Personal Data Protection in a case of Data Processing by Artificial Intelligence

  • สิทธะพุทธทาสเทพ จักรภพมหาเดชา
  • ประพันธ์พงษ์ ขาอ่อน
Keywords: General Data Protection Regulation (GDPR), Artificial Intelligence: AI, Big data


Nowadays, there is an enactment to control in personal data processing by Artificial Intelligence or AI called General Data Protection Regulation (GDPR) since majority of private sectors or companies bring AI to be inserted in the companies’ database through their big data record on internet system. Being processed by AI will be based on what the service provider has set on the system. Therefore, there are a number of the private sectors or companies bringing our data which we service in data processing to meet their expectations. Moreover, it also helps expand our personal data more on necessary needs; for example, data retrieving via internet, debit card banking service or insurance policies for service providers to analyze or evaluate whether the business that they are in charge of meets the end users’ expectations or needs or not.
In clause no.22 of GDPR, it mentioned that data processing called Automated Decision – decision making in various actions via computer command system, so AI will be used in this process. The Law GDPR in the clause no. 22 regulates that the data owner is able or unable to consent in case there is the necessity to process the data by AI. A company which processes the data must grant permission to the data owner to know the data processing process by AI, and grant the authority to them to oppose. For instance, credit granting finalization from a bank via AI system is required to give the data owner a permission to oppose the data consequence by AI, and it is also called for a man use in data processing to consider finalizing the decision, respectively.
Thailand has drafted the act in General Data Protection Regulation (GDPR) BE: …….. due to the fact that they have seen the rapid change of the internet system. However, even though GDPR is a must necessity, the related Thai laws and regulations still have unconformity to the requirements for some cases as mentioned in the above paragraph. For example, A lack of GDPR granting in Data processing by AI in case there is a mistake found during the process, the company installing the system shall take a responsibility on the above issue or not. There also should be some editions in the draft act in order to comply with the GDPR act of the European Union (EU).
Therefore, there should be a law which is enacted to cover the current technology processing via AI. Besides, Thailand should bring the principle of GDPR for usage so as to conform to the GDPR as expected


Most read articles by the same author(s)