Tax and legal update 2/2024

Revenue Department Demands Online Platform to Submit Merchants’ Revenue Data

insight featured image
Due to the rapid growth of online transactions, a new regulation has been issued by the revenue department to receive the revenue data of online merchants in electronic form. This move aims to improve the collection system, ensuring the fair and comprehensive collection of revenue data.
Contents

Revenue Department Demands Online Platform to Submit Merchants’ Revenue Data

Due to the rapid growth of online transactions, a new regulation has been issued by the revenue department to receive the revenue data of online merchants in electronic form. This move aims to improve the collection system, ensuring the fair and comprehensive collection of revenue data.

According to the Notification of the Director-General of the Revenue Department on Income Tax, Subject: Assigning E-Platform to provide a special account, published in the Royal Gazette on 28 December 2023, it can be concluded that:

E-Platform, an electronic mediator that connects merchant and customer (e.g., Shopee, Lazada, Grab, Line Man, etc.), established in Thailand and having, or previously reported as having, total revenue of more than THB 1,000 million in the same accounting period, are required to prepare a special account. The account will display the revenue data of such e-platforms received from the online merchants. The special account shall be created in electronic form, complying with the standard specified by the revenue department. The submission is required within 150 days of the end of the accounting period, starting from 1 January 2024 onwards.

Please refer to: Notification of the Director-General of the Revenue Department on Income Tax, Subject: Assigning E-Platform to provide a special account for detailed information.

New notification on the criteria regarding measures for collecting personal data related to criminal records.

 

On 28th December 2023, the Personal Data Protection Committee issued a Notification to the Personal Data Protection Committee on the criteria regarding measures for collecting personal data related to criminal records not conducted under the authority of an authorized government agency. B.E. 2566 (the “Notification”).

 

This notification shall be effective after 90 days from the date of published in the Royal Gazette which equivalent to March 27, 2024. Such notification provides a regulatory guideline for personal data controllers in handling personal data related to criminal records, it can be concluded that:

 

A personal data controller may collect personal data related to criminal records only in the cases where there is a legal provision which requires the examination of criminal records or verification of prohibited qualifications or characteristics relating to criminal offences or criminal punishments, or such personal data controller have received explicit consent from the personal data owner for the following purposes:

1.     Verification of prohibited qualifications and characteristics of an individual for employment or job positions. 

2.     Verification of prohibited qualifications and characteristics of an individual for government functions such as license issuances, registrations, approval, payment processing, providing services, and other filings by a government agency or a personal data controller appointed by a government agency.

3.     Verification of an individual's prohibited qualifications and characteristics for other functions such as, approval, payment processing, providing services, and other filings by a personal data controller other than the one above. 

In the collection of personal data relating to criminal records for the cases mentioned above, the personal data controller shall be required to comply with the following points:

1.     Notify the requirement for collecting personal data relating to criminal records in the preliminary stages of any of the above processes.

2.     Notify the personal data owner of the impact of not providing or withdrawing consent to collect personal data relating to criminal records.

The personal data controller must implement organizational, technical, and physical measures to control the personal data collection, use, and disclosures under this Notification as necessary under the PDPA. The personal data controller must ensure that there are safety measures appropriate for the risks to the rights and liberties of individuals as provided under the minimum standards under the PDPA. After the cause for collecting personal data relating to criminal records has ceased and there is no longer a necessity to maintain such data, the personal data controller may maintain such data for no longer than six months after the cause for collecting such data has ceased, unless otherwise consented by the personal data owner.   

For businesses, background checks for criminal records are one of the most important criteria in recruitment to increase assurances of prospective hires' moral character and ethics. Grant Thornton Thailand can help businesses set up the necessary technical, organizational, procedural, and physical infrastructures and advise personal data controllers to handle personal data in compliance with the PDPA effectively.  

For more details, please refer to Criminal Record Notification for PDPA.