Computer & Cyber Crime

Computer and Cyber Crime

Nowadays, many countries give importance to human privacy and personal space. From a legal point of view, our Personal Data is considered vital to our existence therefore it should be protected by the law of the country of our residence. Thailand is one of the countries that have enacted a law related to Personal Data Protection. However, Computer and Cyber Crimes are still prevalent and in order to protect yourself from such crimes, you need to know your rights.

In this article, we will be discussing how the Personal Data Protection Act B.E. 2562 protects the people and residence of Thailand or computer and cyber crimes related to Thailand and how will such law be beneficial to the people.

The Personal Data Protection Act B.E. 2562 (2019) of Thailand

With reference to the Personal Data Protection Act B.E. 2562 (2019) (the “Act”) defines the meaning of personal data that any data related to an individual which enables either direct or indirect identification of the said individual. Furthermore, collecting, using, or disclosing personal data is prohibited unless it has given consent prior to or at the time of such collection, use, or disclosure.

A request for consent shall normally be explicitly made in a written statement, or via electronic methods. The Act further determines a person who has the power and duties to make decisions regarding the collection, use, or disclosure of personal data called the “Data Protection Officer”.

The Allowed Purposes for Personal Data Use

The Data Protection Officer has to inform the purpose of the collection, use, or disclosure of the personal data and such request shall;

  • Be presented which is clearly separate from the other matters,
  • Easily access and understand,
  • Simply clarify with understandable language and
  • Not deceptive or misleading to the data in respect to such purpose.

Additionally, after granting consent to someone or an entity, the owner of such data may withdraw his or her consent at any time. The withdrawal of consent shall be as easy as giving consent unless there is a restriction of the withdrawal of consent by law or the contract which gives benefits to the data owner.

An event whereby the Personal Data Protection Act is not applicable

Currently, there are 6 events that the Act is not applicable for;

  • The collection, use, or disclosure of personal data by a person who collects such personal data for the personal benefit or family activity of such person.
  • The operations of public authorities have the duty to maintain state security.
  • A person or a juristic person using or disclosing personal data collected only for the activities of mass media, fine arts, or literature, which are only in accordance with professional ethics or for the public interest.
  • The House of Representatives, the Senate, and the Parliament, including the committee appointed by the House of Representatives, the Senate, or the Parliament. 
  • The trial and adjudication of courts and work operations of officers in legal proceedings, legal execution, and deposit of property, including the criminal justice procedure. 
  • The operations of data are undertaken by a credit bureau company and its members.

Common Computer and Cyber Crimes in Thailand

Thailand is one of the countries where Computer and Cyber Crimes still occur and with little to no protection, the people and some business and private entities are left vulnerable and susceptible to such crimes since the execution of the act was delayed until 1 June 2022. Here are some of the crimes related to Computer and Cyber Crimes in Thailand:

  • Personal Information leaks are used as a tool for blackmailing such as private videos of ex-couples or partners.
  • Phishing, such as sending fake emails to get personal information.
  • Identity theft involves the misuse of your personal information.
  • Theft and sale of corporate data.
  • Hacking, or the shutting down or misusing of websites or computer networks.
  • Cyber extortion, or demanding money to prevent a  threatened attack.
  • Cyber espionage (where hackers access government or company data).


Even though the Thai government prolongs the execution of this Act to be on 1 June 2022, but any persons and juristic persons should prepare and try accessing the legal requirements under this Act because there are many clauses involved with civil and criminal liabilities. Any entities who wish to reckon and be advised on the data protection matter, we are pleased to serve your needs.