The committee responsible for spearheading tasks for the Personal Data Protection Act (PDPA) has been established, unlocking the process ushering in necessary subordinate regulations as the law is set to be fully enforced in June.
The first meeting of the Personal Data Protection Committee is expected to take place in early February.
The PDPA paves the way for the establishment of the 16-member committee, which has a broad range of powers regarding the promotion and protection of personal data.
These include drafting a master plan on personal data protection, issuing notifications or rules for the execution of the act, and advising the cabinet on the enactment or revision of the existing laws to protect personal data.
Ten of the members are selected: a chairman and nine honorary directors. The other six sit on the body in accordance with their existing positions.
The list of the 10 selected members, picked by a panel, was announced in the Royal Gazette on Tuesday.
Thienchai Na Nakorn, a former member of the defunct Constitution Drafting Committee, was made chairman of the committee.
The honorary directors include Dr Nawanan Theera-Ampornpunt, deputy dean of operations at the Faculty of Medicine, Ramathibodi Hospital, in the field of personal data protection; Pol Lt Col Thienrath Vichiensan, honorary director of the Official Information Commission, in the field of consumer protection; and Pansak Siriruchatapong, former vice-digital economy and society minister, in the field of information technology and communication.
Other honorary directors are Tossapon Tassanakunlapan, a lecturer at Chiang Mai University's Faculty of Law, in the field of social science; Supalak Pinitpuvadol, a lecturer at Chulalongkorn University's Faculty of Law, in the law field; Dr Prasit Watanapa, dean of the Faculty of Medicine, Siriraj Hospital, in the health field; Ruenvadee Suwanmongkol, secretary-general of the Securities and Exchange Commission, in the field of finance; Methinee Thepmanee, former secretary-general of the Office of the Civil Service Commission, in the field of state information management; and Anusit Kunakorn, former secretary-general of the National Security Council, in the field of national interest protection.
Mr Pansak told the Bangkok Post the most important task is to ensure the full enforcement of the PDPA from June 1 after a two-year postponement.
However, some groups may need assistance to prepare or support them, while public awareness of the law needs to be increased, he said.
"The focus is to balance the enforcement of the PDPA between fairness and protection, while ensuring it will not discourage innovation or new business as data is the future and offers opportunity," said Mr Pansak.
The PDPA will be enforced against those abusing personal data, but will support those who handle personal data properly to facilitate their business, he said.
Dr Nawanan said a lot of data breaches were reported last year, including some force majeure cases, but the PDPA will beef up cybersecurity measures.
"The priority is to discuss enforcement of the law at the first committee meeting," he said.
The law must be clear for data controllers, data processors and data subjects so they are able to comply, said Dr Nawanan.
Subordinate regulations are another focus for the committee to consider, he said.
Dr Nawanan said other key tasks include the formation of a subcommittee handling complaints and the establishment of the Office of Personal Data Protection Committee, especially its budget and human resources to make sure the office can operate speedily.
"Citizens need to know their rights and have their personal data protected," he said.
"We expect the first PDPA committee meeting in early February," Wetang Phuangsup, deputy permanent secretary of Digital Economy and Society (DES) Ministry and secretary-general of the Office of Personal Data Protection Committee, told the Bangkok Post.
Mr Wetang said the temporary PDPA office received only 2 million baht for a budget for preparedness tasks the past two years.
The office plans to seek a budget of 20 million baht the next fiscal year, he said.
The PDPA, which has seven chapters and 96 sections, was published in the Royal Gazette in May 2019 with a one-year grace period for enforcement.
Full enforcement was postponed twice as the country dealt with the pandemic.
Once implemented, the PDPA is expected to change the landscape of personal data protection in Thailand.
The legislation mandates data controllers and processors who use personal data must receive consent from data owners and use it only for the expressed purposes.
The six people who sit on the committee in accordance with their existing positions are the permanent-secretary for DES, who also serves as a vice-chairperson of the committee; the permanent-secretary of the Prime Minister's Office; the secretary-general of the Council of State; the secretary-general of the Consumer Protection Board; the director-general of the Rights and Liberties Protection Department; and the attorney general.