Some Legal Issues of Biometric Data Protection in Thailand

Biometric is a technology that can measure and analyze the physiological and behavioral characteristics of a person. Unlike a password, Biometrics data is hard to fake or steal. Since a person was born, he or she would have his or her specific fingerprints, iris, or facial which are unlike others. Biometrics is so convenient that it can identify persons from his or her own physiological or behavioral characteristics. However, Biometrics data is specific for each person. Hence, it could not be changed. Do you think would it be dangerous if someone could hack, fake, or use our biometrics data, or is it dangerous if someone uses our Biometrics data in transactions? Is there any law in Thailand that could protect our Biometrics data in practice? Thailand has many laws that mention the rule for the protection of biometric data. Especially, The Personal Data Protection Act B.E.2562 which is the first data protection act of Thailand. It provides a significant rule for the collection, use, and disclosure of personal data including biometric data. However, the Personal Data Protection Act B.E.2562 is the first personal data protection act in Thailand which is very new. It provides only general and broad rules for processing all types of personal data including the biometric data which is mentioned in the Act as only a type of “personal data”. This article will study on the practical issues in the aspects of “public interest”, “substantial public interest”, “explicit consent”, “civil liability” and “compensation” to find the laws or regulations to be good examples for Thailand to have guidelines for the protection of Biometric data in practice.