top of page
Writer's pictureAdmin

Draft Notification on Collection of Criminal Record Personal Data is Released in Thailand 泰國發布關於收集犯罪

On 14 November 2023, Personal Data Protection Committee (PDPC) in Thailand published a draft notification on collection of personal data of criminal records. This notification provides clarifications and prescribes further criteria for processing criminal record data under the Personal Data Protection Act (“PDPA”), which in general requires the criminal records to be carried out under relevant official authority of this law or under data protection measure implemented according to rules prescribed by PDPC.

2023年11月14日,泰國個人資料保護委員會(PDPC)發布關於收集犯個人資料的罪記錄通知草案。該通知提供澄清、並規定根據《個人資料保護法》(“PDPA”)處理犯罪記錄資料的進一步標準,該法一般要求犯罪記錄的處理必須在相關官方機構依法或根據PDPC規定的規則實施的資料保護措施。


The draft notification will have important implications for businesses’ recruitment and human resources activities in relation to people with criminal records.

該通知草案將對企業與有犯罪記錄的人相關的招聘和人力資源活動產生重要影響。


The main aspects of the draft notifications includes the following:

通知草案的主要內容包括:

Ø “Personal data regarding criminal record” and “criminal record data” denote personal data related to the investigations of criminal offenses, criminal prosecution, or criminal punishment that is official information or certified by relevant supervisory authority, regardless whether that action is connected to final judgment or not.

“有關犯罪紀錄的個人資料”及“犯罪紀錄資料”指與刑事犯罪調查、刑事起訴或刑事處罰有關、官方資訊或經相關監管機構認證的個人資料,不論該行為是否屬於犯罪行為,與最終判決有關於否。

Ø Under the draft notification, data controllers may process criminal record data for the purpose of recruitment process, checking the qualifications of personnel, and considering the suitability of a person for a position if the processing activities are required by law or when a data controller obtains explicit consent from the data subject. Furthermore, the necessity of processing criminal record data must be announced in the beginning of the recruitment process.

根據通知草案,如果法律要求或資料控制者需要處理犯罪記錄資料,資料控制者可以出於招聘過程、檢查人員資格並考慮人員是否適合職位的目的處理犯罪記錄資料獲得資料主體的明確同意。此外,必須在招聘過程開始時宣布處理犯罪記錄資料的必要性。

Ø Data controllers’ requests for explicit consent to collect data subject’s criminal record and must notify the data subject of the consequences of not providing consent or to towithdraw consent.

資料控制者在要求明確同意收集資料主體的犯罪記錄資料時,也必須告知資料主體不提供同意或撤回同意的後果。

Ø The draft notification sets the allowable retention period for criminal record data at a maximum of six months from the end of the processing activities specified above. After the retention period ends, the criminal record data must be deleted, destroyed, or anonymized using an appropriate method.

通知草案規定犯罪紀錄資料的允許保留期限為自上述處理活動結束後最多六個月。保存期限結束後,犯罪記錄資料必須採用適當方法刪除、銷毀或匿名化。


19 views0 comments

Recent Posts

See All

Requirements for Digital Assets Governance Business and Exchange Rules are Updated in Thailand 泰國更新數位資產業務治理要求和交易所規則

泰國數位資產業務經營者的董事、授權人員和經理必須具有相關行業3-5年的工作經驗,包括在金融機構、貨幣或資本市場、與數位資產業務相關的管理職位、或學術或專業人士的工作經驗像是會計、金融、經濟、法律或資訊科技等領域的專家。此外,他們還必須具有1年數位資產特定工作經驗,例如區塊鏈和智慧

コメント


bottom of page