Maximum fines start enforcement of Thai data privacy law

Graham Greenleaf, PL&B Asia-Pacific Editor, and Arthit Suriyawongkul of the ADAPT Centre, Trinity College Dublin report on the fines imposed on a major Thai IT vendor.

Thailand’s Personal Data Protection Act, 2019(1) (PDPA) came into force, after a two-year delay, on 1 June 2022(2). The main data protection authority is the Personal Data Protection Commission (PDPC).(3) The Thai government explicitly acknowledged the influence of the EU’s GDPR in the development of the law.(4)

The first major enforcement decision under the law was taken in August 2024, resulting in three administrative fines of the maximum amounts (in total 7 million baht, approximately US$206,526), the largest total fine yet imposed in an Asian country, other than South Korea or China.

The JIB case

Continue Reading

International Report subscribers, please login to access the full article

LOGIN

If you wish to subscribe, please see our subscription information.

Subscribe