THAILAND'S CYBERSECURITY ACT:
TOWARDS A HUMAN CENTERED ACT
PROTECTING ONLINE FREEDOM AND PRIVACY,
WHILE TACKLING CYBER THREATS
SEPTEMBER 2019
Manushya Foundation in collaboration with the Embassy of the Kingdom of the Netherlands in Bangkok launched a project to study the National Cybersecurity Act of Thailand to ensure that it protects critical infrastructure from cyberattacks, while complying with international standards and upholding online freedom in the use of information and communication technology. Along with the Thai Netizen Network, Access Now, and the International Federation for Human Rights (FIDH), a multi-stakeholder Experts Meeting was organised on 9 April 2019 with perspectives from various experts including a government adviser; political party representatives; academics; private sector representatives; national, regional and international civil society organizations; a media representative; United Nations (UN) agency representatives; and diplomats. At the Experts Meeting, recommendations were provided on amendments, and improvements in relation to the implementation and monitoring of the National Cybersecurity Act in order for it to tackle cyberattacks, while complying with international standards on online freedom and data protection. Global good practices which could serve as a guide for this process were also discussed.
Manushya Foundation, with a comprehensive analysis of the finding from the Experts Meeting, developed a Study on “Thailand’s Cybersecurity Act: Towards a human-centred Act protecting online freedom and privacy, while tackling cyber threats” as a guide to Thailand, its institutions, its private entities and its netizens, to contribute to a strong policy and streamlined process of implementation and monitoring of the National Cybersecurity Act in line with international human rights standards.
This study aims at comprehensively evaluating the challenges that exist with respect to the text of the National Cybersecurity Act, providing a context for each of them, and proposing clear amendments to the text based on the international, regional and national laws and standards as well as best practices on digital rights and data privacy. The six main challenges identified in the Study are:
-
the broad scope and definition;
-
problematic substantive provisions and failure to define them;
-
controversial control mechanisms (government bodies and agencies) under the Act;
-
powerplay in the application of the Act;
-
absence of checks and balances;
-
failure to ensure remedies.
Moreover, the study is accompanied by a summary of DOs and DON'Ts identified for each of the six challenges.