On 12th December 2023, the Personal Data Protection Committee (PDPC) issued the Notification on Criteria for Protecting Personal Data Sent or Transferred Abroad under Section 28 of the Personal Data Protection Act B.E. 2562. This notification was published in the Royal Gazette on 25th December 2023 and it will become effective on and from 24th March 2024. It sets out implementation rules on personal data cross-border transfers (PDCBT) from Thailand to recipients or organizations in countries which do not have adequate personal data protection standards. We summarized its key provisions below.
Recipients
A PDCBT is allowed if the recipient country or recipient organization abroad has in place adequate personal data protection standards (PDPS).
Exceptions
For the recipient in a country which does not have adequate PDPS, a PDCBT can be made to such recipient only under the following exceptions: legal compliance, explicit consent from the data subjects upon having been informed that the recipient country/organization does not have inadequate PDPS, the necessity for performance of contractual obligations, the benefits of the data subjects, the emergency related to a life, body, or health situation, and the mission for public benefits.
Decision on Adequacy of PDPS
Each request for the PDPC to decide on adequacy of PDPS must be accompanied by a report on the PDPS of the destination recipient prepared by the OPDPC based on its own resources or data sourced from other agencies.
The PDPC decides whether or not a recipient country / organization has adequate PDPS based on the legal measures, the compliance with the data protection law of Thailand, and the presence of competent data protection government agencies of the recipient country / organization upon a request, on a case-by-case basis, filed by the Office of the Personal Data Protection Commission (OPDPC) or a data controller (DC).
The PDPC may also create a list of countries and organizations which are deemed to have in place adequate PDPS.
To see the archive of our past newsletters and articles please click here.
AUTHOR
Senior Partner | bangkok
Partner | bangkok
The information provided in this document is general in nature and may not apply to any specific situation. Specific advice should be sought before taking any action based on the information provided. Under no circumstances shall LawPlus Ltd. and LawPlus Myanmar Ltd. or any of their directors, partners and lawyers be liable for any direct or indirect, incidental or consequential loss or damage that results from the use of or the reliance upon the information contained in this document. Copyright © 2016 to 2020 LawPlus Ltd.
