The personal data protection law reform for ASEAN

“Coherent” and “Comprehensive” are defined in ASEAN related frameworks as one of the critical factors to be considered by member states in developing data protection law at national level. However, the research found that domestic law in ASEAN countries still lack “coherent” and “comprehensive” with regard to form, approach and substance or content. The data protection laws in ASEAN countries varies and provides no comprehensive data protection principles that cover key principles as stipulated in international guidelines and foreign laws such as EU data protection laws, for example, right to be forgotten, data breach notification. This could lead to several aspects of impact such as creating obstacles for free flow of data among ASEAN countries and outside ASEAN. Furthermore, this research indicates the relationship between data protection laws and state surveillance laws. The existence of data protection law in the data import countries is only one factor to be considered in the context of data export restriction rules. The legal environment including the existence of state surveillance laws and practice which is inconsistent to human right principles is also critical factor to be considered and could make the level of data protection in that country “inadequate” to be qualified as data import country. The research applies human rights criteria analyzed from European laws and legal cases to examine the state surveillance laws in ASEAN countries including Thailand and found that several laws could be inconsistent with human rights principles which would possibly cause legal problems for ASEAN countries regarding intentional data transfer. Consequently, this researcher proposes suggestions for both ASEAN and domestic laws of member countries in order to enact laws, revise draft laws and amending existing laws relating to data protection in ASEAN countries including Thailand by incorporating internationally recognized data protection principles for encouraging the harmonization of data protection laws regionally among ASEAN countries and internationally outside ASEAN.