Ever since the military became more proactive in Thailand’s government, they have been making moves to control access to the internet from within the Kingdom. The latest, in what appears to be mimicking China’s approach, was a new cybersecurity law passed in February 2019.
The unanimously approved Cybersecurity Act grants State agencies unprecedented sweeping powers over internet related activities. Business leaders and activists have already expressed concern over possible abuses of power and judicial oversight.
The warning that this approach to online activities could deter foreign investment was unheeded by politician supporting the military’s position. Internet freedom activists have called the new legislation a “cyber martial law.” This stems from the concept that new wide-reaching laws can encompass all aspects of online activities from internet connections to censorship and cracking down on dissents. There is also widespread fear that the law could be used to silence critics.
The legislation allows the government to override any other procedures should they deem national security to be under threat from cyberattack. The invasive law allows individuals to be summoned for questioning or private property to be entered if the State believes any wrong doing has occurred online.
The National Cybersecurity Committee (NCSC) has been setup in an apparent effort to ape China’s burgeoning cyber police force. An additional Cybersecurity Regulating Committee also has overriding powers to access computer networks, copy information and seize computers or mobile devices without a court order.
In addition to potential censorship, Thailand’s government can apply criminal punishment for what would be considered minor online misdemeanors elsewhere.
The new rules have largely been frowned upon internationally. Singapore-based industry group which represents US tech giants Google and Facebook, the Asia Internet Coalition (AIC), said it was “deeply disappointed”.
The AIC Group Managing Director, Jeff Paine, stated “the Law’s ambiguously defined scope, vague language and lack of safeguards raises serious privacy concerns for both individuals and businesses, especially provisions that allow overreaching authority to search and seize data and electronic equipment without proper legal oversight,” before adding “this would give the regime sweeping powers to monitor online traffic in the name of an emergency or as a preventive measure, potentially compromising private and corporate data”.
The Personal Data Protection Act was also passed, which applies to both local companies and international ones wishing to store data on subjects in Thailand which is often necessary for tailored advertising. In a letter to the government Paine stated “it is unrealistic for anyone regime to aspire to centralize the delivery of privacy protections for the entire world in just one regulator”.
Any discontent expressed from overseas human rights bodies has fallen on deaf ears as control over information within Thailand increases.