Thailand - PDPA (Personal Data Protection Act)

Modified on Tue, 04 Jul 2023 at 06:10 PM

Thailand PDPA and how it handles cookies

The Personal Data Protection Act (PDPA) of Thailand has gone through a journey before finally came into full effect on June 1st, 2022. Initially passed in 2019, it experienced delays in 2020 and 2021, but now it's ready to safeguard personal information in the digital era.

When diving into the PDPA Thailand, the concept of end-user consent takes center stage. It emphasizes the importance of users willingly granting permission for their data to be used.

Considered Thailand's pioneering legislation in data protection, the PDPA draws comparisons to the European General Data Protection Regulation (GDPR). It mandates that those who handle personal data, such as data controllers and processors, must obtain consent from the data owners and strictly utilize it for the stated purposes. Failure to comply could result in administrative fines of up to THB 5 million or criminal fines of up to THB 1 million.

In Thailand, personal data refers to "any information relating to a person that can directly or indirectly identify them". However, information about deceased individuals falls outside the scope of personal data.

To comply with the PDPA, businesses need to embrace data minimization, notify users about data collection, obtain their consent, allow them to opt-out, respect their data rights, and promptly report any breaches once discovered.

Therefore, it's crucial for your website to seek explicit and clear consent from users before activating any cookies or tracking mechanisms that process personal data.

If you want to know more about the different regulations you can access our article "Laws and regulations for each region"

PDPA and Cookie Banner to comply with this

The PDPA emphasizes that consent must be freely given, obtained in written form, and ensure that website users are accurately informed about the specific purposes of data collection.

Taking into account that this regulation is very similar to the GDPR in terms of its characteristics and restrictions, we recommend implementing a cookie banner with the following:

  • Include a Button to Accept Cookies: The text in the cookie banner and the button must make it clear that by clicking the button the user agrees to the deployment of cookies, this is known as Opt-in consent. 
  • Include a Button to Reject Cookies: Must include a statement telling the user that they can deny the consent of data collection and a button that allows them to do so.
  • Provide Detailed Information About Cookie Use: The cookie banner should contain information about why the website uses cookies. For example, does it collect data for analytics, advertising, or social media purposes?
  • Alert the User if the Website Shares Data with Third-Party cookies: If the website shares the data collected through cookies with third parties the cookie banner should explain this.
  • Link to the Website’s Cookie Policy: Here the website will provide further information about the cookies in use on the site, including a list of all the cookies.

Observations: With illow's GDPR banner, your site will be ready to comply with this regulation.

If you want to know the different types of banner cookies that you can find on our platform, access our article "Types of banners you will find on our platform"

Was this article helpful?

That’s Great!

Thank you for your feedback

Sorry! We couldn't be helpful

Thank you for your feedback

Let us know how can we improve this article!

Select atleast one of the reasons
CAPTCHA verification is required.

Feedback sent

We appreciate your effort and will try to fix the article