National panel seen as not independent enough due to state, business influence.
THAILAND’S DATA protection bill, approved by the Cabinet earlier this week, is falling short of the benchmark set by the European Union’s General Data Protection Regulation (GDPR) law, especially in terms of protecting Thai citizens’ right to their online data, according to the Thai Netizen Network.
Arthit Suriyawongkul, coordinator of the network, said a major issue is that the proposed national committee on data protection, which will be in charge of protecting the rights of Thai citizens, will not be independent enough since most committee members will be state officials and representatives of private sector bodies.
In addition, this crucial committee is under the Ministry of Digital Economy and Society’s (MDES) jurisdiction, so committee members will not have the autonomy enjoyed by those sitting on the National Human Rights Commission or the previous National Broadcasting and Telecom Commission, he said.
The proposed national committee also has members who are users of the people’s online data, including representatives of the Thai Bankers’ Association and Federation of Thai Industries and the Board of Trade, so there is a potential conflict of interest as far as protecting citizens’ online data is concerned.
The National Committee on Digital Economy and Society, chaired by deputy premier Prajin Juntong, yesterday held a meeting to discuss enforcement of the EU law, which was implemented worldwide yesterday. Dr Pichet Durongkaveroj, the Minister of Digital Economy and Society, said earlier the government is speeding up enactment of the Thai data protection bill to ensure that the country has a legal framework to work with the EU on this matter.
There were also reports that the Cabinet-approved bill may need some changes so that it is up to date when compared with the EU law, especially in terms of punitive measures covering data leaks and breaches.
The EU law’s enforcement also has consequences for Thailand and other countries that deal with EU citizens. In Thailand, tourism and related businesses, financial services, and healthcare are among the sectors required to take steps to comply with the EU law, or they may face punitive measures if there are data leaks and breaches involving EU customers.
According to Arthit of the Thai Netizens’ Network, the government should consider upgrading the composition of the national committee on data protection to ensure that they are better qualified to do their duty to protect the rights of citizens’ online data.
The EU has said that its data protection law, which was enacted in 2016, is designed to allow citizens to take back control of personal information held online. Brussels has insisted that the law will become a global benchmark for the protection of people’s online information, particularly in the wake of the Facebook data harvesting scandal, according to AFP.
AFP also reported that some US news websites were blocked by the EU data law yesterday after the law took effect, with the LA Times, Chicago Tribune, New York Daily News, Baltimore Sun and Orlando Sentinel websites all displaying the same message that they could not be accessed.
“Unfortunately, our website is currently unavailable in most European countries,” the message read. “We are engaged on the issue and committed to looking at options that support our full range of digital offerings to the EU market. We continue to identify technical compliance solutions that will provide all readers with our award-winning journalism.”
The blocked websites are all owned by media company Tronc, formerly known as Tribune Publishing. Local US newspapers owned by Lee Enterprises, including the St Louis Post Dispatch and Arizona Daily Sun, were also out of reach.
“We recognise you are attempting to access this website from a country belonging to the European Economic Area, including the EU which enforces the General Data Protection Regulation (GDPR), and therefore cannot grant you access at this time,” its website said.
According to AFP, the EU rules were officially adopted two years ago, with a grace period until now to adapt to them, but some companies have been slow to act, resulting in a last-minute scramble.