Data privacy has become one of the topics that receive much attention nowadays in all sectors including the agriculture sector. Due to impacts of digitalisation which lead to the evolution of social media and the advanced use of big data, individuals become to have less control over their personal data and need to be empowered to acknowledge how, by whom and why their personal data is being used.
Currently, data protection laws are being enforced around the world with the purpose of empowering individuals’ control over their personal data. Thailand’s Personal Data Protection Act 2562 BE has been enacted to protect the security of the collected data which can be used to identify any individual. There will be rules and regulations for Data Controller and Data Processor. Therefore, organizations, government agencies or companies that handle personal data must prepare and revise their practices accordingly.
What is the Personal Data Protection Act 2562 BE (PDPA 2019)?
The Personal Data Protection Act 2562 BE (PDPA 2019) was announced in the Government Gazette on May 27, 2019. The original plan was to enforce this act on 27 May 2020. However, it was firstly postponed to June 1, 2021. Recently, the Cabinet has approved the issuance of a royal decree to extend the preparation period for another 1 year. Therefore, the full enforcement of this act will then begin on June 1, 2022. This Act is a collection of various Thai laws and regulations on data privacy in the past. This legislative process is supervised by the Office of the Personal Data Protection Commission, Ministry of Digital Economy and Society. This data privacy act defines rights to the owner of data and impose penalties for wrongdoings. Violators will be imprisoned for up to 1 year and/or fined a maximum of five million baht.
Exchange on Personal Data Protection
Thai-German Climate Program – Agriculture project recognises the importance of data protection. The Personal Data Protection Workshop was held online on December 22, 2021, to raise awareness of personal data protection for Thai rice researchers and officials of the Rice Department. Dr. Atthawit Watcharapongchai, Director of the Market Oriented Small Holder Value Chain (MSVC-TH) project was the guest speaker in this event. The discussion topics in his session included:
1) Interpretation of the Personal Data Protection Act 2562 BE (PDPA 2019)
2) How to deal with data privacy issues in interacting work with farmers and in collaboration with both public and private sectors, and
3) The rights and duties of data workers.
A total of 12 participants joining the session also learned how to distinguish personal data from non-personal data for example, farming practices and GHG emissions data, etc, and were informed about the principles of the Personal Data Protection Act 2562 B.E. (PDPA 2019) and data security practices, particularly personal data of farmers and other collaborating partners. This workshop aimed to enable proper and more concise data operation practices in the future.
Dr .Atthawit said, “in the cooperation, both partners and GIZ must consider and take care throughout the data handling process that are related to personal data and must be careful in both the way back and forth of data flow. GIZ currently adheres to both the Personal Data Protection Act 2562 BE (PDPA 2019) of Thailand and the General Data Protection Regulation (GDPR) of the European Union (EU). Many countries actively pay attention to personal data protection.
Like other sectors, many works of the agriculture sector are related to personal data, such as collection of farmers’ personal and cultivation data, processing data for agricultural research as well as establishing a farmer database. The participants learned in this workshop the principles and importance of personal data protection. The knowledge that they received from this exchange can be applied to their work to increase potentials in handling sensitive data in the future.