The protection of data subject in case of: A Comparative study of GDPR and Personal Data Protection Act B.E. 2562

Article Sidebar

PDF
Published: Jun 20, 2020
Keywords:
Personal Data Protection, The Personal Data Protection Act B.E. 2562, The General Data Protection Regulation (GDPR), Smart contract

Main Article Content

Kanathip Thograweewong
Kasem Bundit University
Duangkamol Kwanyuen
Kasem Bundit University

Abstract

The research aimed to study 1) legal problems in protecting the right of the data subject in case of using digital technology to conduct smart contract 2) elements and conditions of European General Personal Data Protection Regulation (GDPR) and conduct a comparative analysis with Thailand’s Personal Data Protection Act B.E. 2562 3) recommending to amend the law. The methodology of this research is qualitative research by conducting content analysis and comparative analysis of Thai and European Union law The research results were found as follows; 1) electronic transaction Act B.E. 2562 covers the forming of smart contract but does not have provisions to protect right of personal data of consumers who are parties to the contract. 2) Personal Data Protection Act. B.E. 2562 and General Data Protection Act (GDPR) of the European Union does not directly address “Smart contract” but the provision relating to the condition of data processing by which the consent of data subject is required could be applied to protect the right of the data subject. However, the provision has limitations and does not cover the right to object or refuse to enter the smart contract. 3)  General Data Protection Act (GDPR) of the European Union has a specific provision on “Automated individual decision-making” in article 22 which could be interpreted to cover smart contract, i.e., the data subject has the right not to be subject to the smart contract in which a decision based solely on automated processing. However, the Personal Data Protection Act. B.E. 2562 does not have this specific article. Consequently, the research proposes the amendment of this Act in include provision on “Automated individual decision-making” as modeled in article 22 of GDPR.

Article Details

How to Cite
Thograweewong, K., & Kwanyuen, D. (2020). The protection of data subject in case of: A Comparative study of GDPR and Personal Data Protection Act B.E. 2562. Rajapark Journal, 14(34), 125–139. Retrieved from https://so05.tci-thaijo.org/index.php/RJPJ/article/view/240231
Issue
Vol. 14 No. 34 (2020): May - June
Section
Research Article

Views and opinions appearing in the Journal it is the responsibility of the author of the article, and does not constitute the view and responsibility of the editorial team.

References

Arendt, H. (1973). The Human Condition. Chicago: University of Chicago Press.

Bayamlıoğlu, E. (2018). Contesting Automated Decisions. European Data Protection Law Review,

, 433–466.

Bloustein, E. (1984). Privacy as an Aspect of Human Dignity. “Philosophical Dimensions of privacy:

An Anthology”, Schoeman, Ferdinand (ed.). UK: Cambridge University Press.

Cate, Fred. H. (1995). The EU Data Protection Directive, Information Privacy, and the Public

Interest. Iowa L. Rev, 80(3), 431-443.

Cheng, Raymond et al. (2019). Ekiden: A Platform for Confidentiality-Preserving, Trustworthy, and

Performant Smart Contracts. Proceedings-4th IEEE European Symposium on Security and

Privacy, EURO S and P. Stockholm, Sweden. pp.185-200.

Donnelly, J. (1982). Human Rights and Human Dignity: An Analytic Critique of Non-Western

Conceptions of Human Rights. The American Political Science Review, 76(2), 303-316.

European Commission, Article 29 Working Party, Guidelines on Automated individual decision-

making and Profiling for the purposes of Regulation 2016/679. Retrieved https://ec.europa. eu/newsroom/article29/item-detail.cfm?item_id=612053

Fromholz, J. M. (2000). The European Union data privacy directive. Berkeley technology law

journal, 15(1), 460-484.

Islam, Md N. & Kundu, S. (2018). Preserving IoT Privacy in Sharing Economy Via Smart Contract.

IEEE/ACM Third International Conference on Internet-of-Things Design and

Implementation (IoTDI), Orlando, FL, USA. pp.296-297.

Malgieri, G., & Comandé, G. (2017). Why a Right to Legibility of Automated Decision-Making

Exists in the General Data Protection Regulation, International Data Privacy Law, 7(3),

–265.

Personal Data Protection Act, B.E. 2562 (2019)

Rubenfeld, J. (1989). The Right of Privacy. Harvard Law Review, 102(4), 737-807.

Schoeman, F. D. (1984). Philosophical Dimensions of privacy: An Anthology. UK: Cambridge

University Press.

Solove, D. J. (2006). A Taxonomy of Privacy. University of Pennsylvania Law Review, 154(3),

-560.

Thograweewong, K. (2010). Legal measures for protecting the right to privacy: a study of

invasion of privacy by direct sale business. Botbundit, 66(episodes 4, December 2010),

-80.

Warren, S.D., & Brandies, L. D. (1890). The Right to Privacy. Harvard Law Review, 4(5),

-220.

Westin, A. F. (1967). Privacy and Freedom. New York: Atheneum.

Yasin, A., & Liu, L. (2016). An online identity and smart contract management system. 2016 IEEE

th Annual Computer Software and Applications Conference (COMPSAC), (IEEE, Atlanta,

Georgia), pp.192-198.