Kritiyanee joined Baker McKenzie in 2013 and is a partner in the Intellectual Property and Technology practice. She has a wealth of experience in data protection, cyber security, and complex technology matters, with a focus on data privacy and protection, data analytics, electronic transactions, cloud computing, and computer crime.
Kritiyanee focuses on data privacy and protection, data analytics, electronic transactions, cloud computing, blockchain, computer crime, and cybersecurity.
She is a Certified Information Privacy Professional/Europe (CIPP/E). She has counseled both international and local companies on the European Union’s General Data Protection Regulation (GDPR), in particular by advising on the differences between the GDPR and Thailand's Personal Data Protection Act (PDPA).
Her previous work included Data Protection and Cyber Security, Technology transactions and ITC regulatory advice, which spanned across various business sectors, including technology, financial services, automotive, insurance, airline, consumer goods & retail, food and beverage, hospitality, and healthcare.
Representative Legal Matters
- Advised local companies regarding their obligations under the General Data Protection Regulation (GDPR) as their business operations subjected them to liability and comparison with Thai PDPA.
- Conducted data mapping, identifying gaps from the data mapping results, analysing and providing recommendations on how to close the identified gaps, preparing required legal documents, and strategizing implementation plans.
- Advised various data protection advisory work including: (1) company and government surveillance & interception; (2) the exploitation of personal data in CRM project; (3) data breach requirements, revising breach notification reports, and how to handle breach reports for the public with care; (4) criminal background checks of employees; (5) internal investigation of employee misconduct; (6) email review and retention; (7) CCTV surveillance; (8) implementation of facial recognition software; (9) the use of sensitive data; (10) whistle-blower hotlines/channels; and (11) the use of personal data for AI training for both global and local clients in a variety of industries.
- Prepared and revised Privacy Policies, Consent Forms, Parental Consent Forms, Data Transfer Agreements, Data Processing Agreements, Intra-Group Transfer Agreements, Terms and Conditions, Mobile User Agreements, Data Governance Manuals, Data Breach Response Procedures, HR Data Protection Guidelines, IT Policy Handbooks, IT Monitoring Policies, CCTV notice and warning signs, Data Retention Policies, Direct Marketing Policies, Data Subject Rights Policies/Procedures, and Record of Processing Activities.
- Advised and revised agreements for blockchain-based platform operators handling Thailand's National Digital ID Project.
- Provided legal advice regarding security and data privacy for e-commerce businesses; business expansion for cloud service providers; mobile applications; websites; streaming services; social networking sites; digital content; and online contests,
- Involved in an IT outsourcing project to streamline support activities for the client's operating entity in Thailand through a service hub overseas, allowing the client’s local office to focus on developing its core business and increase sales.
- Guided a digital transaction platform and various other technology companies by providing advice regarding the validity and enforceability of e-signatures, e-transactions, the use of trusted Certificate Authorities and preferences on transforming their traditional operations/services to be electronic based.
- Advised clients with the inception of an e-map service using GPS as a mobile application.
- Provided legal advice in the areas of consumer protection, product liability, product recall, e-contest, internet sweepstakes, advertising, labelling, online activities targeting minors, intermediary liability of internet service providers, hosting immunity, safe harbour, spam mail, email marketing, sms and push notifications, and cold call marketing.
- Counselled clients in dealing with the government authorities, helping respond to government requests, joining the meetings with government entities on behalf of our clients in relation to lese majeste content, illegal online content, computer crimes, and notice-and-take-down procedures.
- Advised technology platform service providers regarding types of advertisement prohibited and allowed on their platforms, in addition to push notification/unsolicited advertisements for a website Loyalty Program.
- Handled negotiations for clients in the gaming industry with the NBTC in a dispute arising out of Thai government concerns over an augmented reality mobile game.
- Advised on the regulatory framework for the launch of an e-Sport tournament in Thailand.
- Drafted and negotiated Talent and Collaboration Agreements for a clothing brand with international superstars, such as Adam Levine.
- Honorable Mentions and Ranked by The Legal 500 AP as a key lawyer in data privacy area, 2019-2020
Professional Associations and Memberships
- Law Society of Thailand
- Thai Bar Association
- International Association of Privacy Professionals (IAPP)
- Internet Society (ISOC)
- Thailand (2012)
- The London School of Economics and Political Science (LL.M., with merit) (2011)
- Chulalongkorn University (LL.B., 1st class honors) (2008)
Kritiyanee is a highly coveted speaker, trainer, panelist, and lecturer for a variety of clients and institutions on numerous topics including data protection, PDPA, GDPR, computer crime, digital content, AI, netiquette, and Blockchain. The hosts have included the following:
- Government entities and regulators: the Electronic Transactions Development Agency (ETDA), Bank of Thailand (BOT), the Office of Insurance Commission (OIC).
- Industry-specific associations: Pharmaceutical Research and Manufacturers Association (PReMA), the Association of Securities Companies (ASCO), Association of Investment Management Companies (AIMC), and Thai Bankers' Association (TBA).
- Renowned universities: Chulalongkorn University, Thammasat University, and Chiang Mai University.
- Various other client and non-client seminars and forums: ASEAN Business Advisory Council (ASEAN BAC), BOT Bangkok FinTech Fair, HSBC, Pandora, Chevron, PTT Group, Takeda, Pruksa, AIA, Krungthai-AXA, SCB Abacus, CIMB, Kiatnakin Bank, Kbank, Abbott, Standard Chartered, Bangkok Bank, Government Savings Bank, EXIM Bank, UBM Asia, Shiseido, Siam Cement Group, Dupont, Seiko, Dharmniti among many others.
In addition to her speaking engagements, Kritiyanee has also written or co-authored articles and provided comments on PDPA, the GDPR impact on Thai companies, Artificial Intelligence (AI), the Internet of Things (IoT), 3D Printing Technology, digital economy related laws, and Blockchain to various news reporters, journalists, and publishers such as Bloomberg BNA, Thomson Reuters, DataGuidance, China Daily, the International Bar Association (IBA), Global Data Review, the American Chamber of Commerce in Thailand (AMCHAM) Journal, the Australian-Thai Chamber of Commerce (AustCham) Journal, German-Thai Chamber of Commerce (GTCC) Journal, Thailand’s Intellectual Property and International Trade Court Law Journal, the Bangkok Post, the Nation and Krungthep Turakij.
- Published the legal article “the Future is Now and Its Challenges Present: How to determine IP ownership and plan for regulatory compliance in the era of Artificial Intelligence (AI) and the Internet of Things (IoT) symbiosis” published in the Intellectual Property and International Trade Court Law Journal.
- Published the legal article “Ready or not, Here It Comes - Blockchain and Its Legal Implications” published in the Intellectual Property and International Trade Court Law Journal: Special 20th Anniversary Issue.