WorldLII [Home] [Databases] [WorldLII] [Search] [Feedback]

EPIC --- Privacy and Human Rights Report

You are here:  WorldLII >> Databases >> EPIC --- Privacy and Human Rights Report >> 2006 >>

[Database Search] [Name Search] [Recent Documents] [Noteup] [Help]

EPIC --- Privacy and Human Rights Report 2006

Title Page Previous Next Contents | Country Reports >Kingdom of Thailand

Kingdom of Thailand

Constitutional Privacy Framework

In 1997 Thailand enacted a new constitution.[5128] Among the rights conferred upon citizens are rights of privacy and rights to government information, but both of those rights may be qualified in the interest of society. The relevant parts are:

Section 34. A person's family rights, dignity, reputation or the right of privacy shall be protected.

The assertion or circulation of a statement or picture in any manner whatsoever to the public, which violates or affects a person's family rights, dignity, reputation or the right of privacy, shall not be made except for the case which is beneficial to the public.

Section 37. A person shall enjoy the liberty of communication by lawful means.

The censorship, detention, or disclosure of communication between persons, including any other act disclosing a statement in the communication between persons, shall not be made except by virtue of the provisions of the law specifically enacted for security of the State or maintaining public order or good morals.

Section 58. A person shall have the right to get access to public information held by a State agency, State enterprise or local government organization, unless the disclosure of such information shall affect the security of the State, public safety or interests of other persons which shall be protected as provided by law.[5129]

Data Protection Framework and Freedom of Information

Thailand's Official Information Act (OIA),[5130] passed one month before approval of the 1997 Constitution, provides citizens with substantial rights to government information. The OIA creates two main types of rights: rights of access to government records and rights to control government-held personal information. It establishes an administrative board, the Official Information Council (OIC),[5131] and a judicial division known as Information Disclosure Tribunals (IDTs)[5132] to implement and enforce the OIA.

Chapters 1 and 2 of the OIA create a duty upon the government to disclose information, limited by several exceptions.[5133] Those exceptions permitting nondisclosure include threats to national security or harm to individuals, hindrance of law enforcement, and confidentiality of medical records and other personal information.[5134]

Chapter 3 limits the government's use of personal data and confers a right upon citizens to retrieve and correct that data.[5135] A state agency may only retain personal information "insofar as it is . . . necessary" for the agency's purposes and must discard it immediately thereafter,[5136] and agencies generally may not exchange data with other agencies or third parties unless personally identifiable information is stripped from the data.[5137] Agencies must also publish the types of information they retain and the ways in which that information is used,[5138] and they must give individuals a right to see their own records and correct them.[5139]

While the OIA protects personal data vis à vis the government, the law makes no such restrictions on private parties. Currently in development within several government agencies is a data privacy act that would regulate private use of information.[5140] The proposed data privacy act is intended to be comprehensive and strongly protective of rights.[5141] The drafts were described as "the basis for the fundamental right to personal data protection," and they would potentially even prohibit transfer of data overseas (a provision that worries some businesses).[5142]

As of January 2007, Thailand had not passed a data privacy act.[5143] Lawmakers have proposed the Personal Data Protection Act (PDPA), which will regulate the collection, retention, and flow of personal data, providing specific statutory provisions protecting the right to privacy.[5144] “Personal data” under the PDPA means “any fact relating to a person, from which that person can be identified directly or indirectly.”[5145] The proposed act also provides that the holder of personal data is forbidden from using or disclosing the personal data to third parties without consent.[5146] The PDPA would also create a Personal Data Protection Board, which would deal with complaints made by injured parties, decide disputes between parties and prosecute offenders.[5147] In 2006, the PDPA was under consideration by the Information and Communication Technology ministry, and is scheduled to be re-evaluated for further legislative consideration.[5148]

Wiretapping and Surveillance

Despite the constitutional and statutory protections of communications privacy,[5149] and perhaps because of the constitutional exception for law enforcement,[5150] wiretapping is prevalent throughout Thailand. In January 2004, partly in response to the terrorist situation, the Special Case Investigation Act was adopted to increase police powers for certain "special cases," such as terrorism or organized crime.[5151] Among those increased powers are permissions to search persons, houses, or vehicles when there is "reasonable ground" for suspecting a special case;[5152] to retrieve financial and other records;[5153] and to retrieve telephone and electronic communications (but only with a judicial warrant).[5154]

In December 2004, the deputy police commissioner asked the government to enact a law permitting warrantless, judicially unsupervised wiretaps and searches.[5155] Reaction was swift: within one day, opposition condemned the government's attempt to override civil liberties and human rights.[5156] Only two days after the proposal was reported, Deputy Prime Minister Visanu Krue-ngarm rejected the proposal, primarily on the grounds that the current laws gave the police sufficient power to investigate suspected terrorists.[5157] In July 2006, police again pushed forward an eavesdropping bill, citing the need to defuse southern unrest.[5158] Under the draft bill, police and investigating officials can tap a phone and any other communication channel, with the court’s approval, to solve a criminal case.[5159] Opponents of the bill noted that it was too wide and vaguely defined, and that it could be used as a political tool.[5160]

Wiretapping has also been used in Thailand to thwart organized crime. The Money Laundering Control Act creates a police power to "have access to . . . communicated data or computer data" when there is "reasonable ground" to suspect money laundering.[5161] The government has used this wiretapping power to thwart organized crime and promote the war on drugs.[5162] Telephone bugging is apparently so prevalent that phone operators have complained about excessive government demands for wiretaps.[5163]

The Thai police have exercised surveillance powers in other forms as well. One Internet Service Provider (ISP), who reportedly worked closely with the Thai police's new cybercrime division, suggested that anonymity of users on the Internet is the major stumbling block in the investigation of Internet crimes.[5164] Police now are working with ISPs to track Internet users and the websites they visit.[5165] The National Legislative Assembly enacted the Cyber Crime bill on May 9, 2007, which defines 12 Internet crimes with punishments ranging from six months in jail to 20 years in jail.[5166] The new law also defines the authority of state officials and the legal responsibility of Internet service providers (ISPs).[5167] The law requires certain ISPs to keep logs of up to 90 days with a minimum of IP address and header information, so that pages visited can be identified.[5168] The law has received criticism from both ISPs and privacy groups.[5169] C.J. Hinke, a professor and founder of Freedom Against Censorship Thailand, said the law makes ISPs complicit in the elimination of privacy and for censorship because ISPs are now legally responsible for information transmitted over their servers.[5170] The law will come into force after receiving the King’s endorsement.[5171]

Political wiretapping is no less common. The Thai Rak Thai party has been accused by politicians and human rights activists of wiretapping political opponents.[5172] In a well-publicized demonstration, the Democratic party installed a satellite communications system with "anti-phone bugging equipment to keep [the party's] poll secrets from being tapped into."[5173] And in a controversial incident in June 2004, several reporters discovered a microphone in the Ministry of Information and Communications Technology (ICT) press room.[5174] ICT first claimed that the microphones were used for testing the sound system[5175] and then claimed it was part of a crude communications system.[5176] Journalists were up in arms, outraged at the violation of their journalistic confidentiality.[5177]

The Mobile Phone Card Controversy

For many years, mobile phone service in Thailand was sold anonymously, through the use of pre-paid SIM cards that consumers could purchase in stores.[5178] However, the recent terrorism has led government officials to retract that anonymity, creating new avenues for potential abuse of mobile phone customer data and a loss of privacy in that marketplace.

Many of the terrorist acts in the South have involved homemade bombs set off by mobile phones modified to trigger the explosions.[5179] This led government officials to propose requiring SIM card purchasers to show identification. The first report that such an idea was being considered was on April 5, 2005.[5180] Only 13 days later, with almost no intervening debate in the media, the major telecommunications organizations and agencies such as ICT held a meeting, the result of which was a sudden announcement that SIM card purchasers would need to present identification.[5181] The plan was passed by agreement among the parties; no legislation was involved.[5182] Several individuals have expressed their support for this program as a step forward in preventing terrorist acts,[5183] and a poll taken contemporaneous to the agreement found that the people generally supported it.[5184]

However, substantial criticism of the proposed plan has come from all sides. ICT Minister Suvit Khunkitti worried that mere identification of SIM card buyers wouldn't stop terrorists who could use "several communications tools. . . to set off explosions."[5185] Others noted that fake ID cards could easily be used,[5186] or SIM cards could be illegally bought or brought from neighboring countries,[5187] so the plan would ultimately fail. Several decried the invasion of privacy inherent in the plan,[5188] some going so far as to suggest that ICT had "ulterior motives" to misuse the personal information.[5189]

National ID Cards

Thailand has assigned national ID cards for a number of years.[5190] Recently, the national government decided to replace the ID cards with new smart cards.[5191] They plan to distribute 64 million cards at a cost of THB 7.8 billion (~USD 191 million) between 2005 and 2009.[5192] Additionally, unlike the current cards that are issued to individuals 15 years or older, new cards would be mandatory from birth.[5193] The cards will be capable of storing substantial amounts of personal data, including the cardholder's name, address, age, religion, medical information, biometric data, familial status, and even financial information.[5194] The Consular Affairs Department initiated an electronic passport that became available to all citizens in August 2005.[5195] The new passports are embedded with a microchip that contains biometric information including fingerprints and facial data about the passport holder that will be authenticated at points of entry into the country.[5196]

Three factors seem to be driving this move to smart ID cards. First, a major goal of the Thai government is to put the nation at the forefront of technology. Radio Frequency Identification (RFID) and smart card technology are used frequently in Thailand, with applications ranging from tracking voting machines[5197] to storing cars in automated parking garages.[5198] Second, Thailand has engaged in a major electronic government undertaking; smart ID cards would provide the keys of access for citizens to use the state's online services.[5199] Third, in response to the terrorist activity in Southern Thailand,[5200] the government sees smart ID cards as a mechanism to create security.[5201]

Criticism against the smart card proposal has been substantial. At the Smart Cards and Society Conference, held at Chulalongkorn University in November 2004, several human rights and privacy advocates criticized the government for pushing an intrusive identification system while the country still lacked a data protection law, and called for public debate on the subject.[5202] These criticisms about potential misuse of data indeed have weight; one proposed use of the smart cards is to track students' post-graduate incomes in order to assess their student loan payments.[5203] One columnist, in addition to noting the privacy problems with the smart ID card project,[5204] also stated his fear that the cards would widen the digital divide between the technology-rich urban population and the rural people.[5205] And one scholar has suggested that the smart ID card system is contrary to Buddhist principles of governance.[5206] Another columnist pointed out that the smart ID cards only make the possibility for abuse by the government greater.[5207] The columnist said the real source of concern should be who has access to and who can run queries on the databases of personally identifiable data that reside at the Bureau of Registration Administration.[5208] The columnist suggests that Thailand needs to put in place constitutional bodies, such as a privacy commissioner, who will safeguard personal data from abuse.[5209]

[5128] Constitution of the Kingdom of Thailand, B.E. 2540 [hereinafter Constitution], available at <>. Unless otherwise noted, all documents are the official translations promulgated by the Office of the Council of State, see Office of the Council of State, Law Library <>.

[5129] Constitution, supra, at § 34, 37, 58.

[5130] Official Information Act, B.E. 2540 (1997), available at <>.
[5131] Id. at § 27.
[5132] Id. at § 35; the OIA divides power to decide cases between the OIC and IDT's, see Id. at §§ 28, 33, 37, 38.

[5133] Id. at §§ 7–20.
[5134] Id. at § 15; the Act also contains a provision giving immunity to officials who in good faith erroneously release documents that another official ordered to be withheld, Id. at § 20.

[5135] Official Information Act, supra at §§ 21–25.
[5136] Id. at § 23(1).
[5137] See id. at § 24; other exceptions include written consent from the people whose data are being transferred, disclosure to planning or census agencies who "have the duty to keep the personal information undisclosed," and law enforcement or safety purposes. Id. Agencies must keep, and individuals have a right to see, an audit trail of how data was exchanged. Id.
[5138] See id. at § 23(3); agencies dealing with intelligence or security are exempt from this clause, see id. at § 22.
[5139] Id. at § 25; the Act requires the agency to disclose to requesting individuals whether they have a right to opt out of giving information to the agency id. at § 23(5); t also requires that information be stored in "an appropriate security system . . . to prevent improper use" of the data, id.

[5140] Sasiwimon Boonruang, "Saving Private Data," Bangkok Post, September 15, 2004, ICT and OIC have both developed versions of data protection laws.
[5141] See, e.g., Pateep Methakunavudhi, "A Guideline for Data Protection Legislation in Thailand," Computers and Society, September 1998. This law is part of a package of six laws that the National Information Technology Committee (NITC) was charged to devise. See Thaweesak Koanantakool, E-Commerce in Thailand <>. The other five are laws on Computer Crime, Electronic Data Interchange (electronic contracting), Digital Signatures, Electronic Funds Transfer, and Universal Access to Information. Id. The Electronic Data Interchange law appears to have been enacted as the "Act on Electronic Transaction"; the others seem to be still in the drafting or debate stages. See Thai Law Reform Commission, Legislations (listing all enacted laws) <>; Thailand ICT Laws <> (in Thai).
[5142] Boonruang, supra. One scholar working on an early draft of the bill, noting that it drew from a wide body of existing laws and other sources, including two papers by Electronic Privacy Information Center Executive Director Marc Rotenberg, declared that the draft "fully addresse[d] all the major issues" that had been raised. Methakunavudhi, supra, at 29–30.

[5143] “We need data privacy act to attract BPO,” Bangkok Post, February 7, 2007.
[5144] Kasamesunt Teerasitsathaporn, “The Right to Privacy More Data Protection Due,” Bangkok Post, October 27, 2006.
[5145] Id.
[5146] Id.
[5147] Id.
[5148] Id.

[5149] Telegraph and Telephone Act, B.E. 2477 § 25 (1934) (prohibiting the "divulg[ing of] a telegraphic or telephonic message in whole or in part") <>.
[5150] Constitution, supra at § 37 (disallowing wiretapping "except by virtue of the provisions of law . . . for security of the State").
[5151] See Special Case Investigation Act, B.E. 2547 § 21 (2004) (translator unknown) <>.
[5152] Id. at §§ 24(1)–2. The power to search is limited procedurally; the officer must submit a justifying statement in writing.
[5153] Id. at §§ 24(3)–4. It is not clear whether the holder of the records is permitted to decline.
[5154] See id. at § 25.

[5155] "Security Decree for Deep South: Police Seek Sweeping Powers," The Nation, December 2, 2004.
[5156] See, e.g., "The Week That Was: Police Approve Tougher Measures," The Nation, December 5, 2004; Yuwadee Tunyasiri, "Visanu: No Need for New Law," Bangkok Post, December 3, 2004 (quoting Senator Kraisak Choonhavan, who worried about the impact of the proposal on "the rights and freedom of innocent people"); "Editorial: Do Not Rush into Anti-Terror Decree," The Nation, December 3, 2004 (suggesting that the "extreme measures" proposed are part of the "administration's shameful record on human rights").
[5157] Yuwadee Tunyasiry & Manop Thip-Osot, "Govt Security Decree U-Turn," Bangkok Post, December 4, 2004.
[5158] Wassayos Ngamkham, “Snooping Bill ‘Harsh Rights Curb,’” Bangkok Post, July 24, 2006.
[5159] Id.
[5160] Id.

[5161] Money Laundering Control Act, B.E. 2542 § 46 (1999) <> (a judicial warrant is also required.)
[5162] See "Drug Syndicate Members Held," Bangkok Post, July 3, 2004; see also "Mob in Govt Crosshairs," The Nation, September 7, 2004 (calling for greater powers to deter international organized crime).
[5163] See Komsan Tortermvasana, "Phone Operators Ask for NTC Help on Taps," Bangkok Post, October 15, 2004.

[5164] See Wassayos Ngamkham, "Special Unit to Hunt Down Internet Felons," Bangkok Post, February 17, 2003.
[5165] "Thailand Moves to Crack Down on Web Content," Newsbytes, July 26, 2004.
[5166] Kamol Sukin, “What a Tangled Web They Weave,” The Nation, June 17, 2007.
[5167] Id.
[5168] “Cyber Crime Law Long Overdue or a Threat to the Industry?,” Bangkok Post, May 16, 2007.
[5169] Id.
[5170] Id.
[5171] Kamol Sukin, supra.

[5172] See "TRT Campaign Launch: They're Evading Key Issues," The Nation, October 18, 2004; see also "Law Enforcement: Wiretapping Story 'Untrue'," The Nation, October 16, 2004 (Justice Minister denying allegations that the administration was wiretapping opponents).
[5173] Mongkol Bangprapa, "Democrats Unwrap New High-Tech Election HQ," Bangkok Post, June 21, 2004.
[5174] "Spy Charges after Mikes Uncovered," Bangkok Post, June 15, 2004.
[5175] Id.
[5176] "Editorial I: Doubts Linger over ICT Explanation," The Nation, June 22, 2004.
[5177] See id.

[5178] A Subscriber Identity Module card, or SIM card, is a type of smart card that is inserted into a mobile phone and used to uniquely identify the caller (for the purpose of charging him/her for airtime). See Radiotelephone Installation for Prepayment Operation with Security Protection, U.S. Patent No. 5,301,234 (filed October 10, 1991). In Thailand, as in many other countries, mobile phone users purchase pre-paid cards, rather than subscribing to a service, so those purchases can be made anonymously. See Waedao Harai & Muhamad Ayub Pathan, "Bombs Injure Six Soldiers in Narathiwat," Bangkok Post, April 18, 2005.

[5179] See B Raman, "Thai Militants Turning Tech Savvy," Asia Times, April 6, 2005 <>. A review of the two major English-language Bangkok papers between June 2004 and April 2005 reveals at least 10 bombings set off by phones, four of them in the first 17 days of April 2005. See, e.g., "Carriers Back SIM Sign-Ups," The Nation, April 18, 2005.
[5180] "Misuse of Mobile Phones Worries Authorities," Bangkok Post, April 5, 2005.
[5181] Yuwadee Tunyasiri & Komsan Tortermvsana, "IDs to Be Mandatory for SIM Cards," Bangkok Post, April 19, 2005. The plan is scheduled to go into effect on May 10, 2005. "Prepaid Phone SIM Purchase to Require ID from May 10," Bangkok Post, April 22, 2005. The Information and Communications Ministry set a December 31, 2005 deadline for all prepaid mobile phone owners to register their SIM cards. Three southern provinces were required to register by November 15, 2005. “Nov. 15 Deadline Set For SIM Registration in Three Provinces,” Bangkok Post, October 11, 2005.
[5182] Tunyasiri & Tortermvsana, supra.
[5183] See, e.g., Kamol Hengkietisak, "Keep Politics out of Numbers Game," Bangkok Post, April 24, 2005 (letter to the editor) ("It's time Sim card for use in mobile phone [sic] is put under control for national security interests").
[5184] "Public Backs SIM Plan: Poll," The Nation, April 20, 2005 (two polls were taken; one found a 79 percent support rate and the other 59 percent).

[5185] Tunyasiri & Tortermvsana, supra.
[5186] Id. (Bangkok Senator Seri Suwannapanont); "Prepaid Proposals Worry Operators," The Nation, April 19, 2005 (telecom director Thana Thienachariya).
[5187] "Bombers Can still Use Malaysian SIM Cards," Bangkok Post, April 21, 2005.
[5188] "IDs Required for SIM Cards in May," The Nation, April 22, 2005 (phone operators stating that personal customer information should be confidential and only disclosed upon court order); "Rights Secondary in Mobile ID Plan," Bangkok Post, April 20, 2005 ("Some customers feared an invasion of privacy and possible identity theft from revealing their ID card numbers"); cf. id. ("Prime Minister Thaksin Shinawatra said the registration. . . would not infringe on consumer rights")
[5189] "Anti-Terror Measures: Mobile ID Plan Flawed, Say Experts," The Nation, April 19, 2005 (quoting an unidentified "telecom industry observer"); "Letters to the Editor: Prepaid Mobile Phones Are Just One Technology That Terrorists Could Use," The Nation, April 22, 2005 ("Either someone shot from the hip or there is a deeper agenda behind the registration of prepaid SIM cards.").

[5190] See State Official Identification Card Act, B.E. 2542 (1999) <>.
[5191] See, e.g., "Smart Card Launch 'By Mid-April'," Bangkok Post, March 3, 2005.
[5192] See "Microchip ID: The Act of Cards," The Nation, March 20, 2005. Technical problems with the cards are currently delaying their release. See "New ID Cards Not So Smart," Bangkok Post, April 28, 2005.
[5193] "ID to be Mandatory from Birth," The Nation, March 9, 2005.
[5194] See "Microchip ID: The Act of Cards," supra.
[5195] Asina Pornwasin, “Electronic Travel: Contactless Technology and Biometric Data in Passports Document,” The Nation, August 26, 2005.
[5196] Id.

[5197] Jiranpan Bonnoon & Asina Pornwasin, "Electronic Democracy: Voting Machines Imminent," The Nation, September 20, 2004.
[5198] Chatrarat Kaewmorakot, "Traffic: Hi-Tech Projects to Tackle Congestion," The Nation, March 14, 2005.
[5199] See, e.g., "A Year of Impressive Progress: National ID Card," The Nation, December 31, 2004; see also Sirikul Bunnang, "Education Spending to Increase B100BN," Bangkok Post, February 26, 2005 (Prime Minister suggesting that smart cards could be used to track students' educational progress and improve schools).
[5200] See the section on SIM cards for an overview of the terrorist activity.
[5201] See "Beware of Muslim Impersonators," The Nation, October 25, 2004 (noting also that smart cards will be rushed to the southern provinces because of law enforcement's need for them).

[5202] See Onnucha Huttasingh, "Smart Cards Called Threat to Privacy," Bangkok Post, November 12, 2004; Pongpen Sutharoj, "UK Expert Urges Debate on Smart ID Card," The Nation, November 15, 2004; see also Kriengsak Chareonwongsak, "Smart Cards, Smart Choices," Bangkok Post, July 18, 2004 (calling for the freedom to opt out of the ID card system or remove information from the card at will). The Interior Ministry has suggested that people will in fact be able to choose what information is stored. "Citizens to Get Say over Smart Card Data," The Nation, March 12, 2004.
[5203] See Phermsak Lilakul, "Student Loans: Plan to Ease Repayment Burden," The Nation, September 13, 2004.
[5204] Don Sambandaraksa, "In Defence of Smartcards," Bangkok Post, June 2, 2004.
[5205] Don Sambandaraksa, "Grass Not Greener on Other Side of Digital Divide," Bangkok Post, December 8, 2004.
[5206] Krisana Kitiyadisai, "Smart ID Card in Thailand from a Buddhist Perspective," Second Asia-Pacific Computing and Philosophy Conference, January 9, 2005, <>. Buddhism is the official religion of the king. Constitution, supra at § 9. Professor Krisana's paper also presents an excellent overview of the criticisms of the smart ID card program.
[5207] “Smart ID Card Privacy Issues are Far From Clear-Cut,” Bangkok Post, February 15, 2006.
[5208] Id.
[5209] Id.

WorldLII: Copyright Policy | Disclaimers | Privacy Policy | Feedback