THAILAND'S CYBERSECURITY ACT:
DOs & DON'Ts
SEPTEMBER 2019
To accompany the Study on “Thailand’s Cybersecurity Act: Towards a human-centred Act, protecting online freedom and privacy, while tackling cyber threats” was developed as a guide to Thailand, its institutions, its private entities and its netizens, to contribute to a strong policy and streamlined process of implementation and monitoring of the National Cybersecurity Act in line with international human rights standards, Manushya Foundation also developed a summary on "Thailand's Cybersecurity Act: DOs & DON'Ts, Towards a Human centred Act protecting online freedom and privacy, while tackling cyber threats".
In this summary, DOs and DON'Ts of the following six challenges are explained:
-
CHALLENGE 1: Broad scope and definition using National security, economic security, martial security and public order in the implementation and monitoring of the Act;
-
CHALLENGE 2: Problematic substantive provisions and failure to define them in relation to Three Level of Cyber Threats (non- critical, critical and crisis threats);
-
CHALLENGE 3: Controversial control mechanisms (government bodies and agencies) under the Act: Top-down structure, broad powers given to authorities putting netizens under surveillance, lack of transparency and standards;
-
CHALLENGE 4: Powerplay in the application of the Act: Control over Critical Information Infrastructures (CII) and reporting obligations placed on them;
-
CHALLENGE 5: Absence of checks and balances: Cybersecurity Threats, lack of accountability and the use of the Court system;
-
CHALLENGE 6: Failure to ensure remedies: Grievance redressal, imprisonment, fine and compensation.