NBTC suspends OPPO and realme sales over data privacy breach
The National Broadcasting and Telecommunications Commission (NBTC) and the Office of the Personal Data Protection Committee (PDPC) have ordered the suspension of mobile phone sales by OPPO and realme due to the installation of loan applications without user consent. Both companies have until January 16 to explain, failing which they face fines of up to 3 million baht.
Yesterday, January 13, the NBTC summoned the Possefy Group, the distributor for OPPO, and Prota Co., the distributor for realme, to address concerns about pre-installed applications like Fineasy on their smartphones. Users reported that these apps were installed without consent, and they could not control or delete them from their devices.
The acting Secretary-General of the NBTC, Trairat Viriyasirikul, disclosed that the PDPC instructed the companies to halt sales of phones with such applications, as this violates the Personal Data Protection Act. Continued sales could result in fines of up to 3 million baht (US$86,530) per case.
The PDPC further mandated that manufacturers update their software systems, enabling users to remove these applications independently, without needing to visit a service centre. Reports indicate that the violation affects new smartphone models produced from 2023, with problematic applications installed directly at the factory.
Older models may have received the application through an over-the-air (OTA) software update without user notification. Therefore, the PDPC has outlined the following requirements for the companies:
1. Submit a contract for appointing a Thai representative as per Section 37(5).
2. Evaluate legal measures for application installation under Section 23 of the Personal Data Protection Act.
3. Explain how users can delete data without consent.
4. Ensure new devices do not have pre-installed applications.
5. Identify the recipient of loan funds and the source of funding.
Data privacy
Responses must be submitted to the PDPC within three days or by January 16. Non-compliance will result in fines of up to 3 million baht for violating Section 83 of the Personal Data Protection Act.
To address the application removal, two methods are outlined:
1. Users can update their software via OTA, allowing them to uninstall the infringing applications completely.
2. For those unable to update via OTA, a specialised service will be available at service centres. Companies are required to prepare clear procedures, with completion expected within one month.
Some consumers have experienced personal data being used for loan advertising without consent, leading to unintended financial issues. Reports indicate some users applied for loans of 50,000 baht (US$1,445) but ended up with debts as high as 700,000 baht (US$20,200).
The PDPC assures affected individuals they can file complaints through their website for investigation and remediation, reported KhaoSod.
Police Colonel Surapong Plengkhum, Director of the Inspection and Supervision Bureau at the PDPC, stated that both companies must appoint a representative in Thailand to be fully responsible for personal data breaches. The representative must have full authority and unlimited liability.
Failure to appoint such a representative will result in penalties, and future breaches may incur civil, criminal, and administrative penalties.
Latest Thailand News
