Privacy International defends the right to privacy across the world, and fights surveillance and other intrusions into private life by governments and corporations. Read more »



Thailand appears to have the most comprehensive rules on privacy in the region. However, in practice, they are not strongly upheld.

The 1997 Constitution provided for extensive privacy and access to information rights.  It was abrogated in 2006. The 2007 Constitution includes many privacy rights including a right of data protection.

The Official Information Act of B.E. 2540 was adopted in 1997. It provides for both protection of personal information held by state bodies and a regime of access to government information. It is overseen by the Official Information Commission, which is attached to the Prime Minister’s Office.

A draft data protection act has been under consideration for a number of years but to date has not been introduced or reviewed by Parliament. It is expected that it would be based on EU standards to facilitate transborder data flows from Europe.  Public interest in the law was also driven by government proposals on introducing the national smart ID card.

The Child Protection Act BE 2546 (2003) prohibits the collection of personal information about children online for advertising or harmful purposes (A. 27).

Telecommunications privacy is little protected. The Special Case Investigation Act  B.E. 2547 (2004) gives broad powers to authorities to use wiretap, seize records and enter houses in special cases such as complex criminal and terrorism investigations. The Telegraph And Telephone  Act,  B.E.  2477 (1934) allows the Minister to issue regulations on interception of communications. The Computer Crime Act B.E 2550 (2007) prohibits various cybercrime offenses. It gives officials the power to seize computers, files and communications data and order the decoding of encrypted information. Under the Act, ISPs must retain computer traffic data for 90 days and identify all users,1 or face a 500k Thai Baht fine2.  The data is accessed without need of a warrant.  The Anti-Money Laundering Act (1999), B.E. 2542 (amended in 2008) allows for access to financial records and electronic equipment when there is probable cause that a money laundering offense has occurred.

Registration of all mobile users was agreed to by telecommunications providers and government departments in 2005 without the adoption of legislation.
A smart-card based National ID card was introduced in 2005. It combines a number of government databases. Data on the card includes biometrics, marital status, religion, medical conditions, driving license, social security and insurance.

As with the other countries outlined above, Thailand has an increasing concern about consumer protection.  Consumer groups are alarmed by the nature of online contracts,3 and this could be extended to privacy issues.  Similarly, there are mounting concerns about computer and identity fraud, leading to media coverage of the breaches and offering guidance to reducing the risk.4


  • 1. 'Cybercrime:  Big Brother is Watching', John Fotiadis and Yingyong Karnchanapayap, Bangkok Post, August 15, 2008.
  • 2. 'Thai Computer Law Wake Up Call', Gregers Moller, SCandAsia.Denmark, October 30, 2008.
  • 3. 'Consumers' group card debtors 'held hostage by contracts', Pongphon Sarnsamak, The Nation, July 29, 2008.
  • 4. 'Computer Fraud — Your Questions Answered', Pattaya People newspaper Thailand, November 21, 2008.