Thailand’s Personal Data Protection Act (PDPA) was due to come into effect on May 27, but its implementation will now be postponed for another year, the government announced this week
The verdict, according to the Cabinet, came after business operators and sectors raised concerns over not being ready for such changes due to the current coronavirus pandemic.
“The postponement is to curtail any negative impacts that may occur to government agencies, businesses, and the public,” Rachada Dhanadirek, a deputy government spokesperson said on Monday.
“If the enforcement is on schedule while all sectors are still not ready, it may cause unintended violation and damage to the law and individuals, and may also be a way for dishonest individuals to use it to their advantage.”
The PDPA is intended to protect the rights of anyone in Thailand from the unauthorized or unlawful collection, use, disclosure, or processing of their personal data.
It is the country’s first consolidated law on the subject, with many of its principles and obligations adapted from the European Union’s General Data Protection Regulation (GDPR).
Under the PDPA, the legal bases for protecting personal data include consent, legal obligation, public interest, and legitimate interest.
Without proper enforcement guaranteed by the PDPA, the extension could inadvertently affect human and consumer protection rights.
The act, however, comes with its own loopholes.
Under certain circumstances, the collection and use of personal data can be exempted if done on behalf of public interest, but there have been no clear, specific guidelines into what that entails.
Data requests are ultimately determined by official government data controllers, who are also required to provide justification for their decision once a request is rejected.