The Telenor Asia Digital Lives Decoded 2023 report shows Thais concerns about data privacy and security are lower than other respondents across Asia. Just 17% of Thais are worried about their privacy on their mobile phone.
Data Privacy Day, which is observed worldwide on January 28, seeks to create awareness about the importance of respecting privacy, safeguarding data, and enabling trust.
To mark this special day, True Blog interviewed Montri Stapornkul, Head of Data Protection at True Corporation Public Company Limited, about privacy concepts, challenges facing the private sector, and what consumers need to know about privacy during AI boom.
Privacy is Human Rights
“Two-way communications always involve message senders, recipients and messages or a set of data. So, if recipients want to use the given data for any purpose, they should seek consent from senders who are considered ‘data Subjects.’ Based on human-right concepts, seeking consent shows respect for data subjects’ human rights. To do so properly, recipients must transparently inform data subjects of the purpose of data usage. In legal context, this is about the “data-based right to human dignity,” said Mr. Montri.
The legislation of personal data protection law first emerged in the European Union’s zone in 2020 in the form of the General Data Protection Regulation (GDPR). Thailand followed suit, with its Personal Data Protection Act B.E. 2562 (PDPA) coming to effect soon later. The enforcement of PDPA has “restored” consumers’ privacy via enterprises that serve as service providers. Other parts of privacy in Thailand are protected under the Civil and Commercial Code.
“It took 20 years to develop GDPR. In Thailand, it took 21 years to introduce PDPA that has laid down solid principles of privacy with clear definitions, scope, and supervision of personal data. PDPA has even identified service providers as potential violators of human rights. Therefore, service providers cannot deny their responsibility if violations happen,” Mr. Montri said.
Risks from Digital-Data Potential
According to Montri, digital data can significantly raise the amount of identifiable data and reflect people’s behaviors and interests, there are both “positive and negative impacts” in the picture. Service users, for example, may be offered special deals or unexpected promotions via Contextual Marketing. But such benefits come with concerns about privacy.
“It is good that service providers offer great deals to interested customers for as long as human rights and privacy are upheld, with data subjects giving prior consent. Don’t assume that you can use their data just because they will be beneficiaries in the end,” Mr. Montri emphasized.
In the telecom industry, service providers must seek customers’ consent “one by one and on a case-by-case basis” if they need to use their data for purposes other than those related to the provision of telecom services. For instance, customer data can be processed or used for research only if customers have granted their consent.
The fast-evolving technology has now seriously raised data risks. Still, the level of risks depends on the type of technology involved too. Automation is more direct when compared with AI. As AI can interpret and reinterpret “data sets” in countless ways in various contexts for its training and development, risks associated with AI are much bigger.
3 Pillar for Balanced Privacy
Montri, in his capacity as the Data Protection Officer of True Corp, noticed that risks to privacy were growing in the face of increasingly advanced technology. He thus emphasized the need to govern AI based on Thailand’s highest law or constitution, which prescribes justice, good morals and public order, and no harm to human security. When staff (such as call center agents) are authorized to access customer data, they must follow rules to uphold the right principles.
Asked by True Blog about how to balance consumer rights and business interests, Mr. Montri said these two things were “separate yet related issues”. To maintain the balance, he said transparency and the “principle of necessity and proportionality” must apply alongside business rationales. At True Corp, Privacy by Design has fostered the three elements via:
- Seeking consent from data subjects and ensuring their acknowledgement of data usage: In the telecom industry, data usage must be for purposes mentioned in telecom-service agreements only.
- If data usage will not be related to telecom services, asking if consent for other purposes has been sought and obtained.
- If the answer is “No”, one must ask for consent “every time” for each purpose. Data storage and usage are possible only if they are done with transparency and clear purposes.
When seeking consent from customers, it is necessary to state a clear scope too. Every data set requested and obtained must observe the principle of necessity and proportionality.
“Businesses and their employees must not ask for more than what is necessary each time they handle personal data. It is of course challenging and complicated for enterprises to comply with the law. But upholding the right principles, human rights and human dignity will ensure business sustainability,” Montri said.
“It requires lots of discussions for a clear understanding when efforts to set the framework first started. But in the end, all data-using units become aware of and show respect for privacy. While the mission may be difficult, everyone at True Corp today has seen the same picture and placed an emphasis on consumers’ rights and benefits. Following the amalgamation of True and dtac, joint efforts have also taken off to improve and ensure practices are in line with human-right laws.”
Montri’s advice to consumers wishing to protect their privacy is to carefully evaluate how online offers are designed and whether they are using their personal data legitimately. “It pays to be skeptical,” he concluded.
SCB 10X unveils a high-performance large language model “Typhoon”
Anothai Wettayakorn appointed as the Managing Director and Technology Leader of IBM Thailand
