By

Attorneys Naytiwut Jamallsawat & John Formichella

Background

The Thai Cabinet, on May 19, 2020, approved a Royal Decree on Organizations and Businesses which shall be exempted from compliance with the Personal Data Protection Act B.E. 2562 (2019) (“Royal Decree“) to delay the enforcement date of the Personal Data Protection Act B.E. 2562 (2019) (“PDPA“). The Royal Decree has been published in the Royal Gazette on May 21, 2020 and will be effective from May 27,2020 to May 31, 2021. It provides exemptions to data controllers listed under the Royal Decree to certain chapters and section under the PDPA which include:

–          Chapter 2 (data controllers’ obligations relating to the use, collection, and disclosure of personal data, privacy notices, consent requirements, exemptions and cross-border of data privacy);

–          Chapter 3 (data subject rights, data protection officer and record of processing);

–          Chapter 5 (complaints and administrative punishments);

–          Chapter 6 (civil penalties and punitive damages);

–          Chapter 7 (criminal liabilities and administrative punishments); and

–          Section 95 (transitional matter).

Data controllers who shall obtain the exemptions under the Royal Decree are as follows:

1)      Government authorities;

2)      Foreign public authorities and international organizations;

3)      Foundations, associations, religious organizations, and non-profit organizations;

4)      Agricultural businesses;

5)      Industrial businesses;

6)      Commercial businesses;

7)      Medical and public health businesses;

8)      Energy, steam, water and waste disposal businesses, including their related business;

9)      Construction businesses;

10)  Repair and maintenance businesses;

11)  Transportation, logistic, and warehouse business;

12)  Tourist businesses;

13)  Communication, telecommunication, computer, and digital businesses;

14)  Financial, banking and insurance business;

15)  Real estate businesses;

16)  Professional businesses;

17)  Management and support services business;

18)  Scientific and technological, academic social welfare and artistic businesses;

19)  Educational businesses;

20)  Entertainment and recreational businesses;

21)  Security business; and

22)  Household and community enterprise businesses whose activities cannot be clearly classified.

If there is any question as to whether particular organizations or businesses are fallen under the above list, the Personal Data Protection Committee (PDPC) shall consider and render its final decision at its sole discretion.

The main reason as specified in the Royal Decree is to provide more time for the business operators, which shall be regarded as data controllers by the PDPA, to prepare themselves to be fully compliant with the PDPA. The Royal Decree further specifies that business operators, including private and government sectors, are not ready to be in compliance with the PDPA. This was mainly due to requests from the private sector filed with the government indicating problems with the economy and within their organizations, such as the economic impact and other restrictions due to Covid-19 situation.

The extension is not to be interpreted that the Government of Thailand is relaxing its readiness to implement the PDPA. An essential action by the Thai government is that the PDPC committee has been appointed and will start the process of formulating regulations and an enforcement culture surrounding the PDPA.  The list of the PDPC members approved by the Cabinet as announced by the government’s spokesperson on 19 May 2020 are as follows (note that this list is not official until published in The Government Gazette):

1)      The Chairman: Mr. Thienchai Na Nakorn

Professor of faculty of law, Sukhothai Thammatirat Open University

Former Constitution Drafting Committee (CDC)

Former senior member of various committees (e.g. Committee of Official Information Commission, Committee of National Institute of Educational Testing Service (NIETS) and secretary-general of Political Development Council).

2)      Senior committee (personal data protection): Mr. Nawanan Theera-Ampornpunt

Technocrat on health informatics;

Deputy dean on practitioner level of faculty of medicine, Ramathibodi Hospital.

3)      Senior committee (consumer protection): Pol.Lt.Col Thienrath Vichiensan

Senior committee of Official Information Commission;

Former chief of inspector of Prime Minister Office;

Director of the Official Information Commission.

4)      Senior Committee (Information and communication technology): Mr. Pansak Siriruchatapong

Former Vice Minister of Ministry of Digital Economy and Society;

Former director of National Electronics and Computer Technology Center (NECTEC)

5)      Senior committee (social science): Asst. Prof. Tossapon Tassanakunlapan

Professor and researcher of faculty of law, Chiang Mai University

6)      Senior committee (legal): Ms. Thitirat Thipsamritkul

Teacher of faculty of law, Thammasat University

7)      Senior committee (legal): Prof. Supalak Pinitpuvadol

Professor of faculty of law, Chulalongkorn University

8)      Senior committee (health): Prof. Prasit Watanapa

Dean of faculty of medicine, Siriraj Hospital

9)      Senior Committee (finance): Ms. Ruenvadee Suwanmongkol

Secretary-general of the Securities and Exchange Commission

10)  Senior Committee (Government Information Management): Mrs. Methinee Thepmanee

Former secretary-general, Office of the Civil Service Commission (OCSC);

Former permanent secretary, Ministry of Information and Communication Technology (ICT).

In addition to the abovementioned members, please note that the PDPA requires that the PDPC must appoint permanent secretary of the MDES as the vice-president of the PDPC, together with 5 additional board members which include (i) the permanent secretary of the Prime Minister Office, (ii) the secretary-general of the juridical council, (iii) the secretary-general of the office of consumer protection board, (iv) the director-general of the Rights and Liberties Protection Department, and (v) the attorney-general. Please note that as of the writing of this article 27 May 2020, the official list of the PDPC members are not yet published in The Government Gazette.

The above is for general information purposes only and should not be relied upon as legal advice.

Posted by John P. Formichella

John Formichella, along with Numlapyos Sritawat and Naytiwut Jamallsawat, founded Formichella & Sritawat and leads the firm’s Telecommunication, Media, Technology, Data Privacy Practice and is past Chair of the Information and Communications Technology Committee of the American Chamber of Commerce in Bangkok. He is rated as Leading Individual by Legal 500 and ranked as a Band 1 individual by Chambers and Partners. Considered a leading expert in the technology, media, and telecommunications sector, John has over 25 years’ sophisticated experience, covering technology transactions, telecommunications law, data privacy, cyber-security, data center outsourcing, media (OTT service providers, film, and television), and e-commerce. John has also served as an advisor to local chambers of commerce and U.S. Embassies in Thailand and Taiwan, and governmental bodies regarding Technology, Media & Telecommunications matters, including both the Office of the United States Trade Representative and United States Department of State in connection with international trade and telecommunications, and has provided testimony to members of the United States Senate on fact-finding missions in Thailand. Before forming Formichella & Sritawat, John practised with Bangkok based firm Blumenthal, Richter & Sumet for 16-years. He came to BRS from Minter Ellison, where he practised out of its Bangkok offices in its Corporate practice group. Before joining Minter Ellison, he was Vice President/General Counsel of Wherever.net Holding Corporation (a NASDAQ-listed telecoms company based in Hong Kong). Before that, he was an associate for East-West International Law Offices in Taipei, Taiwan, from 1996 to 1999. John graduated from the State University of New York (University at Buffalo), earning Bachelor of Arts and Master of Arts (Economics) degrees and a Juris Doctorate. He also studied at the Chulalongkorn University Faculty of Law in Bangkok. John is admitted to practice law in Washington, D.C. and is a District of Columbia Bar Association member. John can be reached at john@fosrlaw.com

All Posts Website

Leave a Reply