Our privacy attorneys handle regulatory compliance and privacy issues for a multitude of clients both in Thailand and doing business in Thailand from overseas. We also advise on data privacy, and Cyber-security compliance matters.
Data privacy is a legal framework on how to obtain, use, and store data of natural persons. The Data Privacy Law in Thailand is still evolving but relies heavily on Europe’s GDPR and Fair Information Practice Principles (FIPP).
Regarding data privacy and cybersecurity law, our attorneys are often called upon to write for publications such as Mondaq and Onetrust Data guidance.
Samples of our work in this field are as follows:
- Advised NYSE, S&P 100 NYSE 100 Component financial services corporation on Thai sensitive data law with regard to biometric security applications to credit card transactions.
- Advised NASDAQ 100 Component company on Thai cyber security law with regard to data centers and legal means to achieve exemptions to certain applications of law.
- Drafted comprehensive comparison of Thai PDPA v. GDPR for Onetrust Data guidance.
- Advised global industrial company based in Europe, listed on the SIX and Euronext, on implementing internal policies at industrial plants in Indonesia, Malaysia, Philippines, Vietnam, Thailand, Bangladesh, and Sri Lanka regarding compliance with EU Directives on data protection. Advice had to be tailored to each individual South and Southeast Asian nation mentioned.
- Advised a multi-national conglomerate end-user, listed on the SIX and Euronext, on its agreements with a major search engine service provider regarding its obligations under EU Directives and Safe Harbor Rules in controlling data and data privacy terms as established by said search engine service provider.
- Provided advice to a multinational law firm based in London to advise on Thai regulations governing healthcare companies in utilizing cloud services, especially with respect to patient data.
- Advised online gaming company, listed on the Hang Seng, regarding Thai law addressing data retention, OTT applications, cross-border data transfer, consent, and privacy policy.
- Advised online gaming company, listed on the Hang Seng, on regulatory compliance to collect, process, store, and transfer data for underage users.
- Advised fintech receivables and treasury software SaaS leveraging AI-based systems specifically on Thai law regarding financial services and data protection law in connection with an integrated receivables platform. The client’s customers are mostly banks with operations in Thailand. We were tasked to advise the client regarding Thai law compliance to data protection, data collection, international transfer of data, and data security.
- Provided multinational law firm based in New York City with a comprehensive review of Thailand data protection law and pending legislation. Further, we reviewed and advised on a data privacy policy of a multi-national financial institution as part of our instructions.
- Advised a NASDAQ 100 Component multinational technology company on Thai law governing geo-hosting. Issues covered included global criminal compliance such as encryption, access, non-legal processes, blocking statutes, as well as media/content regulations and liability, data privacy, data security, telecoms, and data location requirements.
- Advised an Internet-based insurance broker (operating throughout the Asia-Pacific) regarding legal and data privacy notifications posted on its online platforms given end users are inputting personal data on such platforms.
- Advised a multi-national law firm on various laws regarding data encryption, blocking statutes, content regulation, data privacy, data security, and data location requirements for multi-national data center services provider.
- Advised a multi-national law firm on Thai privacy laws for an online whistleblowing website that allows for anonymous disclosures of corporate wrongdoing. Advice included provisions of Thailand’s Computer Crimes Act.
