Experts Meeting to discuss the implementation of Thailand's Cybersecurity Bill

BANGKOK, Thailand - On 9 April 2019, Manushya Foundation and the Embassy of the Kingdom of Netherlands, together with the Thai Netizen Network, Access Now, the Association for Progressive Communication (APC) and the International Federation for Human Rights (FIDH), convened a meeting of national, regional and international experts on cybersecurity and digital rights to discuss the implementation and monitoring of Thailand’s Cybersecurity Bill that was adopted as law in February 2019 by the National Legislative Assembly.

Gathering 50 experts at the Embassy of the Kingdom of Netherlands in Thailand, the meeting provided a space for experts to independently assess the Cybersecurity Bill and make recommendations for the legislation to prevent, mitigate and address cyber threats and cyberattacks in line with international human rights standards, while contributing to a study on “Thailand’s Cybersecurity Act: Towards a human-centred Act protecting online freedom and privacy, while tackling cyber threats”. This study will serve as a guideline for the effective monitoring and implementation of the Cybersecurity Bill, digital rights, online freedom and data privacy through a multi-stakeholder coalition or Technical Advisory Group (TAG) that was to be created following the Experts Meeting. To meet this goal, the Experts Meeting included a mix of perspectives from various experts including a government adviser; political party representatives; academics; private sector representatives, national, regional and international civil society organisations; a media representative; United Nations agency representatives; and diplomats.

In opening remarks, while outlining the purpose of the Experts Meeting, the importance of digital rights and its misuse in the context of the national security of Thailand was highlighted. Further, in applying the mission of Manushya Foundation to place communities at the center of responses to issues that affect them, the necessity to build the capacity as well as to include affected communities and Thai Netizens in the process of implementation and monitoring of the Cybersecurity Bill was highlighted.

To provide a better understanding of the legislation, in the first session, experts provided an explanation of the content of the Cybersecurity Bill, including how cyberattacks and threats will be prevented or dealt with, and the institutions involved in the process. This was followed by a discussion highlighting the human rights concerns related to the Cybersecurity Bill and digital rights in Thailand. The second session of the Experts Meeting consisted of a panel discussion where experts highlighted good practices that could be adopted in the implementation of the Cybersecurity Bill, which included different perspectives such as a human rights view point; a private sector opinion; the possible role of the government; and an insight into global good practices.

This knowledge provided through the first and second sessions was applied in the third session, where all experts present divided into four groups to discuss different aspects and provide specific recommendations and solutions in line with the obligations of the Royal Thai Government under international law and standards. The key recommendations and solutions that came out of the deliberations were reported back to the group in the fourth session. The aspects discussed include: (1) the recognition of cybersecurity as national security; (2) the excessive power of the institutions set up under the Bill such as the National Cybersecurity Committee (NCSC), the National Cybersecurity Regulation Committee (NCRC), and the National Cybersecurity Agency (NCSA) as well as the absence of checks and balances against their power;(3) the accountability of the Information and Communication Technology Sector in protecting data privacy; and (4) the lack of access to effective remedies.

In closing, the final session of the Experts Meeting consisted of summarising the main gaps inthe bill and the key recommendations made. Of these, the gaps identified were the broad jurisdiction and definition of various aspects, such as cybercrime; the problematic substantive provisions and failure to define them such as for crisis level cyber threats; the unchecked power of mechanisms and authorities under the Bill; the discretion of authorities or the Committees under the Bill over Critical Information Infrastructure; the lack of accountability in decision making and the absence of checks and balances; and failure to ensure remedies and transparency under the Bill. The key recommendations made were not applying a bad law untilit has been amended; capacity building of law enforcement officials and the general public on cybersecurity, human rights, digital rights and data privacy; providing guidelines or Standards Operating Procedures for authorities to exercise power under the Cybersecurity Bill; including transparency measures such as auditing and submitting annual reports by both public and private authorities under the Bill; adopting multi-stakeholder approaches for monitoring and advocacy by both the private sector and civil society; and using remedies to prevent abuse through creative possibilities such as injunctions, the use of regulators, the use of UN Special Rapporteurs and other special procedures, human rights due diligence measures, internal checks and balances, and non-material remedies such as measures of satisfaction.

This Experts Meeting resulted in outcomes which are unique contributions to the lives of affected communities and Thai Netizens, as well as to the state of digital rights in Thailand. The first such outcome was a commitment made by political party representatives to utilise the Study produced from this meeting as the basis to push for amendments to the Cybersecurity Bill. This is towards achieving the first objective of Manushya Foundation under its thematic focus on digital rights that is aimed at upholding digital rights, online freedom and data privacy. Secondly, the Experts Meeting also helped build the capacity of Manushya Foundation on the Cybersecurity Bill of Thailand. Towards the second objective of Manushya Foundation under its thematic focus on digital rights that is aimed at the enhancement of digital literacy, it is proposed that a similar capacity building endeavour will be undertaken to educate affected communities on cybersecurity and the Cybersecurity Bill of Thailand including its impact on digital rights, online freedom, and data privacy.

We would like to thank all the co-organisers as well as the Experts present at the Meeting, whose informed contributions is the first step in revolutionising the way the violation of online freedom and data privacy is addressed in Thailand through strong collective action and future efforts on capacity building, advocacy, and monitoring of the implementation of the Cybersecurity Bill of Thailand.

Access pictures of the event here.

For more information on the work of Manushya Foundation on its thematic focus of digital rights, refer to our dedicated webpage: https://www.manushyafoundation.org/digital-rights