The current Thai Government has been promoting Digital Services through various ways, especially implementing BOI incentives. The Digital Service is one of the business which is applicable for the BOI promotion including Software platform, Managed service, Digital architecture design service and Digital services such as FinTech, DigiTech, MedTech, and AgriTech. Our law firm in Thailand H&P worked for several clients in BOI applications for digital services during 2018 and 2019 and we got acquired a deep knowledge on the industry and the incentives provided by the Thai regulator that goes from exemption from corporate income tax for 5 years and even setting up a structure under 100% foreign shareholders company.
Despite the promotion, the government also implemented a wide range of regulations to protect the Thai consumer and prevent the public damages from these electronic transaction services, from the beginning to during the entire term of business operation, such as; the requirement for getting the permission of the governmental authorities before operation of the digital service, or the business operation shall comply with specific regulations.
As abovementioned, there are numerous different laws and regulations regarding the control over digital services, based on the characteristic of each services so we recommend you to speak with H&P lawyers in Thailand if you plan to start a digital service business in Thailand in order to comply with all the requirements of the Law. However, in this article will focus on the regulations regarding the Electronic Money Service Business, which has attracted most of the foreign investors and the regulation providing the protection of the personal data.
Under the Payment System Act B.E 2560 (2017), the business owner intending to operate electronic payment business such as Electronic Money Service, Service of Receiving Payment on behalf and Service of transferring money, is required to obtain the license from the Ministry of Finance, for example;
Electronic Money Service
The company shall submit the application for a license to The Bank of Thailand (BOT), after setting up the company and the applicant must be a Limited company or Public limited company that is registered in Thailand, having paid-up capital not less than 100 million Baht.
Service of transferring money
The company shall obtain the permission from the Ministry of Finance without any exception, and the company must have paid-up capital not less than 10 million Baht.
Moreover, the company shall operate its business in compliance with this Act, such as the business operator shall keep the data, accounts, documents, or other evidence pertaining to its business, assets and liabilities for the purpose of examination by the BOT, or it may appoint the examiner to examine your business, assets or even the liabilities in order to assure that your company has the capacity to run the digital business service. In case where the company fails to comply to operate the business in accordance with the rule, regulation any further notification of the BOT or the respective governmental organization, its license would be revoked.
As the digital service provider always possess the personal data of its client, therefore the business owner shall be subject to the Personal Data Protection Act, B.E. 2562 (2019), as the data controller. This statute provides the control over any person including the business owner who could asses or possess the personal date, not to collect, use or disclose such information unless the prior consent of the clients. Moreover, such consent generally shall be obtained at the time of each collection, use, or disclosure, except the business provider is entitled to do so for specific circumstances as provided by the law, and the business provider shall inform the purpose of such of request with the clear and plain language. The business provider shall also make sure that there is sufficient measure based on the minimum standard provided by the personal data protection law in order to protect the personal data of its client or even implement any other new measure when the technology has changed to efficiently maintain the appropriate security and safety of the data, as the company may be request to be examined by the Personal Data Protection Committee whenever necessary.
This Act also provides the penalty for any failure to comply with the regulations, such as under section 77, provides that the data controller or the data processor, whose operation in relation to personal data violates or fails to comply with the provisions of Personal Protection Act which causes damages to the personal data, shall be liable to the compensation for the damages, regardless of whether such operation is performed intentionally or negligently, except it can prove that those conduct are fall within the scope of specific exemptions. The compensation under this law could be higher than the normal tort, as the court has its own discretion to require the breaching party paying punitive damages in addition to the actual compensation
If you need legal advice on setting up a digital business, please contact our Bangkok lawyers at [email protected]