Connect with us

Tech

Thailand data privacy law and consequences

Thailand finally has a law in place to protect consumer privacy and personal data. It took over two decades for this law to materialise despite much public concern over consumer privacy violations

Avatar

Published

on

After a long wait, Thailand finally have a law to protect our data privacy. But don’t jump with joy just yet.

Loading...

Nowadays when we are obliged to give away our personal data for various services, it is only right to have a system to prevent data privacy violations and to punish companies for selling or misusing our personal information.

The recent mega data breach by Facebook shows how easy it is for businesses to violate consumer privacy for commercial gains. It also shows how serious governments are in protecting data privacy.

The Facebook Cambridge Analytica scandal

Following the scandal, the US Federal Trade Commission hit the tech giant with a record US$5 billion (153 billion baht) fine for allowing Cambridge Analytica, a political consultancy firm, to obtain the personal data of up to 87 million Facebook users, possibly for political purposes during the US presidential election.

The Italian Data Protection Authority also ordered Facebook to pay a fine of one million euros (33.8 million baht) for Cambridge Analytica data misuse which violated Italy’s privacy law.I recommend you watch  The Great Hack , a Netflix documentary on the Facebook Cambridge Analytica scandal, to understand the danger of data misuse and the urgency of personal data protection.

It is good news, then, that Thailand finally has a law in place to protect consumer privacy and personal data. It took over two decades for this law to materialise despite much public concern over consumer privacy violations.The Personal Data Protection Act came into effect in May this year, a significant move to protect consumer rights in Thailand’s digital age.

Consent is one of the key features for data sharing

Under this law, people have the right to protect their privacy and manage personal data collected by organisations and companies. Consent is one of the key features for data sharing, while people have the right to know which organisations have their data as well as how it is used and shared.Yet implementation remains problematic.

For starters, the national personal data protection commission won’t be able to operate as a regulator for at least another year. Also, many provisions are still vague, which may lead to legal misinterpretation and weak legal enforcement.

Since the law allows business operators only a one-year grace period before legal enforcement, they have little time to adjust their operations to comply with the personal data privacy law.

Without an authorised body to clarify legal provisions and set guidelines, most operators will be unprepared for compliance when the data privacy regulator is ready to enforce the law next year.This is a matter of the law being too slow to materialise, and then too quickly implemented to prepare businesses for change.

According to a survey by the Thailand Development Research Institute (TDRI), business operators are voicing a similar need for legal clarifications and guidelines from the state regulator due to vague legal provisions. Anxiety is running high that unclear legal provisions may lead them into legal and financial wrangles.

But there are still several things they can do to avoid such problems.

Under the new law, business operators have two main responsibilities.

One is to protect personal data by giving its owner the right to access, correct, be fully informed about data use, and manage and delete personal information. Consent is necessary for data collection, use, and disclosure in many cases.

Their other duty is to inform the owner when a data breach occurs and to report it to the national personal data protection commission. Despite the lack of clear legal guidelines, business operators can prepare themselves to meet these two duties.

First of all, they should review and analyse how much personal data they possess and clarify collection channels, methods, and its keepers. They must review policy on data sharing and deletion and conditions under which these occur. They should design a data flow system for data management procedures. Different types of personal data also require different treatment for different levels of legal compliance.

Personal information of employees is also protected by the new law

The company must accord them the right to process their data and protect their privacy.Next, they should set up in-house data protection teams to monitor data privacy and ensure legal compliance.

According to a TDRI study, well-prepared business operators all have in-house teams and internal systems to monitor data flow and to assist other business departments for legal compliance.

These teams will coordinate with the national data protection agency when a data breach occurs. Having in-house data protection teams also prevents the risk of violating the law by sharing personal data with an outsourced third party.

Notably, collecting, processing and disclosing personal information is allowable when it involves contractual obligations, but only with the data owner’s consent, which can be acquired electronically.

However, business operators must be cautious about sensitive information such as on race, health, criminal records and religion. Disclosing such personal data requires the owner’s consent in most cases.

Business operators should also occasionally delete personal data in their possession to reduce the workload.

Better still, they should maintain only what is necessary. It helps to have data flow maps to identify when certain information should be deleted and under what conditions to ensure effective data protection.

Equally necessary is the a management system that owners can access. Maintaining a record of access is also useful for in-house monitoring, not only for data security but also for emergency intervention.To ensure compliance with the data protection law, the operators should have data protection and privacy policies in place and inform customers and the public accordingly. They should reveal how they manage and protect consumer’s personal data and the channels for data owners to access and manage their information.

Staff training on data privacy and protection is necessary to help employees at all levels avoid violating the law. At the same time, organisations must set up a system for staff to access their personal data and exercise their right to manage and protect their data privacy.

Preparation to comply with the Personal Data Protection Act requires much more than creating consent forms for customers or ad-hoc measures. It requires understanding the big picture of one’s business operations and entails participation from all levels of staff, from top executives to customer service.The time needed for organisational adjustment varies with the size and complexity of the business.

From our TDRI study, business operators with over 10,000 employees need at least two years to prepare themselves.Since business preparations cost time and money, businesses should work together under their professional umbrellas, such as the Federation of Thai Industries, the Thai Chamber of Commerce, or other business alliances under the same regulator. Business collaboration to mete out the data protection and privacy standards with input from the national regulator will benefit both parties.

The participatory process will enable the private sector to follow clear and common directions. It also makes it easier for the state regulator to monitor the businesses through mutually agreed standards.When the state regulator is not ready, the business sector must make the first step. If not, their unpreparedness will backfire and people’s data privacy will suffer further.

Chawana Huangsuntornchai is a researcher at the Thailand Development Research Institute (TDRI).

Author : Chawana Huangsuntornchai

First Publish: Bangkok Post, September 11, 2019
The post Businesses must lead on data privacy appeared first on TDRI: Thailand Development Research Institute.

Source link

Ecommerce

How will oil prices shape the Covid-19 recovery in emerging markets?

Oxford Business Group

Published

on

How will oil prices shape the Covid-19 recovery in emerging markets?
– After falling significantly in 2020, oil prices have returned to pre-pandemic levels
– The rise has been driven by OPEC+ production cuts and an improving economic climate
– Higher prices are likely to support a rebound in oil-producing emerging markets
– Further virus outbreaks or increased production would pose challenges to price stability

Loading...

A combination of continued production cuts and an increase in economic activity has prompted oil prices to return to pre-pandemic levels – a factor that will be crucial to the recovery of major oil-producing countries in the Middle East and Africa.

Brent crude prices rose above $60 a barrel in early February, the first time they had exceeded pre-Covid-19 values. They have since continued to rise, going above $66 a barrel on February 24.

The ongoing increase in oil prices, which have soared by 75% since November and around 26% since the beginning of the year, marks a dramatic change from last year.

Following the closure of many national borders and the implementation of travel-related restrictions to stop the spread of the virus, demand for oil slumped globally.

In the wake of the Saudi-Russia price war in early 2020, Brent crude prices fell from around $60 a barrel in February that year to two-decade lows of $20 a barrel in late April, as supply increased and demand plummeted. The value of WTI crude – the main benchmark for oil in the US – fell to record lows of around $40 a barrel last year on the back of a lack of storage space.

While global demand for oil remains low, one factor credited with reversing the trend is the decision to make significant cuts to oil production, which subsequently tightened global supplies.

Read More

Continue Reading

Tech

How the Rural-Urban Divide Plays Out on Digital Platforms

It is one thing for entrepreneurs, whether urban or rural, to create and operate an online store, as some digital platforms have made it relatively easy to manage an e-store – even by using just a smartphone.

Avatar

Published

on

In the West, villages are emptying out due to the lack of economic opportunities. Consider Italy where, in a bid to attract newcomers, a handful of municipalities have turned to selling houses for €1.

Loading...
(more…)

Continue Reading

Ecommerce

Will South-east Asia’s tech giants turn to SPACs to boost post-pandemic growth?

Oxford Business Group

Published

on

Will South-east Asia’s tech giants turn to SPACs to boost post-pandemic growth?
– SPACs have become a hot-button topic in global finance
– The vehicle is widely used to help tech start-ups go public
– Both Singapore’s and Indonesia’s exchanges are set to allow SPACs
– Several South-east Asian tech unicorns may use SPACs to list publicly

Loading...

South-east Asia is seeing a wave of interest in special purpose acquisition companies, or SPACs, with various major tech players considering them as a means to fast-track public listings. In parallel to this, several exchanges in the region are moving to allow SPAC listings, with a view to boosting post-coronavirus growth.

SPACs are shell companies set up by investors and then listed on a given stock exchange. Their sole function is to acquire a private company, enabling it to go public without having to go through a traditional initial public offering (IPO).

A SPAC does nothing beyond its essential function – it neither produces nor sells anything, and a SPAC’s only assets are the funds raised from its own IPO.

Crucially, people who buy into a SPAC do not know what its eventual acquisition target or targets will be. This is why SPACs are often referred to as “blank cheque companies”: they give the founders a free rein to back their choice of private company. A key feature of SPACs is that they are often headed by big-name business executives or fund managers, who trade on past successes to inspire trust in investors.

While they are far from a novel phenomenon, SPACs have become a hot button topic in recent times: SPAC initial offerings quadrupled last year, with the vehicles raising a record $80bn.

Merging with a SPAC enables a company to go public and raise capital more quickly and painlessly than with a traditional IPO, circumventing some of the volatility that Covid-19 unleashed on global markets. At the same time, they function rather like venture capital, helping investors to buy into high-growth start-ups on the ground floor.

Read More

Continue Reading

Most Viewed

Subscribe via Email

Enter your email address to subscribe and receive notifications of new posts by email.

Join 13,957 other subscribers

Latest

Trending