Has Thailand’s new cybersecurity law taken it too far?

Recently, a new cybersecurity law has gone into effect in Thailand, the ever-popular tourist destination. With many people criticising its vagueness, it’s unknown how things will turn out in the land of smiles. Let’s take a look at what’s inside.

The wording states that Thai government officials have the power to:

– Seize your computer

– Censor the internet

– Monitor internet use

Critics warn us that the new cybersecurity law could be used as a tool of repression, extending far beyond the political and freedom of speech issues. Under the pretence of national security concerns, the government could effectively crack down on dissidents.

Under the new law, the government will have unlimited access to data that’s either stored or just passing through the country. The Secretary-General of the National Cybersecurity Committee can, at any time, declare something to be a cybersecurity threat and enter the premises of any local company to seize their hardware in the process. Non-compliance could even result in jail time.

Similarly to the European GDPR, the new cybersecurity law has a section referred to as the Personal Data Protection Act that’s scheduled to be set in motion as of March 2020. Although companies operating in Thailand will not be required to store customer data locally, similar information handling guidelines apply.

As of right now, we can only speculate how things will end up looking in practice. One thing, however, is for sure –companies will need to adapt as necessary.