Launch of a Study on "Thailand's Cybersecurity Act: Towards a Human-centered Act"
BANGKOK – On 23 September 2019, Manushya Foundation in collaboration with the Embassy of the Kingdom of the Netherlands in Bangkok, Thai Netizen Network, Access Now and the International Federation for Human Rights (FIDH) hosted the Launch of a Study on 'Thailand's Cybersecurity Act: Towards a Human-centered Act protecting Online Freedom and Privacy, while tackling cyber threats', developed to respond to growing concerns over the shrinking of online civic space. The Study is the first of its kind in the ASEAN region and helps build the discourse on the necessity to apply a human-rights based approach to cybersecurity legislation. The launch included inputs from domestic, regional and international experts from the government, civil society and the private sector on cybersecurity, data privacy and critical information infrastructure. At the event, to complement the report, a summary of Thailand's Cybersecurity Act: DOs & DONTs' was distributed to accompany the discussion.
The launch of the Study comes at an important time for individual rights and the digital ecosystem, as with Thailand being the Chair of the ASEAN, any misuse of the Thai Cybersecurity Act could influence other ASEAN countries and could negatively affect civil society, local communities, netizens, and the Information and Communication Technology (ICT) sector in the country as much as in the region. With 6 experts from the domestic, regional and international fields, and approximately 70 people attending at the Foreign Correspondents’ Club of Thailand (FCCT), the launch moderated by Debbie Stothard, Secretary General, FIDH and Coordinator, ALTSEAN-Burma, provided a space for experts and the public from different sectors and perspectives to share their knowledge and discuss the cybersecurity framework and online freedom in Thailand.
In opening the discussion, Ambassador H.E. Kees Rade, Embassy of the Kingdom of the Netherlands in Thailand, emphasised the critical dual nature of the cybersphere: while it can often bring benefits and opportunities to make lives easier, it can also be a serious source of threats and insecurities. Under these considerations, while it is important that the Royal Thai Government protects its citizens against Cybersecurity threats, it needs to ensure that individual human rights are upheld.
Ambassador H.E. Kees Rade, Embassy of the Kingdom of the Netherlands in Thailand, “We have seen recently that states are using all these instruments to limit freedom of citizens to express themselves, rally and so forth.”
Ms. Emilie Pradichit, Founder & Director, Manushya Foundation added that the Cybersecurity Act as it currently stands has too many loopholes and gaps that could result in the Government misusing the Act and restricting freedom of expression online. The report highlights the main issues with the current Act, including its broad scope and definition of terms such as national security, economic security, martial security and public order; provisions that fail to accurately identify and address the response to cybersecurity threats; unchecked power of bodies and agencies under the Act; the government control of critical information infrastructure (CII); the lack of accountability through the court system; and the failure to ensure remedies for those wrongly affected by the Act.
Ms. Emilie Pradichit, Founder & Director, Manushya Foundation “Cybersecurity is targeting everyone, not just the government. The Cybersecurity Act should be applied to everyone and it needs to protect us.”
The first session explored and commented on the legal specificities of the Cybersecurity Act, with a debate between Dr. Bhume Bhumiratana, Advisor to the National Cybersecurity Preparation Committee, and Arthit Suriyawongkul, Co-Founder and Coordinator, Thai Netizen Network. Some of the key points from the discussion were that the Act is designed to provide a cybersecurity framework to protect citizens, however numerous loopholes in the articles, especially with cross-cutting reference to data protection, and an ineffective separation of powers, means that citizen protections in the Act are weak.
From Left to right:
Dr. Bhume Bhumiratana, Advisor, National Cybersecurity Committee – “The clear scope, framework and the role of the government with respect to the National Cybersecurity Act has been outlined, what remains to be seen is how this will be enforced by the three committees that will be established by the Ministry of Digital Economy and Society (MDES) National Cybersecurity Act of Thailand.”
Ms. Debbie Stothard, Secretary General, FIDH and Coordinator, ALTSEAN-Burma – “The rule of law and administration of justice in the case of cyber threats can be achieved in the Thai Cybersecurity Act, only if it respects human rights and does not focus all the power only in the hands of a few people that are part of the government.”
Mr. Arthit Suriyawongkul, Co-Founder and Coordinator, Thai Netizen Network – “We have already seen violation of digital rights under other Acts such as the Computer Crime Act. Therefore, each Act must have its own individual safeguards, including separate protection of data privacy without having to rely on any other Act.”
The second panel widened the analysis of cybersecurity beyond Thailand’s Act, towards a discussion on the importance of Cybersecurity legislation to comply with international standards on online freedom and data privacy and its impact on netizens, civil society and the Information and Communication Technology (ICT) sector. Two experts in the field provided an overview on global good practices related to policy and infrastructure. Mr. Raman Jit Singh Chima, Asia Policy Director and Senior International Policy Counsel, Access Now discussed the impact of cybersecurity legislation on netizens and civil society, arguing that a cybersecurity framework should be user-centric, systemic & a product of multi-stakeholder democratic processes to ensure an effective protection of all citizens. On the other side of the panel, Mr. Jeff Paine, Managing Director, Asia Internet Coalition (AIC) provided interesting insights on the relationship between cybersecurity and the business sector, including the issue of data protection for companies.
From left to right:
Mr. Jeff Paine, Managing Director, Asia Internet Coalition (AIC) – “As the economy is becoming more digital, businesses prefer to invest in a country if the law does not have uncertainty and the legal framework is clearly defined. Since the National Cybersecurity Act of Thailand does not provide clear guidelines and criteria, and has a number of broadly defined clauses, it creates uncertainty which can have a negative impact on investments. In many cases such as this, the details of the law are usually developed during the implementation of the law.”
Mr. Raman Jit Singh Chima, Asia Policy Director and Senior International Policy Counsel, Access Now – "The National Cybersecurity Act of Thailand must be centered on individual users, include a cybersecurity regime that is integrated into the system, and based on democratic processes that includes all stakeholders...Moreover, in the implementation of the law, Freedom of Expression and privacy should be paramount."
Following opinions from various experts of different fields with regards to cybersecurity legislation, the final panel presented the main findings and analysis of the Study on the National Cybersecurity Act of Thailand and discussed ways forward Ms. Emilie Pradichit, Founder & Director, Manushya Foundation discussed the proposed amendments included in the study, supporting a cybersecurity Act that prioritises individuals’ rights, and provides clearer terms and control mechanisms which the government cannot misuse. Following this, Mr. Klaikong Vaidhyakarn, Member of Parliament, Future Forward Party (FWP) provided insights about the next steps towards the protection of digital rights, including the proposal of amendments to the Cybersecurity Act by its political party when the National Legislative Assembly (NLA) is in session in November 2019. He underlined that the Study is very helpful for its party to make amendments in line with international human rights standards.
From left to right:
Mr. Klaikong Vaidhyakarn, Member of Parliament, Future Forward Party – "The focus of the National Cybersecurity Act of Thailand should not just be to enforce vague terms once a cyberattack has occurred but should also include protection guaranteed in the law...The Future Forward Party has a strong intention to amend all laws that could block participation of public in decisions that affect them, including this Act."
Ms. Emilie Pradichit, Founder & Director, Manushya Foundation “It is very important that the Thai government complies with international human right standards and respect the International Convention on Civil and Political Rights, in particular Article 19.3 which provides for the restriction of freedom of expression only if it’s provided by the law, if it is necessary and proportionate. When it comes to this Act, we don’t see whether it is necessary and proportionate because we don’t have clear definitions of security measures led out by the Act.”
This Study Launch and Panel presented the importance of ensuring that the implementation guidelines provided by the Royal Decree in May 2020 does not violate human rights. The study and the panel discussion made a series of recommended amendments to Thailand’s current Cybersecurity Act, to strengthen and streamline the implementation of the National Cybersecurity Act in line with international human rights standards, promoting a human-centered approach to protect people, while opposing its misuse for the control and surveillance of citizens. There is now an opportunity to engage with a functional National Legislative Assembly for the first time in years since the 2014 military Coup, and to encourage Members of Parliament to propose amendments to the Act under it.
We would like to thank all the panellists present at the launch of study. We are also grateful to all the people who have put great commitment to produce the Study “Thailand's Cybersecurity Act: Towards a Human-centered Act protecting Online Freedom and Privacy, while tackling cyber threats” and all civil society members and experts who joined the Experts Meeting on Thailand’s Cybersecurity Act, held on 9 April 2019, to inform the study Special gratitude is given to the Embassy of the Kingdom of the Netherlands in Bangkok, Thai Netizen Network, Access Now and the International Federation for Human Rights (FIDH) for their collaboration, which has led to the Study and its launch.
Read the media coverage by VOA News: ‘Rights Groups Urge Thai Government to Curb Powers in New Cybersecurity Act’
Read the media coverage by Khaosod English: ‘Future Forward Party seeks to amend junta’s cyber law'