สิทธิที่จะถูกลืมตามพระราชบัญญัติคุ้มครองข้อมูลส่วนบุคคล พ.ศ. 2562

Piti Eiamchamroonlarp

Authors

Piti Eiamchamroonlarp Faculty of Law, Chulalongkorn University

Keywords:

rigth to be forgotten, personal data deletion and destruction, delisting of personal data

Abstract

Without explicitly referring to the term “right to be forgotten”, the data subject’s right under Section 33 of the Personal Data Protection Act B.E. 2561 (2019), and the data controller’s duty under Section 37(3) of the Personal Data Protection Act B.E. 2561 (2019), these two provisions are both capable of protecting right to be forgotten in accordance with universal theories on right to be forgotten, legal provisions, precedents, and guidelines in several foreign countries. These countries include the European Union, Australia, Japan, Hong Kong, Taiwan, the Philippines and Singapore. To facilitate clarity on how the data controller can fully comply with the Personal Data Protection Act B.E. 2561 (2019), especially when it comes to a data controller who provides search engine service, as well as to recognize the fact that communication between people is increasingly done through digital platforms, this article proposes that Section 33 and Section 37(3) of the Personal Data Protection Act B.E. 2561 (2019) should be amended to explicitly recognize the term “right to be forgotten”. This amendment will help making it clear that if a search engine provider already delisted the displayed personal data, its action shall be deemed to be fully compliant with the law without erasing or destroying the said personal data. Once deemed legally-sound, a search engine provider can avoid a risk associated with noncompliance with the Personal Data Protection Act B.E. 2561 (2019). In addition, this research recommends that the Personal Data Protection Commission should announce criteria for erasing, destroying, or anonymizing personal data by exercising its power under Section 33 paragraph 5 of the Personal Data Protection Act B.E. 2561 (2019). This subordinate law (or guidelines) can be developed by taking into account erasure, destruction, and anonymization guidelines in foreign countries.

References

Aidan Forde, ‘Implication of the Right to Be Forgotten’ (2015) 18 Tulane Journal of Technology and Intellectual Property 83.

Anita L. Allen, ‘Privacy-as-Data Control: Conceptual, Practical, and Moral Limits of the Paradigm’ (2000) 32 Connecticut Law Review 861

Article 29 Data Protection Working Party, ‘Guidelines on the Implementation of the Court of Justice of the European Union Judgment on “Google Spain and Inc v. Agencia Espanola De Proteccion De Datos (AEPD) and Mario Costeja Gonzalez C-131/12’ (Article 29 Data Protection Working Party, November 2014) accessed 5 August 2021.

Cécile de Terwangne, ‘The Right to be Forgotten and the Informational Autonomy in the Digital Environment’ (EU Commission, 2013) <https://publications.jrc.ec.europa.eu/repository/bitstream/JRC86750/jrc86750cecile_fv.pdf> accessed 2 October 2021.

Global Freedom of Expression, ‘Hurbain v. Belgium’ (Columbia University, June 2021) <https://globalfreedomofexpression.columbia.edu/cases/hurbain-v-belgium/> accessed 28 August 2022.

Global Freedom of Expression, ‘Plaintiff X v. PrimaDaNoi’ ( Columbia University, 2015) <https://globalfreedomofexpression.columbia.edu/cases/plaintiff-x-v-primadanoi/> accessed 1 October 2021.

ICO, ‘Deleting personal data’ (ICO, February 2014) <https://ico.org.uk/media/for-organisations/documents/ 1475/deleting_ personal_data.pdf> accessed 3 October 2021.

Jed Rubenfeld, ‘The Right of Privacy’ (1989) 102 Harvard Law Review 737.

Jeffrey Rosen, ‘The Right to Be Forgotten’ (2012) 64 Stanford Law Review Online 88.

Marko Milosavljević, Melita Poler, and Rok Čeferin, ‘In the Name of the Right to be Forgotten: New Legal and Policy Issues and Practices regarding Unpublishing Requests in Slovenian Online News Media’ (2020) 8(6) Digital Journalism 780.

Mélanie Dulong de Rosnay and Andrés Guadamuz, ‘Memory Hole or Right to Delist? Implications of the Right to be Forgotten for Web Archiving’ (RESET, 19 April 2019) <http://www.researchgate.net/publication311997712_Memory_Hole_or_Right_to_Delist_Implications_of_the_Right_to_be_Forgotten_for_Web_Archiving/link/59deef990f7e9bcfab24773f/download> accessed 2 October 2021.

Michael J. Kelly and David Satola, ‘The Right to Be Forgotten’ (2017) 1 University of Illinois Law Review 1.

Office of the Australian Information Commissioner, ‘The Australian Privacy Principles From Schedule 1 of the Privacy Amendment (Enhancing Privacy Protection) Act 2012’ (OAIC, January 2014) <https://www.oaic.gov.au/__data/ assets/ pdf_file/0006/2004/the-australian-privacy-principles.pdf> accessed 5 March 2022.

Patrick C. File, ‘A History of Practical Obscurity: Clarifying and Contemplating the Twentieth Century Roots of a Digital Age: Concept of Privacy’ (2017) 6 University of Baltimore Journal of Media Law & Ethics 4.

PDPC, ‘Media Statement: ‘PCPD Welcomes Administrative Appeals Board's Decision on Dismissing David Webb’s Appeal Case’ (PDPC, October 2015) <https://www.pcpd.org.hk/english/news_events/media_statements/press_20151029.html> accessed 17 November 2021.

PDPC, ‘X v Privacy Commissioner for Personal Data (Administrative Appeal No. 15/2019)’ (PDPC , July 2014) <https://www.pcpd.org.hk › files › AAB_15_2019> accessed 28 August 2022.

Rolf H. Weber, ‘The Right to Be Forgotten More Than a Pandora’s Box?’ (2011) 2(2) Journal of Intellectual Property, Information Technology and E-Commerce 120.

Shaniqua Singleton, ‘Balancing a Right to Be Forgotten with a Right to Freedom of Expression in the Wake of Google Spain V. AEPD’ (2015) 44 Georgia Journal of International and Comparative Law 165.

Wen-Tsong Chiou. ‘Commentary on The Right to be Forgotten: Forget about It?’ (Ministry of Justice, July 2015)<https://cons.judicial.gov.tw> accessed 28 August 2022.

Right to ฺBe Forgotten under the Personal Data Protection Act B.E. 2562 (2019)

Authors

Keywords:

Abstract

References

Downloads

Published

Issue

Section

License

Information

Language