Section 26
Any collection of Personal Data pertaining to racial, ethnic
origin, political opinions, cult, religious or philosophical beliefs, sexual behavior,
criminal records, health data, disability, trade union information, genetic data,
biometric data, or of any data which may affect the data subject in the same manner,
as prescribed by the Committee, is prohibited, without the explicit
consent from the data subject, except where:
*(1) it is to prevent or suppress a danger to life, body or health of the
Person, w her e the data subject is incapable of giving consent by whatever reason;
*(2) it is carried out in the course of legitimate activities with appropriate
safeguards by the foundations, associations or any other not-for-profit bodies
with a political, religious, philosophical, or trade union purposes for their members, former
members of the bodies, or persons having regular contact with such foundations,
associations or not-for-profit bodies in connection with their purposes,
without disclosing the Personal Data outside of such foundations,
associations or not-for-profit bodies;
*(3) it is information that is disclosed to the public with the explicit consent of
the data subject; legal claims;
*(4) it is necessary for the establishment, compliance, exercise or defense of
*(5) it is necessary for compliance with a law to achieve the purposes with respect to:
(a)preventive medicine or occupational medicine, the assessment of
working capacity of the employee, medical diagnosis, the provision of
health or social care, medical treatment, the management of health or
social care systems and services. In the event that it is not for compliance
with the law, and such Personal Data is under the responsibility of the
occupational or profession practitioner or person having the duty to keep
such Personal Data as confidential under the law, it must be for compliance
with the contract between the data subject and the medical practitioner;
(b)public interest in public health, such as protecting against cross-border
dangerous contagious disease or epidemics which may be contagious or pestilent,
or ensuring standards or quality of medicines, medicinal products or medical
devices, on the basis that there is a provision of suitable and specific measures
to safeguard the rights and freedom of the data subject, in particular maintaining
the confidentiality of Personal Data in accordance with the duties or professional ethics;
(c)employment protection, social security, national health security, social health
welfare of the entitled person by law, the road accident victims protection,
or social protection in which the collection of Personal Data is necessary
for exercising the rights or carrying out the obligations of the Data Controller
or the data subject, by providing the suitable measures to protect the fundamental
rights and interest of the data subject;
(d)it is for the scientific, historical, or statistic research purposes,
or other public interests which must be carried out only to the extent
necessary to achieve such purposes, and the suitable measures have been
provided to protect the fundamental rights and interest of the data
subject as prescribed by the Committee;
(e)the substantial public interest, by providing the suitable measures
to protect the fundamental rights and interest of the data subject.
The biometric data in paragraph one shall mean the Personal Data arising from
the use of technics or technology related to the physical or behavioral dominance
of Person, which can be used to identify such Person apart from other Persons,
such as the facial recognition data, iris recognition data or fingerprint recognition data.
In the case of the collection of the Personal Data relating to criminal record,
such collection shall be carried out under the control of authorized
official authority under the law, or the data protection measure
has been implemented according to rules prescribed by the Committee.
*corrected to align with Thai version on June 20, 2021