Thailand’s PDPA Faces New Challenges in the Age of AI

Bangkok: Thailand's Personal Data Protection Act (PDPA) marks its fourth anniversary, highlighting its effectiveness in reducing financial losses from cybercrime. Dr. Prinya Hom-anek, a member of the National Cyber Security Council, discussed the act's successes and emerging challenges as artificial intelligence continues to evolve.

According to Thai News Agency, Dr. Prinya shared that before the PDPA's enforcement, Thai citizens lost around 100 million baht daily to call center scams and online fraud. With the implementation of the PDPA and enhanced cybersecurity measures, these losses have reduced to around 60 million baht per day, saving approximately 35 million baht daily. Despite not eliminating losses entirely, these measures have resulted in significant financial savings for the population.

Dr. Prinya pointed out that in an era dominated by AI technologies like ChatGPT and Gemini, compliance with the PDPA needs to evolve. The focus is shifting from merely obtaining consent or collecting necessary data to establishing "AI Governance." This change is vital as AI systems can absorb and process vast amounts of data in ways humans may not anticipate.

He also warned about the dangers of relying on free social media and AI applications, which can lead to a loss of digital sovereignty. Thai users' data, including sensitive company information, is often stored in foreign cloud systems, compromising Thailand's cyber sovereignty.

Data Protection Officers (DPOs) now face expanded roles that include managing AI risks. They must ensure that employees are not inadvertently sharing sensitive information with AI systems and that the organization's AI use is ethical and trustworthy.

In conclusion, Dr. Prinya emphasized the need for stricter "Privacy by Design" and "Security by Design" principles to address the heightened risk of privacy violations by AI. Both organizations and individuals must adapt their mindsets to keep up with technological advancements, ensuring that the convenience of AI does not lead to unintended data privacy breaches.