The Personal Data Protection Act B.E. 2563 (A.D. 2019) of Thailand (PDPA), effective from June 1, 2022, is the key legislation of Thailand that provides comprehensive protection for personal data. Local and foreign entities that collect, use, or disclose personal data of data subjects in Thailand are subject to the PDPA. Cross-border data transfers are subject to stringent requirements under the provisions of the PDPA and the applicable rules issued under the PDPA. Multinational corporations (MNCs) are required to have in place adequate data protection measures for the purpose of their cross-border data transfer activities.
Kowit Somwaiya and Usa Ua-areetham, from LawPlus Ltd., provide an overview of the key considerations for MNCs to consider when implementing cross-border data transfer mechanisms. The overview is focused on the key requirements for the Binding Corporate Rules (BCRs) and the Data Transfer Agreement (DTA) as set out in relevant notifications issued by the Personal Data Protection Committee (PDPC) under the PDPA, such as the implementing rules on the criteria for protecting personal data sent or transferred abroad according to Section 28 of the PDPA (PDPC rules).
A year in law and regulation of artificial intelligence (AI) is an eon. Whilst a robust regulatory framework or approach should be consistent, grounded in principles, and predictable, it must also evolve to address changing attitudes and perceptions. And whilst no one wants to kill the goose that lays the golden egg by diving headfirst into innovation-curbing regulation, the shift towards favoring some kind of regulation is noticeably gaining speed, with growing fears of social, economic, and political ills.
Now, with the EU successfully rolling out its extensive AI regulatory framework in the EU Artificial Intelligence Act (the EU AI Act), one question is whether other countries will follow suit to enact their own compatible or comparable 'hard law' in a classic demonstration of the 'Brussels effect.'
In his Insight article last year, Jeffrey Lim, Director at Joyce A. Tan & Partners LLC, described how Singapore has been a prime example of a jurisdiction that has positioned itself as a paragon of a regulation-lite, community-fostered, and inclusive multi-stakeholder jurisdiction. With its voluntary Model Governance Framework now in its second version and encompassing generative AI (genAI Model Framework), in this Insight article, Jeffrey explains how Singapore appears set to continue in this vein - an approach that has already yielded significant private sector in-country investment in AI capability building.
India's commitment towards the promotion and development of artificial intelligence (AI) was recently highlighted in the Union Budget of 2024-25 that was announced by the Indian government in July 2024. The Budget allocated $65 million exclusively to the IndiaAI Mission, an ambitious $1.1. billion program that was announced earlier this year to focus on AI research and infrastructure in India. It has also widely been reported that the Ministry of Electronics and Information Technology (MeitY) is in the process of formulating a national AI policy, which is set to address a wide spectrum of issues including the infringement of intellectual property rights and the development of responsible AI. As per reports, MeitY is also analyzing the AI framework of other jurisdictions to include learnings from these frameworks in its national AI policy. Part I of this series focussed on understanding the regulatory approaches adopted by some key jurisdictions like the EU and the USA. In Part two, Raghav Muthanna, Avimukt Dar, and Himangini Mishra, from INDUSLAW, explore measures that India can adopt, and lessons it can take from such markets, in its journey in the governance of AI systems.
In this Insight article, Sun Hee Kim and Dave Boncheun Koo, from Yulchon LLC, explores the rapid development of artificial intelligence (AI) regulation worldwide, highlighting the EU's Artificial Intelligence Act (the EU AI Act) and South Korea's ongoing legislative efforts. As South Korea introduces new AI bills, the focus shifts between promoting the AI industry and ensuring safety, reflecting the need for a balanced approach in the evolving landscape of AI governance.
In the past few years, the digital market has witnessed an outpour of artificial intelligence (AI) systems, with the AI market expected to reach a valuation of nearly $2 trillion by 2030. However, the surge in the use of AI has led to the birth of several pertinent issues ranging from concerns about data privacy and intellectual property rights infringements to issues around transparency and ethical concerns, among others. In the first part of this series on navigating the AI frontier, Raghav Muthanna, Avimukt Dar, and Himangini Mishra, from INDUSLAW, aim to analyze and assess the regulatory position around AI in three key jurisdictions, namely the EU, USA, and India. Part two of this series will evaluate the diverse approaches of these jurisdictions and the learnings that India can adopt from the EU and the USA while framing its own set of AI regulations, as well as what lies ahead for India in the AI regulatory space.
On July 31, 2024, Bill D.R. 21/2024, known as the Personal Data Protection (Amendment) Act 2024, amending the Personal Data Protection Act (PDPA) (the Bill), passed in the Senate on its second reading. The Bill introduces new requirements, such as the appointment of a data protection officer (DPO) and data breach notification obligations. OneTrust DataGuidance Research provides an overview of the most significant provisions under the Bill.
In this Insight article, Kenying Tseng, Vick Chien, and Evelyn Shih of Lee and Li Attorneys-at-Law explore Taiwan's dynamic approach to artificial intelligence (AI) regulation. Despite the absence of codified AI laws, Taiwan is actively developing guidelines and policies to ensure the ethical and responsible application of AI, balancing innovation with societal values.
Artificial intelligence (AI) is playing an increasingly integral part in the daily lives of Kiwis as they engage in the digital economy. In this article, Anthony Cooke, from Clyde & Co., explores how existing privacy legislation in New Zealand influences the use and evolution of AI tools and technologies. Additionally, Anthony delves into the broader regulatory landscape in New Zealand concerning AI.
On February 5, 2024, the Personal Information Protection Commission (PIPC) released the revised 'Guidelines for Processing Pseudonymous Data' (the Guidelines). This revision addresses the limitations of the existing guidelines, which only provided processing standards for structured data. The Guidelines aim to establish pseudonymization standards for unstructured data - such as images, videos, audio, and text - which are crucial for the development of artificial intelligence (AI) technologies.
In the Guidelines, the PIPC provides methods and specific examples of pseudonymization regarding unstructured data. In addition, the PIPC explains in more detail the important points to consider for each phase of pseudonymization (pre-preparation, risk review, pseudonymization, appropriateness review, and safe management). As it is not practically possible to eliminate all the various risks that may arise in the course of AI development and use, the Guidelines also focus on post-management. Timothy Dickens, from DR & AJU LLC, explores the different scenarios discussed in the Guidelines where unstructured data was successfully pseudonymized.
In this Insight article, Albert Yuen and Jasmine Yung, from Linklaters, discuss the increasing pace of regulatory developments across APAC jurisdictions, particularly focusing on Hong Kong's new Model AI Framework.
In this Insight article, HoSang Yoon and Hyein Lee, fromShin & Kim LLC, delve into the release of the Guidelines on Applying the Personal Information Protection Act to Foreign Business Operators (the Guidelines), designed to assist foreign businesses in complying with the Personal Information Protection Act (PIPA). Released by the Personal Information Protection Commission (PIPC) on April 4, 2024, the Guidelines provide a comprehensive framework to help foreign businesses meet PIPA requirements and emphasize the importance of adopting robust measures to safeguard the personal data of South Korean users.
In this Insight article, Hyeon Song Lee, Principal at Pine Law Office, explores how the Personal Information Protection Act (PIPA) in South Korea grants personal data rights and sets obligations for data processors. Additionally, he delves into the complex landscape of data retention regulations that extend beyond PIPA, highlighting the necessity for businesses to navigate various individual laws to ensure compliance and avoid potential penalties.
Please let us know what you think of DataGuidance! It will only take 60 seconds and help us make the site better for you.
Try The New Version of DataGuidance
The new DataGuidance, powered by OneTrust Copilot, introduces a seamless and sophisticated research experience. Explore the future of tailored regulatory research today.