Page 49 - วารสารกฎหมายสิทธิมนุษยชน. ปีที่ 1 ฉบับที่ 1 (มกราคม - เมษายน 2563)
P. 49

ปที่ 1 ฉบับที่ 1 (มกราคม – เมษายน 2563)  47



                         Right to personal data which is not protected

                         under Personal Data Protection Act B.E. 2562:
                          The collection, use, disclose of personal data
                         according to laws relating to national security.


                                                    Associate Professor Kanathip Thongraweewong


                                                 Abstract
                    Personal data protection Act B.E. 2562 endorses right of data subject to control
             personal data by stipulating lawful basis for processing personal data which the consent
             is required in general case. However, this Act does not apply to the processing of personal
             data by competent authorities for the purposes of protection national security. This
             exception reflects the model of European Personal data protection law (GDPR). In addition,
             the right of data subject , according to Thai constitution , can be restricted by provision of
             laws. However, the quality of law or safeguard principles have to be applied to
             evaluate such law in order to make a balance between national security and human right.
             Thus, this article analyzed the safeguard principles from international human right laws
             and court cases and synthesized into criteria for applying to evaluate three laws relating
             to national security which is enacted in the same era of Personal Data Protection Act.
             B.E. 2562, i.e., National security council Act of B.E. 2558, National Intelligence Act of B.E.
             2562 and Cyber Security Act of B.E. 2562. The results of analysis indicate the tendency
             of inconsistent to several safeguard principles including principle of necessity and
             proportionality, principle of specificity in relation to measure, target and duration,
             principle of third-party protection. Hence, This article reflect that mere enactment of
             Personal Data Protection Act B.E.2562 which is modeled from GDPR is not enough for
             protect personal data’s right especially in the case of collection, use and disclose personal
             data by laws relating to national security, due to the fact that environment and
             human right protection system of Thai and Europe are basically different.




                     Keywords :


                    Personal data protection Act B.E. 2562, National security council Act of B.E. 2558,
             National Intelligence Act of B.E. 2562, Cyber Security Act of B.E. 2562, Personal data, Right
             of data subject
   44   45   46   47   48   49   50   51   52   53   54