The Personal Data Protection Committee (PDPC) of Thailand’s Ministry of Digital Economy and Society (MDES) has announced the first administrative fine under the Personal Data Protection Act B.E. 2562 (2019) (PDPA). A major private company was fined THB 7 million for noncompliance with specific PDPA requirements, resulting in the unauthorized disclosure of personal data to a call center gang (phone scam fraudsters). Key Findings of Noncompliance The PDPC determined that there were three key violations of specific requirements of the PDPA: Failure to appoint a data protection officer (DPO): Despite processing personal data for over 100,000 individuals as part of its core operations, the company did not appoint a DPO. Inadequate security measures: The company lacked the required security measures, leading to a data breach involving a call center gang, causing widespread damage. Delayed data breach notification: The company did not notify authorities of the data breach within the required timeframe and failed to address the breach promptly, making it impossible to remedy the situation. In addition to the monetary fine, the PDPC, along with the PDPA’s Expert Committee, issued a corrective order requiring the company to undertake the following actions and notify the Office of the PDPC of the relevant correction measures within seven days of receiving the order: Implement up-to-date security measures: The company must improve its current security measures to prevent future breaches and ensure that the security measures are up-to-date with changing technologies. Raise awareness of personnel: The company must provide training to relevant personnel to ensure awareness of data compliance and protection practices. This significant administrative action establishes a precedent for addressing data breaches in both governmental and commercial sectors in Thailand. It also confirms the importance of PDPA compliance, particularly the need for robust security measures, timely breach notifications, and the appointment of

On August 9, 2024, Thailand’s Electronic Transactions Development Agency (ETDA) opened a period for public feedback regarding the 2022 Royal Decree on Digital Platforms and its subregulations. To collect this feedback, the ETDA has prepared a 44-question survey on specific attributes of the royal decree and its requirements, covering issues such as the definition of digital platform services (DPSs), types of services that are subject to notification requirements, information that must be submitted annually, and the royal decree’s extraterritorial scope. Business operators that fall within the scope of the royal decree and wish to provide feedback on its effectiveness should prepare and submit the survey online to the ETDA by the end of August 2024. Royal Decree on Digital Platforms Thailand’s Royal Decree on Digital Platforms was published in the Government Gazette on December 22, 2022. It defines a DPS as any service that facilitates or mediates transactions between users through a digital platform, such as e-commerce, food delivery, ride-hailing, online travel agency, online payment provider, or social media platform. The decree requires DPS operators to notify the ETDA before commencing operations, with some limited exemptions. The decree also empowers the ETDA to issue notifications (i.e., subregulations) and guidelines for implementing the decree and to monitor and enforce compliance by DPS operators. The ETDA may impose administrative sanctions, such as warnings, fines, service suspension, or revocation of notification, for any violation of the royal decree or the ETDA’s subregulations. In-scope DPS operators should take this opportunity to provide comments to the ETDA in order to voice their opinions on the practicality of the requirements and support the regulator in shaping the requirements of the royal decree and its subregulations. For more information on this initiative from the ETDA, or on any aspect related to the Royal Decree on Digital

With the growing prominence of ESG (Environmental, Social, and Governance) factors, businesses in Vietnam are increasingly recognizing their importance in driving global demand, societal impact, and economic value. A comprehensive acknowledgment of ESG-related legal requirements is critical for investors and companies operating in Vietnam to meet stakeholder expectations and ensure compliance. Our guide provides a basic overview of the rapidly evolving ESG landscape in Vietnam, covering a range of key issues for companies doing business in the country: What is ESG, and what does the ESG legal framework look like in Vietnam? Who needs to follow ESG regulations in Vietnam? What are the benefits of ESG compliance? How can enterprises enhance ESG best practices in Vietnam? Please click on the link below to view the full article.

On July 19, 2024, Thailand’s Ministry of Public Health Notification No. 450 B.E.2567 (2024) came into effect after being published in the Government Gazette the day before. The notification introduces significant updates to the labeling requirements for prepackaged foods. This new regulation consolidates and updates Thailand’s rules for food labeling by repealing and replacing several previous notifications. The notification’s key changes and their implications for food businesses are identified below. 1. Clarified “Best Before” Definition The notification aligns the definition of “best before” with Codex standards. It now refers to the date marking the end of the period during which the food maintains its best quality under stated storage conditions. After this date, food quality may change, and the product cannot be marketed. 2. Updated Labeling Exceptions Certain foods are exempt from labeling requirements, with the latest list including: Foods sold directly to consumers by manufacturers who can provide product information. Unprocessed foods. Some fresh foods not sold directly to consumers. Prepackaged foods produced and sold for immediate consumption in food service settings. However, any of these exempt foods that have received food serial numbers must still have labels that comply with the notification. 3. Expiration Date and Best-Before Date Display The notification provides clearer language for displaying the expiration date and best-before date. If specific wording is required by other notifications, it must be followed. English equivalents are now permitted alongside Thai text. 4. Warning Displays Multiple applicable warnings can now be consolidated and displayed together, provided the complete message is included as specified. 5. Claims about Substances or Ingredients New guidelines have been established for making claims about food additives and ingredients. Claims should be factual, not deceptive, and provably not false. 6. Label Placement and Design Labels must be permanently affixed, proportionate to the packaging, and