top of page
Writer's pictureAdmin

您應該知道的泰國個人資料保護申訴程序

What You Should Know About Procedures for Personal Data Protection Complaints in Thailand

您應該知道的泰國個人資料保護申訴程序


In July 2022, Thailand’s Personal Data Protection Committee (“DPDC”) has issued a regulation establishing procedures for filing and processing data subjects[1]’ complaints under Thai Personal Data Protection Act B.E. 2562 (2019) (“PDPA”). The regulation is Complaint Filing, Rejection, Termination, Consideration, and the Period for the Consideration of the Complaint B.E. 2565 (2022) and has been effective since July 12, 2022.


泰國個人資料保護委員會 (“DPDC”) 於2022年7月發布一項法規,規定根據《佛歷2562年 (2019年)個人資料保護法》 (“PDPA”) 提交和處理數據主體申訴的程序。該規定是《佛歷2565年 (2022年) 提交、拒絕、終止、審查申訴和申訴的考慮期限》,自 2022年7月12日起生效。


Thai PDPA permits data subjects to file complaints against data controllers, data processors, or any person who fail to comply with PDPA. Below is requirements and procedures about this complaints:


泰國 PDPA 允許數據主體對數據控制者、數據處理者或任何不遵守 PDPA 的人提出申訴。以下是有關申訴的要求和程序:


File a Complaint

提起申訴

A complaint is submitted to “Expert Committee” directly to the PDPC office. It can be submitted by registered mail or electronically, as announced by the PDPC. In addition, the use language must be clear, plain, polite, appropriate, and no wording that would be considered extortion or intimidation either directly or indirectly. There is no fixed complaint form, however, a complaint must include at least following information:


直接提交申訴至PDPC辦公室的“專家委員會”。可以依據PDPC宣布以掛號信或電子方式提交。此外,使用的語言必須清楚、平鋪直敘、有禮貌和恰當,且沒有直接或間接被視為勒索或恐嚇的措辭。沒有固定的申訴表格,但是申訴必須至少包含以下資訊:

Ø Name, address, phone number or e-mail of the complainant (or an authorized representative) along with ID card, passport, or other official identification documents. If the complaint is submitted by a representative, copy of Power of Attorney and identification document of the representative are required;

申訴人(或授權代表人)的姓名、地址、電話號碼或電子郵件,以及身份證、護照或其他官方身份證明文件。如果申訴是由代表人提交,需要檢附委託書和代表人的身份證明文件;

Ø Facts and detail about the violation of the PDPA;

有關違反PDPA的事實和細節;

Ø Detail of the damages or effects;

損害或影響的細節;

Ø Supporting evidence;

相關證據;

Ø Things that the data subject requests to do.

數據主體要求進行的事情。


Please be noted that the complaint letter should include a sentence certifying that the information in the letter is true.

請注意,申訴信應包含證明信中資訊真實的句子。


Complaint Consideration

審核申訴內容

Once the complaint is filed, the complainant will receive a receipt confirming the department received the complaint stating the date of receiving the complaint with a reference code. The official will then conduct a preliminary examination within 15 days before proposing the case to the Expert Committee for consideration. The committee will consider a few points below:


提交申訴後,申訴人將收到確認收到申訴的憑證,說明收到申訴的日期和參考代碼。之後官員將在15天內進行初步審查,並將案件提交至專家委員會審議。委員會將考慮以下幾點:

Ø whether the action specified in the complaint violate the PDPA;

申訴信描述的行為是否違反PDPA;

Ø whether there are grounds for filing such complaint and whether it is reasonable;

申訴是否有理據及合理性;

Ø whether the Expert Committee has the authority to consider the complaint and whether the duties and powers of consideration are in accordance with other laws or belong to other agencies or not.

專家委員會是否有權審理申訴內容以及是否職責和權力是否符合其他法律或是否屬於其他機構。


Generally speaking, the Expert Committee will complete the review within 90 days of the first meeting. The period may be extended twice for up to 60 days each time, if being approved by the PDPC.


一般而言,專家委員會會在第一次會議後90天內完成審查。如果得到PDPC 的批准,此期限可以延長兩次,每次最多60天。


Outcomes

結果

There will be one of the following results after the consideration from the Expert Committee:

經專家委員會審議申訴後,將有以下結果之一:

Ø Dismiss, if the Expert Committee considers there is no ground under the PDPA;

如果專家委員會認為沒有違反PDPA,則駁回申訴;

Ø Reject, if the evidence is incomplete;

如果證據不足則會拒絕;

Ø Set a conciliation session, if the complaint can be settled by conciliation procedure;

如果申訴可以通過調解程序解決,則設置調解會議;

Ø Render the punishment as an administrative fine.

處以行政罰款。

[1] Data subject is a person who owns his/her personal data and is the one who give away his/her necessary personal data to a service provider (data controller) to have them perform according to what both parties agreed under the contract. However, a data subject does not include a juristic person and deceased person.


53 views0 comments

Recent Posts

See All

Requirements for Digital Assets Governance Business and Exchange Rules are Updated in Thailand 泰國更新數位資產業務治理要求和交易所規則

泰國數位資產業務經營者的董事、授權人員和經理必須具有相關行業3-5年的工作經驗,包括在金融機構、貨幣或資本市場、與數位資產業務相關的管理職位、或學術或專業人士的工作經驗像是會計、金融、經濟、法律或資訊科技等領域的專家。此外,他們還必須具有1年數位資產特定工作經驗,例如區塊鏈和智慧

Comments


bottom of page