Flexibility urged for data laws
THAILAND’S proposed cybersecurity laws need to be more flexible and focused on the market, says a lobby group for the international software industry.
“Part of legislating the new cybersecurity laws is making sure that the rules are flexible, market-oriented as opposed to being highly top-down and prescriptive,” said Jared Ragland, senior director for policy for Asia-Pacific at BSA, The Software Alliance, in an interview with The Nation yesterday.
The government aims to submit four bills to the Cabinet covering cyber security, data protection and electronic transactions as well as for the establishment of the Electronic Transactions Development Agency (ETDA), according to Pichet Durongkaveroj, Minister for Digital Economy and Society.
Ragland said: “Because the technology is moving so fast, and the way technology is being used is changing so quickly that highly prescriptive regulatory approaches are most likely going to be inadequate and potentially create problems.”
He is calling on the government to “create effective regulation instead of simply tightening regulation” in relation cybersecurity.
BSA, The Software Alliance, is an advocate for the global software industry with governments and in the international marketplace. The industry association is based in Washington DC, with an Asia-Pacific agency in Singapore. BSA members include large multinational companies such as Apple, Adobe, Amazon Web Services, Intel and Microsoft.
They association works on promoting licence compliance policies, helping local governments draft effective cybersecurity laws and enhance personal data protection laws.
One of the biggest cybersecurity issues facing Thailand is that it does not have a centralised command and control centre for cybersecurity and no comprehensive legal framework for managing risks, Ragland said.
“It is reasonable that the financial regulator has its own sets of rules. But on the other hand, you also need a coordinating centre that makes sure that the financial regulator is not doing something that is completely incompatible to what the healthcare regulator is doing," he said.
“If you're asking a large multinational company in Thailand or even a local Thai innovator to redesign their cybersecurity systems for each and every different government sector, such as one for finance and a separate one for health care, then it causes a lot of inefficiencies to the customers. “This is why it is important to get the current cybersecurity bill drafted.”
However, there are still some issues that could create problems if they are enacted as currently written, Ragland said.
“The main problem with the current draft is the overly broad and inadequately permitted powers that would be provided or given to the national cybersecurity commission,” he said.
The law would benefit by making more explicit the checks and balances. Also required is some independent oversight on how the commission conducts its commission and investigatory powers, so that it doesn't disproportionately react to threats and cause an unnecessary burden for private businesses, Ragland said.
“If these bills are not enacted by end of this year, after the election set for next year, the new government should quickly pick up where it was left off, instead of scrapping all progress so far and starting all over again,” he said.
Thailand now has a score of 48.4 on the 2018 BSA Global Cloud Computing Scorecard, based on research which compares the level of data privacy, security, cybersecurity, intellectual property rights, standards and international harmonisation, promoting free trade, and IT readiness. The country ranks higher than India, Russia and China, but is behind Japan, Malaysia and South Korea.