Computer & Cyber Crime

Computer and Cyber Crime: Overview

In an era where human privacy and personal space are increasingly valued, legal protections for personal data have become essential. Recognizing the importance of safeguarding personal information, Thailand has joined the ranks of countries enacting legislation to protect personal data. The Personal Data Protection Act B.E. 2562 stands as Thailand's commitment to ensuring the privacy of its residents and visitors against computer and cyber crimes.

This article aims to explore the provisions of the Personal Data Protection Act B.E. 2562, detailing how it shields individuals in Thailand from computer and cyber-related offenses. We will examine the rights granted by this law and its benefits to the people, providing a comprehensive understanding of its role in the digital age.

Understanding one's rights under this law is crucial for personal protection against the evolving landscape of cyber threats.

The Personal Data Protection Act B.E. 2562 (2019) of Thailand

The Personal Data Protection Act B.E. 2562 (2019), commonly referred to as the “PDPA” delineates personal data as any information related to an individual that allows for the direct or indirect identification of that person. In alignment with the PDPA, the collection, use, or disclosure of personal data is stringently regulated. Specifically, obtaining explicit consent from individuals is a prerequisite before any personal data collection, utilization, or disclosure can occur. Such consent must typically be acquired through a clear, written statement or via electronic means for validity.

Furthermore, the PDPA designates a pivotal role known as the “Data Protection Officer.” This individual is entrusted with significant responsibilities and the authority to make critical decisions concerning the collection, use, and disclosure of personal data. This framework is designed to safeguard individuals' privacy rights while ensuring that entities managing personal data adhere to strict guidelines, underscoring Thailand’s commitment to protecting personal information in the digital era.

The Allowed Purposes for Personal Data Use

The Data Protection Officer has to inform the purpose of the collection, use, or disclosure of the personal data and such request shall;

  • Be presented clearly and specifically
  • Easily accessible and understandable
  • Clearly written
  • Not deceptive or misleading

Additionally, after granting consent to someone or an entity, the owner of such data may withdraw his or her consent at any time. The withdrawal of consent shall be as easy as giving consent unless there is a restriction of the withdrawal of consent by law or the contract which gives benefits to the data owner.

When the PDPA is not applicable

Currently, there are 6 circumstances for which the PDPA is not applicable:

  • The collection, use, or disclosure of personal data by a person who collects such personal data for the personal benefit or family activity of such person.
  • The operations of public authorities have the duty to maintain state security.
  • A person or a juristic person using or disclosing personal data collected only for the activities of mass media, fine arts, or literature, which are only in accordance with professional ethics or for the public interest.
  • The House of Representatives, the Senate, and the Parliament, including the committee appointed by the House of Representatives, the Senate, or the Parliament. 
  • The trial and adjudication of courts and work operations of officers in legal proceedings, legal execution, and deposit of property, including the criminal justice procedure. 
  • The operations of data are undertaken by a credit bureau company and its members.
  • Theft and sale of corporate data.


At Juslaws & Consult, we possess a wealth of experience and expertise in navigating the complexities of data protection laws. We are eager to leverage our knowledge to assist you in understanding and fulfilling the requirements of the PDPA. Whether you're seeking to assess your current data protection practices or need comprehensive advice on compliance strategies, our team is ready to provide tailored support. Let us help you navigate the intricacies of the Personal Data Protection Act, ensuring your operations are not only compliant but also fortified against potential liabilities.