You are using an outdated browser and your browsing experience will not be optimal. Please update to the latest version of Microsoft Edge, Google Chrome or Mozilla Firefox. Install Microsoft Edge

October 2, 2023

Thailand Issues New Regulation on Personal Data Protection for Telecom Users

Subscribe to Updates

Thailand’s National Broadcasting and Telecommunications Commission (NBTC) has issued the Notification of the NBTC Re: Measures to Protect Telecommunications Service Users’ Rights Regarding Personal Data, Privacy Rights, and Freedom of Telecommunications to replace the previous 2006 notification of the same name. The replacement notification supports compliance with the Personal Data Protection Act B.E. 2562 (2019) (PDPA), modernizes the regulations in response to technological change and the convergence of digital business, and enhances the protection of telecommunications users’ personal data, privacy rights, and freedoms.

Key aspects of the replacement notification are highlighted below.

User Data and Consent

The notification specifies that “user’s personal data” includes name, address, ID number, mobile number, usage information, and user behavior that can identify the user. “User” does not include resellers of telecommunications services.

To collect, use, or disclose users’ personal data for a purpose other than telecommunications service, service providers must obtain each user’s consent prior to or at the time of collecting the data. The consent (whether written or electronic) must be separate from the telecommunications service agreement. Service providers must clarify the purpose of collecting data, and they must honor users’ rights to opt in and opt out by providing clear and convenient channels for users to withdraw any of their information or cancel any services offered by the operator.

Service providers must add an electronic channel for receiving requests from users to review, access, edit, change, or obtain a copy of their data. The electronic channel must also allow requests from users to suspend use or disclosure of their personal data and withdraw consent to collect, use, or disclose their personal data. In addition, service providers must have a system for verifying the identity of users who want to exercise the rights listed in this paragraph.

Data Collection and Storage

Collection of a user’s personal data is limited to necessary and lawful purposes. Service providers must also provide the user with a channel to update their personal data. While under contract to provide a user with telecommunications service, the service provider must keep the user’s personal data for 90 days. If the user makes any complaint regarding the service, the service provider must keep the relevant user’s data until the complaint is resolved, but not exceeding two years.

Collection of sensitive personal data (e.g., data on race or religion, criminal record, health data, disability data, biometric data) is prohibited without explicit consent from the user, unless it is to provide telecommunications service to benefit a disabled person.

Data Security and Device Access

Service providers must have security measures for the unauthorized or unlawful loss, accessing, use, alteration, correction, or disclosure of users’ personal data. These measures must be reviewed when necessary or when technology has changed. Service providers must notify the NBTC within 72 hours of becoming aware of a breach of any user’s personal data and within 24 hours if the breach is likely to result in a high risk to the rights and freedoms of the affected user.

Policy Formulation

Telecommunications operators are encouraged to establish a policy aligned with the NBTC notification and the PDPA. The policy should be transparent and available in Thai and other relevant languages, and it must be presented to the NBTC for approval.

For more information on the NBTC notification, or on any aspect of telecommunications activities in Thailand, please contact Charuwan Charoonchitsathian at [email protected], Napassorn Lertussavavivat at [email protected], or Nitcharat Siraprapasiri at [email protected].

Related Professionals

Industries

Technology

Location

RELATED INSIGHTS​

July 24, 2024

Practical Law: Intellectual Property Transactions in Vietnam 2024

Experts from Tilleke & Gibbins’ intellectual property team have contributed an updated Intellectual Property Transactions in Vietnam to Thomson Reuters Practical Law, a high-level comparative overview of  laws and regulations across multiple jurisdictions. Intellectual Property Transactions focuses on business-related aspects of intellectual property, such as the value of intellectual assets in M&A transactions, and the licensing of IP portfolios. Key topics covered in the chapter include: IP assignment: Basis and formalities for assignments of patents, utility models, trademarks, copyright, design rights, trade secrets, confidential information, and domain names. IP licensing: Scope and formalities for licensing patents, utility models, trademarks, copyright, design rights, and trade secrets. Research and development collaborations. IP audits. IP aspects of M&A: Due diligence, warranties/indemnities, and transfer of IPRs. Employee and consultant agreements. Practical Law, a legal reference resource from Thomson Reuters, publishes a range of guides for hundreds of jurisdictions and practice areas. The Intellectual Property Transactions Global Guide is a valuable resource for legal practitioners, covering numerous jurisdictions worldwide. To view the latest version of the Intellectual Property Transactions in Vietnam overview, please visit the Practical Law website and enroll in the free Practical Law trial to gain full access.
Read More
July 24, 2024

Practical Law: Intellectual Property Transactions in Thailand 2024

Intellectual property specialists from Tilleke & Gibbins in Thailand have contributed an updated Intellectual Property Transactions in Thailand overview for Thomson Reuters Practical Law, an online publication that provides comprehensive legal guides for jurisdictions worldwide. The Thailand overview was authored by Darani Vachanavuttivong, managing partner of Tilleke & Gibbins and managing director of the firm’s regional IP practice; Titikaan Ungbhakorn, senior associate and patent agent; and San Chaithiraphant, senior associate. The chapter delivers a high-level examination of critical aspects of IP law, including IP assignment and licensing, research and development collaborations, IP in mergers and acquisitions (M&A), securing loans with intellectual property rights, settlement agreements, employee-related IP issues, competition law, taxation, and non-tariff trade barriers. Key topics covered in the chapter include: IP assignment: Basis and formalities for assignments of patents, utility models, trademarks, copyright, design rights, trade secrets, confidential information, and domain names. IP licensing: Scope and formalities for licensing patents, utility models, trademarks, copyright, design rights, and trade secrets. Research and development collaborations: Management of improvements, derivatives, and joint ownership of IP. IP aspects of M&A: Due diligence and critical considerations during mergers and acquisitions. Practical Law, a legal reference resource from Thomson Reuters, publishes a range of guides for hundreds of jurisdictions and practice areas. The Intellectual Property Transactions Global Guide is a valuable resource for legal practitioners, covering numerous jurisdictions worldwide. To view the latest version of the Intellectual Property Transactions in Thailand overview, please visit the Practical Law website and enroll in the free Practical Law trial to gain full access.
Read More
July 24, 2024

Acted for Nordic Transport Group in its Acquisition of Freightzen Logistics

Acted as lead counsel for Nordic Transport Group A/S (NTG), an international freight forwarding company based in Denmark, in its acquisition of a stake in Asia-based Freightzen Logistics Ltd., Inc. through a newly established subsidiary, NTG APAC Holding Pte. Ltd.
Read More
July 23, 2024

Tilleke & Gibbins Lawyers Recognized in Who’s Who Legal Southeast Asia Guide 2024

In the Who’s Who Legal (WWL) Southeast Asia guide for 2024, a total of 12 Tilleke & Gibbins lawyers have been distinguished as market leaders in various legal practice areas. The firm’s 12 recognized lawyers, singled out for their commitment to delivering exceptional legal services to Tilleke & Gibbins’ clients, are grouped into seven practice areas: Asset Recovery: Thawat Damsa-ard Data: Alan Adcock, Athistha (Nop) Chitranukroh Franchise: Alan Adcock, Jay Cohen Intellectual Property: Alan Adcock (Patents, Trademarks), Darani Vachanavuttivong (Patents, Trademarks), Kasama Sriwatanakul (Trademarks), Linh Thi Mai Nguyen (Trademarks), Somboon Earterasarun (Trademarks), Wongrat Ratanaprayul (Patents) Investigations: John Frangos and Thawat Damsa-ard Labor, Employment, and Benefits: Pimvimol (June) Vipamaneerut Life Sciences: Alan Adcock, Loc Xuan Le The annual WWL Southeast Asia rankings guide, published by the London-based group Law Business Research, aims to identify the foremost legal practitioners across a range of business law practice areas. The rankings are largely based on feedback and nominations received from other WWL-ranked and nominated attorneys around the world. These peer-driven recognitions highlight Tilleke & Gibbins’ dedication to maintaining the highest standards of legal service and helping clients achieve success. To read more about the WWL Southeast Asia guide, or to browse the full results, please visit the WWL website.
Read More
Load More

Contact

We have seven offices in six countries
across Southeast Asia.

Contact Us

Careers

We are always seeking great people to grow
our amazing team.

Join Us

Networks

© 2023 Tilleke & Gibbins International Ltd. All rights reserved.

© 2020 Tilleke & Gibbins International Ltd. All rights reserved.

Privacy Policy

| Legal Notice