Bangkok: The Civil Service Commission has clarified that while sharing personal information from the national registration database does not breach the Personal Data Protection Act (PDPA), it may still lead to charges of “criminal defamation” and recommends those affected to lodge a complaint.

According to Thai News Agency, Police Colonel Surapong Plengkhum, the Secretary-General of the Personal Data Protection Committee, addressed this issue during an interview on the “Share the News” program on MCOT NEWS FM 100.5.

Pol. Col. Surapong explained that under Section 4(1) of the PDPA, using personal data for personal benefit, rather than for business, commercial, or trade purposes, is exempt from PDPA restrictions. Thus, if civil registration data is disclosed sarcastically and not gathered regularly for specific purposes, it is deemed personal use and not subject to PDPA regulations.

However, the Secretary-General of the National Security Council highlighted that even if such actions do not contravene the PDPA, they could still violate other laws if they harm others. Specifically, if the disclosure results in defamation, insult, or hatred, it might be considered criminal defamation, allowing the affected party to file a complaint with the police. Additionally, if harm is inflicted via such posts, a civil lawsuit for damages can be pursued.

Moreover, the agency responsible for the data breach remains accountable under PDPA regulations and must investigate and report the violation to the National Security Council (NSC). The NSC has confirmed that an investigation is underway. Although victims have not filed a direct complaint, they retain the right to lodge a complaint against the agency with the NSC to protect their rights.