Main Article Content
The research aimed to study 1) legal problems in protecting the right of the data subject in case of using digital technology to conduct smart contract 2) elements and conditions of European General Personal Data Protection Regulation (GDPR) and conduct a comparative analysis with Thailand’s Personal Data Protection Act B.E. 2562 3) recommending to amend the law. The methodology of this research is qualitative research by conducting content analysis and comparative analysis of Thai and European Union law The research results were found as follows; 1) electronic transaction Act B.E. 2562 covers the forming of smart contract but does not have provisions to protect right of personal data of consumers who are parties to the contract. 2) Personal Data Protection Act. B.E. 2562 and General Data Protection Act (GDPR) of the European Union does not directly address “Smart contract” but the provision relating to the condition of data processing by which the consent of data subject is required could be applied to protect the right of the data subject. However, the provision has limitations and does not cover the right to object or refuse to enter the smart contract. 3) General Data Protection Act (GDPR) of the European Union has a specific provision on “Automated individual decision-making” in article 22 which could be interpreted to cover smart contract, i.e., the data subject has the right not to be subject to the smart contract in which a decision based solely on automated processing. However, the Personal Data Protection Act. B.E. 2562 does not have this specific article. Consequently, the research proposes the amendment of this Act in include provision on “Automated individual decision-making” as modeled in article 22 of GDPR.
Bayamlıoğlu, E. (2018). Contesting Automated Decisions. European Data Protection Law Review,
Bloustein, E. (1984). Privacy as an Aspect of Human Dignity. “Philosophical Dimensions of privacy:
An Anthology”, Schoeman, Ferdinand (ed.). UK: Cambridge University Press.
Cate, Fred. H. (1995). The EU Data Protection Directive, Information Privacy, and the Public
Interest. Iowa L. Rev, 80(3), 431-443.
Cheng, Raymond et al. (2019). Ekiden: A Platform for Confidentiality-Preserving, Trustworthy, and
Performant Smart Contracts. Proceedings-4th IEEE European Symposium on Security and
Privacy, EURO S and P. Stockholm, Sweden. pp.185-200.
Donnelly, J. (1982). Human Rights and Human Dignity: An Analytic Critique of Non-Western
Conceptions of Human Rights. The American Political Science Review, 76(2), 303-316.
European Commission, Article 29 Working Party, Guidelines on Automated individual decision-
making and Profiling for the purposes of Regulation 2016/679. Retrieved https://ec.europa. eu/newsroom/article29/item-detail.cfm?item_id=612053
Fromholz, J. M. (2000). The European Union data privacy directive. Berkeley technology law
journal, 15(1), 460-484.
Islam, Md N. & Kundu, S. (2018). Preserving IoT Privacy in Sharing Economy Via Smart Contract.
2018 IEEE/ACM Third International Conference on Internet-of-Things Design and
Implementation (IoTDI), Orlando, FL, USA. pp.296-297.
Malgieri, G., & Comandé, G. (2017). Why a Right to Legibility of Automated Decision-Making
Exists in the General Data Protection Regulation, International Data Privacy Law, 7(3),
Personal Data Protection Act, B.E. 2562 (2019)
Rubenfeld, J. (1989). The Right of Privacy. Harvard Law Review, 102(4), 737-807.
Schoeman, F. D. (1984). Philosophical Dimensions of privacy: An Anthology. UK: Cambridge
Solove, D. J. (2006). A Taxonomy of Privacy. University of Pennsylvania Law Review, 154(3),
Thograweewong, K. (2010). Legal measures for protecting the right to privacy: a study of
invasion of privacy by direct sale business. Botbundit, 66(episodes 4, December 2010),
Warren, S.D., & Brandies, L. D. (1890). The Right to Privacy. Harvard Law Review, 4(5),
Westin, A. F. (1967). Privacy and Freedom. New York: Atheneum.
Yasin, A., & Liu, L. (2016). An online identity and smart contract management system. 2016 IEEE
40th Annual Computer Software and Applications Conference (COMPSAC), (IEEE, Atlanta,