Thailand’s parliament has passed a controversial cybersecurity law. The Cybersecurity Act, approved unanimously, raised protests from civil liberties advocates, internet companies and business groups, Reuters reports. Internet freedom activists have dubbed the new legislation as “cyber martial law”, as it encompasses all procedures from everyday encounters of slow internet connections to nationwide attacks on critical infrastructure.
In case a cybersecurity situation reaches a critical level, the new law allows the military-led National Security Council to override all procedures with its own law. The law also allows the National Cybersecurity Committee (NCSC) to summon individuals for questioning and enter private property without court orders in case of actual or anticipated “serious cyber threats”.
An additional Cybersecurity Regulating Committee will have powers to access computer data and networks, make copies of information, and seize computers or any devices. Court warrants are not required for those actions in “emergency cases”, and criminal penalties will be imposed for those who do not comply with orders.
Legislators also unanimously passed the Personal Data Protection Act, intended to imitate the European Union’s General Data Protection Regulation (GDPR). The legislation does not require international firms to store data locally. The data protection law, effective after a one-year transition period, will apply not only to companies located in Thailand, but also overseas companies which collect, use, or disclose personal data of subjects in Thailand, specifically for advertisements and “behavior monitoring”.
3/9/2019 9:40:55 AM