True's AI-Era Approach to Data Privacy: Transparency, Human Rights and Customer Data Ownership

The Personal Data Protection Committee (PDPC) opened the stage at PDPA Expo, the country's largest annual forum dedicated to all dimensions of personal data protection. The event brought together Data Protection Officers (DPOs) to exchange insights, share experiences, and explore innovations that strengthen safeguards for data security. On this occasion, True Corporation, represented by Mr. Montri Stapornkul, Head of Data Protection Division, contributed private sector perspectives as one of Thailand's leading technology companies. In his session on "Lessons Learned from the Role of Data Protection Officers," he emphasized the principles of personal data protection and respect for human rights, sharing best practices from the private sector to the public sector, paving the way for transparent and trustworthy data protection standards.

Monday 8 September 2025 16:51
True's AI-Era Approach to Data Privacy: Transparency, Human Rights and Customer Data Ownership

"Data" is not the property of the custodian, but the rightful property of the individual

True Corporation upholds the principle of Data Privacy not merely as preventing leaks, but as a commitment to respecting the rights of data owners. Mr. Montri, explained "When customers entrust us with their information in order to access telecommunication services, it is like depositing something valuable with a service provider. The ownership of that data always remains with the customer, never with the custodian. Therefore, every use of personal data must have a clear, transparent, and verifiable purpose." He further stressed that even with good intentions, neglecting the Personal Data Protection Act (PDPA) can inadvertently violate rights. This includes sharing data for customer convenience without consent, storing unnecessary information "just in case", or using free online tools that lack proper security standards. All of these serve as a reminder that "good intentions are not always good enough" without accountability in protecting individuals' data rights.

Sharing Best Practices: True Harnesses Responsible AI to Build Customer Trust

In today's digital era, where Artificial Intelligence (AI) is increasingly shaping every aspect of daily life, Mr. Montri highlighted that AI is designed to be intelligent, fast, accurate, and capable of processing massive amounts of data efficiently. However, for True Corporation, the priority goes beyond technological advancement. What matters most is the responsible use of AI, guided by clear frameworks, ethical principles, and respect for human rights in the digital age, particularly in safeguarding customer privacy. True has adopted AI to manage data with transparency, accountability, and in line with good governance, ensuring the highest level of customer confidence. For example:

New AI-powered SIM Registration System with Real-Time Liveness Detection: An advanced SIM card registration system powered by cutting-edge facial recognition and real-time liveness detection technology. This feature verifies facial movements and unique characteristics in real time, preventing the use of fake photos or videos for identity fraud. In addition, AI is deployed to cross-check registration data and documents for accuracy and completeness, swiftly detecting errors or falsified information. This ensures a faster, more reliable, and secure registration process. Customers can be confident that their identity and privacy are safeguarded right from the very first point of service, with strict protection of personal identity data and enhanced accuracy in identity verification.

AI-Powered Chatbot for Smarter Customer Service: An AI-driven chatbot designed not only to answer routine inquiries but also to learn and analyze conversation patterns. This enables it to respond more naturally, accurately, and in line with customer needs, enhancing the overall service experience. The chatbot's development is guided by Responsible AI (RAI) principles, with a focus on strengthening system capabilities to deliver services that are fair, transparent, and respectful of user privacy, fully aligned with international data protection standards.

AI-Enhanced Enterprise Security with Insider Threat Detection: AI is deployed to continuously monitor and analyze employee data access, modifications, and transfers, enabling the system to detect unusual patterns that may signal unlawful use or potential data leaks from within the organization. This proactive safeguard ensures that corporate data is comprehensively protected, not only from external threats but also from risks that may arise internally.

The Role of the DPO: Guardian of Data Rights, Standing Firm for Customer Privacy

Effective protection of data subjects' rights, alongside the responsible use of AI, requires a central figure to balance business interests with user privacy. Mr. Montri added, "The role of the Data Protection Officer (DPO) is crucial. A DPO acts as the representative of data subjects within the company, ensuring that every activity involving personal data strictly complies with the law. Their core duties include advising teams on safe innovation, auditing compliance of policies with regulations, and serving as a vital bridge between the company, data owners, and government authorities. An independent, knowledgeable DPO is therefore a key guarantee of an organization's commitment to transparency and to truly strengthening the rights of customers in personal data protection."

"Personal data protection is not merely about technology or security systems. It is at the heart of caring for customers with sincerity and transparency. PDPA is not only about data security, but also a reaffirmation of respect for privacy and the fundamental human rights to which everyone is equally entitled," Mr. Montri concluded.