Thailand – Asia’s strong new data protection law
The law which will enter into force in May 2020 includes many GDPR-informed principles, but also some omissions. By Graham Greenleaf and Arthit Suriyawongkul.
A military coup in 2014 imposed a junta government in Thailand. In February 2019, three weeks before the first general elections since the coup, this government enacted a data privacy law to override an old and ineffective law applying only to the public sector. A military-backed party now leads a coalition government with a Prime Minister and Cabinet members from the previous military government, and an appointed upper house.
Most of the Personal Data Protection Act (PDPA)(1) does not come into force until 28 May 2020, a year after it was gazetted, but some provisions concerning the data protection authority are in force during this interim period. The PDPA is based on a GDPR-influenced Bill proposed in May 2018,(2) but it has many differences from that Bill. The Act establishes a Personal Data Protection Committee (PDPC) and an Office to act on its behalf.