Three Shades of Data: Australia, Philippines, Thailand

Abstract

<p>Unauthorised access to data has raised concern amongst business, citizens and legislators globally. However, different jurisdictions have taken various approaches ranging from controlling access via data protection legislation to deeming liability based on the nature of the data, such as through privacy legislation. This paper is a comparative analysis of the privacy legislation of the Philippines, Thailand and Australia through their <i>Data Privacy Act of 2012</i>, the <i>Personal Data Protection Act 2019</i>, and the <i>Privacy Act 1988</i>, respectively. These Acts have many provisions, and Australian states also have their own acts. The Australian federal legislation is the most developed of the three and its effectiveness can be evaluated by outcomes of investigations and enforceable undertakings issued for data breaches. In all three countries, the primary data privacy legislation is also supported by privacy-related provisions under other statues. The analysis focuses on types of data protected by privacy provisions, methods for investigating breaches and imposing penalties, and whether breaches result in administrative action, civil liability or criminal offences.</p>