In light of the recent COVID-19 outbreak, Dr. Rachada Thanadirek, Deputy Spokeswoman for the Prime Minister's Office, recently announced that the Cabinet is to issue a Royal Decree postponing the enforcement of the Personal Data Protection Act (PDPA), which was initially supposed be effective on 27 May 2020, by another year. The Ministry of Digital Economy and Society proposed postponing the following parts of the PDPA:
- Chapter 2: Personal data protection
- Chapter 3: Rights of personal data owners
- Chapter 5: Complaints
- Chapter 6: Civil liability
- Chapter 7: Penal provisions
- Section 95
- Section 96
Parts of the PDPA that will not be postponed include Chapter 1: Personal Data Protection Committee, and Chapter 4: Office of the Personal Data Protection Board. This means that the nomination process of both the Chairman and qualified members of the Personal Data Protection Committee, along with the establishment of the Office of the Personal Data Protection Board will not be postponed.
The decision to postpone the enforcement of the PDPA is due to the fact that various agencies (government and private), and the public are not yet ready for enforcement and to mitigate the effects that may occur as a result.
Additionally, The Ministry of Digital Economy and Society announced that they are in the process of drafting secondary laws related to the protection of personal data. These laws include but are not limited to the following:
- Management of the Office of the Personal Data Protection Commission
- Collection, use or disclosure of personal information
- Sending or transferring personal information to foreign countries
- Rights of owners of personal data
- Duty to control personal information and personal data processors
- Complaints and administrative fines
DR. Ratchada revealed that many sectors are not ready for the enforcement of the PDPA, and if the effective date is not postponed, it would likely cause unintentional violations of the law and could be a channel to misrepresent or exploit the situation. COVID-19 is also a hindrance in the training of personnel with regards to the said law, and the postponement would allow many sectors to be better prepare for the enforcement. Although the postponement of the PDPA is not 100% confirmed, the Ministry of Digital Economy and Society will present the draft Royal Decree for the Cabinet to consider at the next agenda meeting, and the Cabinet will most likely approve the postponement.
*** Confirmed ***
The enforcement of the Personal Data Protection Act (PDPA) which was initially supposed to be effective on 27 May 2020 will be postponed by one year. The dates are confirmed and the new effective date of the majority of provisions in the PDPA will be 31 May 2021.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.