Principle of Consent in Data Protection Law: Comparative Study of the European Union, Republic of Korea and Kingdom of Thailand

Abstract

               The objectives of this study are: (1 ) to study the concepts, theories, and criteria related to personal rights and principles of consent in connection with personal data protection; (2) to study the laws and criteria governing the enforcement of General Data Protection Regulation (GDPR) in the European Union and the Personal Information Protection Act (PIPA) in the Republic of Korea and the Personal Data Protection Act of B.E. 2562 (PDPA) in Thailand; (3) to study and analyze the problematic issues and potential obstacles related to the principles of consent concerning the protection of personal data in Thailand, in comparison with the GDPR and PIPA; and (4) to study and explore potential approaches to improve its appropriateness application of the principles of consent in protecting personal data within the context of Thai society while strictly adhering with international standards.

               The results of the study found that: (1) the right to privacy is viewed as fundamental human right that on one cannot violate except with that person’s consent; (2) in principle, the consent must be freely obtained, precise, well-informed consent, and able to withdraw consent at any time; (3) currently, the use of principle of consent in Thailand’s personal data protection law still in infantry stage and require cautious interpretation and enforcement of the privacy law differs from that of the European Union establishing a systematic enforcement moreover  the decision of the Court of justice of the EU also take into account the fundamental rights. and basic human rights rather than the state’s widespread security claims; and the Personal Information Protection Act (PIPA) in the Republic of Korea requires consent in each and every stage of personal data collection and provides clear guidelines, reducing potential risk of misinterpretation and discretionary use by data control authorities; and (4) therefore, the researcher proposes potential amendments to the Personal Data Protection Act of B.E. 2562 (PDPA), incorporating effective aspects of the GDPR and PIPA, tailored to comply with the social context of Thai society.