Legal Problems with the Protection of Alternative Credit Data under the Personal Data Protection Framework in Thai laws
Abstract
The objective of this research paper is to understand and find an appropriate solution to the qualification problem of alternative credit data protection by making a comparative analysis with international measures and propose amendments to the Thai personal data protection legislation.
This study employed a qualitative research method by studying the background, definition, and concept of alternative credit information, studying the scope and legal measures for personal data protection relating to alternative credit data,and analyzing legal issues of the definition and legal measures for collecting personal information relating to alternative credit data from technical reports, literature, legal texts, international frameworks and measures, textbooks, and articles both in Thailand and foreign countries.
The study found that: (1) alternative credit data has a widescope and various types of data. It can be qualified as personal data, sensitive data, or inferred from traditional credit data; (2) it can be protected under the Credit Information Business Act (CIBA) B.E. 2545 (2002) and the Personal Data Protection Act (PDPA) B.E. 2562 (2019), depending on the type of data and ability of data inference; (3) the definitions and requirements for collection of alternative credit data which is sensitive under the two laws are inconsistent. Section 10 of the CIBA does not allow the collection of prohibited information, which covers certain kinds of sensitive data, while Section 26 of the PDPA allows the collection of sensitive data with an explicit consent of the data subject. If such data is improperly used, it will affect the right to data privacy and fundamental rights of the data subject.This study therefore proposes the relevant Thai agenciesto amend the definitions and requirements for the collection of alternative credit data to be consistent under the laws.
References
The US Bureau of Consumer Financial Protection, February 21, 2017. Request for Information Regarding Use of Alternative Data and Modeling Techniques in the Credit Process, p 11185. Retrieved fromhttps://www.federalregister.gov/documents/2017/02/21/2017-03361/request-for-information-regarding-use-of-alternative-data-and-modeling-techniques-in-the-credit(accessed February 15, 2020).
Personal Data Protection Act 2019, Thailand, Section 6
Paterson, M., & McDonagh, M.(2018). Data protection in an era of big data:The challenges posed by big personal data. Monash University Law Review, 44(1), 1-31.
Ibid.
Christman, J. (2008). Autonomy in moral and political philosophy. Stanford encyclopedia of philosophy.
Ibid.
Wilairat,Y. (2017). Problems on “Credit Information” under the Law Relating to Credit Information Business. [Bangkok: Thammasat University]. Available at http://ethesisarchive.library.tu.ac.th/thesis/2017/TU_2017_5801033159_8937_9011.pdf (accessed December 15, 2021).
Srichola, S. &Tipayanee, P. (2021). Legal Issues Related to Credit Information on the Use of Credit Information for Other Purposes. [Bangkok: Dhurakij Pundit University] 4.
Khaosanit, D. (2018). Legal measures to protect personal data: a study of Thana's financial and banking case. [Bangkok: Dhurakij Pundit University] 215. Available (in Thai language) at http://libdoc.dpu.ac.th/thesis/Dawan.Kha.pdf (accessed December 15, 2021).
Hunt, R. M. (2002). What's in the file? The economics and law of consumer credit bureaus. Business Review, (Q2), 17-25.
See Supra note [1] The US Bureau of Consumer Financial Protection, February 21, 2017.
International Committee on Credit Reporting (ICCR), March 2018. Use of Alternative Data to Enhance Credit Reporting to Harness DigitalFinancial Services to Individualsand SMEs operating in the Informal Economy. Available at https://www.gpfi.org/publications/guidance-note-use-alternative-data-enhance-credit-reporting-enable-access-digital-financial-services (Accessed February 7, 2023).
Kraemer, F., Van Overveld, K., & Peterson, M. (2011). Is there an ethics of algorithms?.Ethics and Information Technology,13( 3), 251-260.
Personal Data Protection Act 2019, Thailand, Section 6.
Personal Data Protection Act 2019, Thailand, Section 3.
Personal Data Protection Act 2019, Thailand, Section 4 (6)
The Credit Information Business Act 2002,Thailand, Section 3.
OECD (2013), The OECD Guidelines Governing the Protection of Privacy and Transborder Flows of Personal Data. Retrieved from www.oecd.org/internet/ieconomy/oecd_privacy_framework.pdf(accessed February 15, 2020).
OECD (2015), Data-Driven Innovation: Big Data for Growth and Well-Being, OECD Publishing, Paris. http://dx.doi.org/10.1787/9789264229358-en(accessed February 15, 2020).
Personal Data Protection Act 2019, Thailand, Section 26.
General Data Protection Regulation, Art. 9.
Greenleaf, G. &Suriyawongkul, A., Thailand – Asia’s Strong New Data Protection Law (September 24, 2019). 160 Privacy Laws and Business International Report 1, 3-6, 2019, Available at SSRN: https://ssrn.com/abstract=3502671
Credit Information Business Act 2002, Thailand, Section 3 and 10.
See Supra note [1] The US Bureau of Consumer Financial Protection, February 21, 2017.
CJEU C‑184/20, OT v Vyriausiojitarnybinesetikoskomisija, ECLI:EU:C:2022:601.
Personal Data Protection Act 2019, Thailand, Section 26.
Personal Data Protection Act 2019, Thailand, Section 19, para. 2.
Section 26 of the PDPA prescribes other exceptions for the collection of sensitive personal data. For instance, prevent a danger to life, body or health of the person, where the data subject is incapable of giving consent; carried out in the course of legitimate activities with appropriate safeguards by the foundations, associations or any other not-for-profit bodies with a political,religious, philosophical,or trade union purposes; it is necessary for the establishment, compliance, exercise or defense of legal claims; it is necessary for compliance with a law to achieve the certain purposes.
MacMillan, Rory. "Big Data, Machine Learning, Consumer Protection and Privacy." Paper presented at the 47th Research Conference on Communication, Information and Internet Policy, American University, Washington College of Law, Washington, D.C., 26 July 2019) 9.
Downloads
Published
Issue
Section
License
Copyright (c) 2023 วารสารวิชาการนิติศาสตร์ มหาวิทยาลัยทักษิณ
This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.
บทความที่ได้รับการตีพิมพ์เป็นลิขสิทธิ์ของวารสารวิชาการนิติศาสตร์ มหาวิทยาลัยทักษิณ
ข้อความที่ปรากฏในบทความแต่ละเรื่องในวารสารวิชาการเล่มนี้เป็นความคิดเห็นส่วนตัวของผู้เขียนแต่ละท่านไม่เกี่ยวข้องกับคณะนิติศาสตร์ มหาวิทยาลัยทักษิณ และคณาจารย์ท่านอื่นๆในมหาวิทยาลัยฯ แต่อย่างใด ความรับผิดชอบองค์ประกอบทั้งหมดของบทความแต่ละเรื่องเป็นของผู้เขียนแต่ละท่าน หากมีความผิดพลาดใดๆ ผู้เขียนแต่ละท่านจะรับผิดชอบบทความของตนเองแต่ผู้เดียว
