A new personal data law relating to privacy protection for individuals has been delayed by a year due to the impact of the coronavirus.
The law, called the Personal Data Protection Act, was passed last May and had provided a one year grace period for businesses to comply with how they collect and use individual data.
However, the Thai Government has allowed a further delay in implementing privacy protection for 22 types of businesses and agencies which now have until May 2021 to comply with the new law.
The list of exempt businesses was published in the Royal Gazette and includes tourism businesses, telecommunications businesses, technology, and banking businesses, among others.
The law had already exempted parliament and the senate, cybersecurity, and national security agencies, and credit card information companies from compliance with the law.
When the act is enforced, it will force businesses to display how they collect, use, and disclose personal data of users, customers, or registrants, specifically concerning behavior monitoring or advertising.
The law is designed to mimic the European Union’s General Data Protection Regulation with clauses about consent and rights of data in addition to data abuse.
Thailand’s Minister of Digital Economy and Society, Puttipong Punnakanta, explained the extended delay, saying:
“Many organizations are facing difficulties during the pandemic, so they cannot fully adapt to comply with the law yet. We also need more time to conduct stakeholder hearings to issue follow-up regulations, as that has been interrupted at this time.”
The delay has concerned some critics who believe that data protection is more important now more than ever as the government implements the “ThaiChana” app to track people’s movements while visiting businesses and locations.