You are using an outdated browser and your browsing experience will not be optimal. Please update to the latest version of Microsoft Edge, Google Chrome or Mozilla Firefox. Install Microsoft Edge

October 7, 2022

Thailand Opens Public Hearing Period on Measures for Cross-Border Transfer of Personal Data

Subscribe to Updates

Thailand’s Office of the Personal Data Protection Committee (PDPC) has opened a public hearing period on its draft notification regarding cross-border transfer of personal data. The public hearing is open through October 24. The notification, once issued, will supplement the principle of cross-border transfer of personal data outside of Thailand set out in the Personal Data Protection Act (PDPA).

The notification sets out the following key matters:

Definitions

  • “Transfer of personal data” means any sending or transferring of personal data by a transferor of personal data, either by way of a physical transfer or a remote transfer through a computer system or an internet network to the recipient of the personal data. It does not include sending personal data through an intermediary by transiting between computer systems or internet networks, or any storing or retaining of personal data, either permanently or temporarily, by a cloud computing service provider, whereby the personal data transferor and the personal data recipient (1) are not making the order, (2) are not involved with any data selection or the content of the personal data sent and received through the computer systems or internet networks, or (3) have the purpose of entering into an agreement or any juristic act.
  • “Binding corporate rules” means the agreed terms or policy on personal data protection made between the personal data transferor and the personal data recipient to establish appropriate measures for safeguarding personal data within a group of corporations or companies.
  • “Standard contractual clauses” means the contractual terms made between the personal data transferor and the personal data recipient to establish appropriate measures for safeguarding personal data.
  • “Code of conduct” means a code that sets out the obligations of a personal data transferor and a personal data recipient outside of Thailand.
  • “Certification” means an undertaking in relation to safeguarding personal data, in order to establish appropriate personal data safeguarding measures.

Binding Corporate Rules

For cross-border transfers within a group of corporations or companies, binding corporate rules (BCRs) can be established and submitted to the PDPC for approval. The BCRs must adhere to the following minimum standards:

  • The effectiveness and legally binding nature of the BCRs apply to each company or entity within the group, including the data recipient, data processor, and data transferor, and the members belonging to the group, as well as their employees, staff, or persons related to the transfer or receipt of personal data within the group.
  • The BCRs must comply with Thai laws on personal data protection.
  • The BCRs must contain certification of data subject rights under the PDPA and sub-regulations.
  • The BCRs must contain measures on personal data protection in relation to personnel, processes, and security measures in accordance with the required technology standards for personal data protection.

Appropriate Safeguards

In accordance with section 29, paragraph 3, of the PDPA, a personal data transferor may transfer personal data to a recipient outside of Thailand when procuring appropriate safeguard measures by way of “standard contractual clauses,” “code of conduct,” or “certification.” Such appropriate safeguards must at least ensure the enforceability of the data subject’s rights and effective legal remedial actions, as provided in the annexes of the notification.

The appropriate safeguards must at least have the following:

  • Effectiveness and legal enforceability.
  • Compliance with Thai laws on personal data protection.
  • Certification of data subject rights under the PDPA and sub-regulations.
  • Measures on personal data protection in relation to personnel, process, and security measures in accordance with the required technology standards for personal data protection.

The standard contractual clauses must be filed with the PDPC. The appropriate safeguard measures must be enforceable under Thai law, and they must provide data subject rights under Thai law. Such rights must also be enforceable and provide remedial rights for data subjects as stipulated under Thai law.

The notification also sets out standard contractual clauses for controller-to-controller and controller-to-processor international transfers. The clauses primarily stipulate the obligations of the transferor and the recipient, recognize the enforceability of the PDPA provisions on personal data protection, and ensure the ability of data subjects to exercise their rights (in the form of third-party rights).

For more information from Tilleke & Gibbins’ data privacy team regarding the draft notification, or any aspect of compliance with PDPA requirements, please contact Athistha (Nop) Chitranukroh at [email protected], Nopparat Lalitkomon at [email protected], Gvavalin Mahakunkitchareon at [email protected], or Thammapas Chanpanich at [email protected].

Related Professionals

Industries

Technology

Location

RELATED INSIGHTS​

July 24, 2024

Practical Law: Intellectual Property Transactions in Vietnam 2024

Experts from Tilleke & Gibbins’ intellectual property team have contributed an updated Intellectual Property Transactions in Vietnam to Thomson Reuters Practical Law, a high-level comparative overview of  laws and regulations across multiple jurisdictions. Intellectual Property Transactions focuses on business-related aspects of intellectual property, such as the value of intellectual assets in M&A transactions, and the licensing of IP portfolios. Key topics covered in the chapter include: IP assignment: Basis and formalities for assignments of patents, utility models, trademarks, copyright, design rights, trade secrets, confidential information, and domain names. IP licensing: Scope and formalities for licensing patents, utility models, trademarks, copyright, design rights, and trade secrets. Research and development collaborations. IP audits. IP aspects of M&A: Due diligence, warranties/indemnities, and transfer of IPRs. Employee and consultant agreements. Practical Law, a legal reference resource from Thomson Reuters, publishes a range of guides for hundreds of jurisdictions and practice areas. The Intellectual Property Transactions Global Guide is a valuable resource for legal practitioners, covering numerous jurisdictions worldwide. To view the latest version of the Intellectual Property Transactions in Vietnam overview, please visit the Practical Law website and enroll in the free Practical Law trial to gain full access.
Read More
July 24, 2024

Practical Law: Intellectual Property Transactions in Thailand 2024

Intellectual property specialists from Tilleke & Gibbins in Thailand have contributed an updated Intellectual Property Transactions in Thailand overview for Thomson Reuters Practical Law, an online publication that provides comprehensive legal guides for jurisdictions worldwide. The Thailand overview was authored by Darani Vachanavuttivong, managing partner of Tilleke & Gibbins and managing director of the firm’s regional IP practice; Titikaan Ungbhakorn, senior associate and patent agent; and San Chaithiraphant, senior associate. The chapter delivers a high-level examination of critical aspects of IP law, including IP assignment and licensing, research and development collaborations, IP in mergers and acquisitions (M&A), securing loans with intellectual property rights, settlement agreements, employee-related IP issues, competition law, taxation, and non-tariff trade barriers. Key topics covered in the chapter include: IP assignment: Basis and formalities for assignments of patents, utility models, trademarks, copyright, design rights, trade secrets, confidential information, and domain names. IP licensing: Scope and formalities for licensing patents, utility models, trademarks, copyright, design rights, and trade secrets. Research and development collaborations: Management of improvements, derivatives, and joint ownership of IP. IP aspects of M&A: Due diligence and critical considerations during mergers and acquisitions. Practical Law, a legal reference resource from Thomson Reuters, publishes a range of guides for hundreds of jurisdictions and practice areas. The Intellectual Property Transactions Global Guide is a valuable resource for legal practitioners, covering numerous jurisdictions worldwide. To view the latest version of the Intellectual Property Transactions in Thailand overview, please visit the Practical Law website and enroll in the free Practical Law trial to gain full access.
Read More
July 24, 2024

Acted for Nordic Transport Group in its Acquisition of Freightzen Logistics

Acted as lead counsel for Nordic Transport Group A/S (NTG), an international freight forwarding company based in Denmark, in its acquisition of a stake in Asia-based Freightzen Logistics Ltd., Inc. through a newly established subsidiary, NTG APAC Holding Pte. Ltd.
Read More
July 23, 2024

Tilleke & Gibbins Lawyers Recognized in Who’s Who Legal Southeast Asia Guide 2024

In the Who’s Who Legal (WWL) Southeast Asia guide for 2024, a total of 12 Tilleke & Gibbins lawyers have been distinguished as market leaders in various legal practice areas. The firm’s 12 recognized lawyers, singled out for their commitment to delivering exceptional legal services to Tilleke & Gibbins’ clients, are grouped into seven practice areas: Asset Recovery: Thawat Damsa-ard Data: Alan Adcock, Athistha (Nop) Chitranukroh Franchise: Alan Adcock, Jay Cohen Intellectual Property: Alan Adcock (Patents, Trademarks), Darani Vachanavuttivong (Patents, Trademarks), Kasama Sriwatanakul (Trademarks), Linh Thi Mai Nguyen (Trademarks), Somboon Earterasarun (Trademarks), Wongrat Ratanaprayul (Patents) Investigations: John Frangos and Thawat Damsa-ard Labor, Employment, and Benefits: Pimvimol (June) Vipamaneerut Life Sciences: Alan Adcock, Loc Xuan Le The annual WWL Southeast Asia rankings guide, published by the London-based group Law Business Research, aims to identify the foremost legal practitioners across a range of business law practice areas. The rankings are largely based on feedback and nominations received from other WWL-ranked and nominated attorneys around the world. These peer-driven recognitions highlight Tilleke & Gibbins’ dedication to maintaining the highest standards of legal service and helping clients achieve success. To read more about the WWL Southeast Asia guide, or to browse the full results, please visit the WWL website.
Read More
Load More

Contact

We have seven offices in six countries
across Southeast Asia.

Contact Us

Careers

We are always seeking great people to grow
our amazing team.

Join Us

Networks

© 2023 Tilleke & Gibbins International Ltd. All rights reserved.

© 2020 Tilleke & Gibbins International Ltd. All rights reserved.

Privacy Policy

| Legal Notice