Institute of Communications Thailand, and TRPC, we will navigate the issues arising from the convergence of multilateral frameworks with local regulations and discuss what they mean for businesses and policy makers in Thailand, including:
- How does Thailand’s Draft Personal Data Protection Act hold-up to GDPR and other international frameworks?
- What kind of regulator would be most suitable to oversee the regulation of privacy in Thailand?
- How can Thailand benefit from its belated enactment of a Personal Data Protection Act?
- What other international frameworks should Thailand consider aligning its rules with?
- How can Thailand play a leading role in driving greater regional harmonisation of data protection frameworks in ASEAN?
- Arthit Suriyawongkul – Coordinator, Thai Netizen Network
- Thitirat Thipsamritkul – Lecturer, Faculty of Law, Thammasat University
- Desarack Teso — Director of Corporate, External & Legal Affairs, Microsoft Thailand
- Laura Winwood – Director, TRPC