Thailand’s cabinet has approved deferring full enforcement of the country’s Personal Data Protection Act (PDPA) to 31 May next year. It was due come into force next month.
Ministers took the decision in light of the difficult time the country faces with the coronavirus pandemic and because processes related to the act have yet to be settled.
A 16-member personal data protection committee has still to be appointed and already-drafted subsidiary legislation concerning consent procedures, receiving complaints and expert panels has to be approved by the committee.
Automotive and travel business operators have written to the government, asking it to postpone the act’s enforcement, while the Federation of Thai Industries (FTI) and Thai Chamber of Commerce argue the law would place an extra burden on the private sector.
FTI chairman Supant Mongkolsuthree said a violation of the PDPA carries a jail sentence, which is hasher than similar laws in other countries.
“As the government decided to postpone the enforcement of the act, it may also need to consider amending the law in terms of penalties by having only fines, in line with other countries,” he was quoted as saying by the Bangkok Post newspaper.
Penalties for breaching the act could result in civil liabilities with punitive damages, administrative fines of up to THB5m ($160,000, €134,000), and criminal penalties with up to one year in prison or a fine up to THB1m.
The postponement request was made by the minister of digital economy and society, Chaiwut Thanakhamanusorn, who had earlier flagged a possible delay.
A year ago the cabinet agreed to put off enforcement of most chapters of the PDPA by a year to give the public and private sectors time to prepare their internal processes and ease the financial burden they faced during the pandemic.
Register to receive the latest privacy and data protection news and analysis straight to your inbox