6. Enabling a data-driven public sector

Building blocks for a data-driven public sector

In the drive towards fostering more open, digital and innovative governments, the OECD has identified the creation of a data-driven public sector as a chief condition for successful digital transformation. Principle 3 of the OECD Recommendation of the Council on Digital Government Strategies (2014, p. 7[2]) informs of the need to create a data-driven culture in the public sector by developing frameworks that guide the access and re-use of data and deliver trustworthy official data in open formats (Box 6.1).

In line with the above, the OECD Digital Government Policy Framework highlights the data-driven public sector as one of its core six dimensions (Figure 6.1). In a data-driven public sector, governments are able to apply data for designing policies, public services and long-term plans, generating public value to meet the changing needs and higher expectations of citizens and businesses (OECD, 2019[1]). It implies engaging in active efforts to remove barriers to the use of data, publishing public sector data freely and openly, encouraging the use or sharing of data among public sector organisations while protecting the data rights of citizens and businesses (OECD, 2019, p. 17[1]).

Figure 6.1. The OECD Digital Government Policy Framework: Data-driven public sector dimension

Source: OECD (2020[3]), "The OECD Digital Government Policy Framework: Six dimensions of a Digital Government", https://doi.org/10.1787/f64fed2a-en.

The opportunities of a data-driven public sector can be classified into three main pillars where data-driven initiatives can support the decision-making process across different policy areas and levels of government (Table 6.1):

• Anticipatory governance: Use data to strengthen a data-driven public sector’s anticipatory capacities and future-oriented approaches.

• Design and delivery: Engage stakeholders in policy making and the development of public services that respond to the needs of the users at any given point in time.

• Performance management: Enhance the monitoring, management and improvement of performance.

Analysing Thailand’s efforts to enable a data-driven public sector

Building a data-driven public sector is not an easy task. Indeed, results from the OECD Digital Government Index show how the data-driven public sector is the second-lowest dimension of all of the six dimensions assessed in the OECD Digital Government Policy Framework. These results show that “governments are not yet fully exploiting the potential of data as a foundation for digital government and should foster the creation of a skilled public sector that relies on data as a core component to effectively design and deliver projects” (OECD, 2020[5]).

For the government of Thailand to reach digital government maturity and build a data-driven public sector with a whole-of-government approach, there are three key areas for discussion and consideration that will be covered in the three sections of this chapter: i) strengthening data governance arrangements as the structural foundation, which establishes how authority, control and decision making over data assets are carried out (Ladley, 2012[6]); ii) leveraging data access and sharing to increase public value in service design and delivery; and iii) establishing the role of data governance for trust in governments. The structure is also based on the OECD’s analytical framework that holistically accounts for a data-driven public sector, featuring 12 facets with 3 areas of focus needed to successfully unlock the value of data (Figure 6.2).

Figure 6.2. The OECD analytical framework for a data-driven public sector

Source: OECD (2019[1]), The Path to Becoming a Data-Driven Public Sector, https://doi.org/10.17878/059814a7-en.

Leadership

Political and administrative leadership are crucial to secure the success of Thailand’s willingness to use data both in the design and implementation of public policies and services. Political leadership involves high-level support from ministers to advance the policy agenda, while administrative leadership are of top management positions in the public sector that focus on steering policy design and implementation, which helps to ensure continuity across political terms (OECD, 2019, p. 39[1]). Power derives from this leadership to a large extent but is also dependent on a host of other factors, such as the institutional position in the hierarchy, defined roles and responsibilities and their legal basis, and the policy levers that leaders and public sector organisations use to steer policy and enforce compliance (e.g. of data standards).

As discussed in Chapter 2, the Ministry of Digital Economy and Society (MDES) is the public sector organisation that takes the greatest lead on the national digital (government) and data agenda: Thailand’s National Big Data Policy and Digital Government Development Plans (further elaborated in the next sub-section “Towards an action plan for public sector data”).

The MDES, together with the Digital Government Development Commission and the DGA, leads the development of data governance and policies as part of the National Big Data Policy and Digital Government Development Plans.

On the one hand, the Digital Government Development Commission was created in 2019 under the promulgation of the Digitalisation of Public Administration and Services Delivery Act, B.E. 2562 (2019). It has significant political and administrative power, as it brings together the prime minister of Thailand as the chairperson, and the Minister of Digital Economy and Society, the Permanent Secretary of the MDES, the Permanent Secretary of the Office of the Prime Minister (PMO), the Permanent Secretary of the Ministry of Higher Education, Science, Research and Innovation (MHESI), the Secretary-General of the Office of the Civil Service Commission (OCSC), the Secretary-General of the Office of the Public Sector Development Commission (OPDC), the Secretary-General of the Office of the National Economic and Social Development Council (NESDC) and the Director of the Budget Bureau as the members. Other members are selected from the National Digital Economy and Society Commission, the Electronics Transactions Commission, the Office of the Official Information Commission, the Personal Data Protection Commission and the National Cyber Security Commission.

The Digital Government Development Commission has powers and duties to provide guidance and recommend policies to government agencies and formulate the Digital Government Development Plans and its roadmaps, principles, standards, rules, regulations and guidelines, especially in data governance. The commission is required to track and monitor the progress of digital government in Thailand (Box 6.2). Additionally, the DGA and the commission also provide policy recommendations to the cabinet on digital government development. In that regard, the Office of the Permanent Secretary and the PMO have been keen in co-operating with the DGA and its governing commission to support the implementation of the Digital Government Development Plan.

On the other hand, the DGA delivers policy recommendations on digital government transformation, data governance and digitalisation of public services backed by political support. The DGA’s role in building a data-driven public sector is set out in B.E. 2561 (2018), a royal decree that established the DGA under the supervision of the prime minister and the PMO. The government-to-government (G2G), government-to-citizen (G2C) and government-to-business (G2B) initiatives of the DGA are issued either as prime minister’s orders or cabinet resolutions (DGA, 2018, p. 33[9]). Moreover, the Digitalisation of Public Administration and Services Delivery Act, BE. 2562 (2019), specifically states that the DGA has “the duty of directing and facilitating the operations as assigned by the Digital Government Development Commission, including its secretarial and academic works”. In this sense, the DGA has a similar scope to the Digital Government Development Commission.

However, the DGA fares less on administrative power in the implementation of the digital government and data agenda. The DGA, as the key public sector organisation that promotes and supports the rolling out of digital government services, does not play a strong co-ordination and compliance role for data governance across the public sector. Broadly, the MDES and DGA co-ordinate with other ministries and government agencies on different mandates under the 20-Year Digital Economy and Society Development Plan (2017-2036) or Digital Thailand, one of which includes the move to big data as discussed in Chapter 2.

The DGA’s limited administrative power is evident in the less-than-optimal results in data management and integration at an operational level. In 2018, the DGA conducted a “Survey Project on the Readiness of Digital Government Development of Government Agencies in Thailand” in line with the Digital Government Readiness Assessment Framework, B.E. 2561 (2018). Two dimensions, “Policies/practices” and “Secure and efficient infrastructure”, measured the development readiness of government agencies on data governance and data management respectively.

On a scale of 0 to 100 points (with 100 being the most prepared), the survey revealed that the average readiness of 287 public sector organisations at the department level surveyed was 52.7 points for “Policies/practices” and 75.2 for “Secure and efficient infrastructure”; 1 237 public sector organisations at the provincial level surveyed had 33.9 points for “Policies/practices” and 54.6 points for “Secure and efficient infrastructure” (DGA, 2018, pp. 47-49[9]). These capacity and capability limitations do not only bring data governance challenges at the central level, they translate into multi-level data governance issues, in particular when specific data is generated by local public sector organisations but consumed by central authorities as an input for policy and decision making.

Previous efforts to build multi-level data governance arrangements for effective policy making have not been entirely successful in moving forward due to the disparities in terms of data capacities, protective data management practices at the local levels and the complex multi-level governance arrangements and accountability mechanisms among local, provincial and central authorities (Figure 6.5).

Figure 6.5. Thailand’s national and local government structure

Source: Information provided to the OECD by the Thai government.

In reference to the DGA’s organisational key objectives (Box 6.3), the DGA should strengthen the first and second key objectives as top priorities: in devising, executing and enforcing the implementation of its G2G (including central-local data exchange), G2C and G2B initiatives at the operational level for national, department and provincial public sector organisations. The other key objectives are oriented more towards having DGA play a supporting role in promoting digital government transformation. Imparting greater authority to the DGA as the leading public sector organisation that reports directly to the Digital Government Development Commission could help to attain better co-ordination on digital and data standards, digital and data infrastructure and digital services that rely on data as an important input.

This would require the political and administrative leadership at the MDES, PMO, MHESI, OCSC, OPDC, NESDC, etc. to confer a higher degree of power and authority to the DGA, such that the DGA has greater oversight beyond its advisory role in the context of the National Big Data Policy and data policies under the Digital Government Development Plans. This is to secure good data governance as the foundation towards data integration and sharing, with the publication of good quality open government data – and how this can be done will be covered in the following sub-sections on “Towards an action plan for public sector data” and “Capacity for coherent implementation”.

A positive development to illustrate this point is that the DGA currently supports the new Digital Government Development Plan (2020-2022) in drafting more standards and guidelines. Based on this plan, the Data Catalogue Guidelines on Mandatory Metadata for Agency Data Catalogues will be defined in 2021, which will lead to the development of the Thailand Government Data Catalogue that assimilates all government agency data catalogues, under the supervision of the MDES National Statistical Office of Thailand (NSO). In 2020, the DGA identified the flagship project on the Agency Data Catalogue and worked with the OPDC to encourage a pilot project on government data.

Clear identification of the DGA as the key public sector organisation that will officially lead, co-ordinate, implement and ensure compliance with data governance by decree would be helpful to increase its power and authority. While the current leading role of the MDES is inclusive and relevant, there is a risk that public sector data initiatives under the National Big Data Policy and Digital Government Development Plans will not be granted enough political and administrative support vis-à-vis other digital economy policy goals (see next sub-section on “Towards an action plan for public sector data”).

While the MDES could continue to maintain oversight, provide an overarching direction and play a wider advisory and co-ordination role for the National Big Data Policy and Digital Government Development Plans, it would be critical for the leading role of the DGA to be confirmed beyond its current operational focus and de facto role as a provider of technology solutions for the public sector.

On top of institutional leadership, the identification of personal leadership is another core element of good data governance. Well-defined roles and responsibilities of key positions help to cement the power and authority of the leading public sector organisation for the national data agenda. The President and Chief Executive Officer (CEO) of the DGA could formally be the National Chief Data Officer (CDO) or Chief Information Officer (CIO) of Thailand, who administratively leads the digital government and data policy in the country.

This is done in New Zealand, where the government’s Chief Data Steward is also the Chief Executive of Statistics and is in charge of providing direction on the national data policy. There are clear quarterly key deliverables for this data leadership role (OECD, 2019, p. 39[1]). Similarly, in France, the General Data Administrator is attached to the Head of Etalab, the taskforce within the PMO in charge of co-ordinating open data and artificial intelligence (AI) policy (OECD, 2019, p. 39[1]). The actual title can differ from country to country but what the government of Thailand most needs is a formal leadership position and role with enough political support and administrative power, supported by well-defined performance indicators and a vision in terms of outcomes for the national data agenda and data governance policy.

Towards an action plan for public sector data

A comprehensive and sustainable strategy that is aligned with policy objectives and priorities is a crucial policy instrument to achieving the desired data-driven public sector. National data strategies and action plans require a high-level, deliberate approach and political commitment towards the role of data as a strategic resource, to unlock economic and social value in line with other policy goals while managing and mitigating risks associated with data use (OECD, 2019, p. 1[10]). Based on front-running countries’ practices in this area, the OECD has found that national data strategies and action plans are often placed within broader digitalisation plans.

Thailand’s national data strategy is contained in its National Big Data Policy, which is led by the MDES and the DGA (Box 6.4). Under the MDES, the Office of the National Digital Economy and Society Commission (ONDE) has the mandate for drafting national policies on digital economy and society for the National Digital Economy and Society Committee and co-ordinating with the Digital Economy Promotion Agency (DEPA) (ONDE, 2020[11]). According to the ONDE, one of its main objectives is to ensure that big data generates economic and social value by improving operational efficiency in production and services (ONDE/MDES, 2019[12]). As such, the National Big Data Policy is placed within the broader national digitalisation plans for the government, economy and society and framed in the context of the larger 20-Year Digital Economy and Society Development Plan (2017-2036) or Digital Thailand. Furthermore, big data is treated as the architectural foundation on which other data initiatives and innovations are built such as open government data, digital government services and more broadly, digital businesses and innovations (ONDE/MDES, 2019[12]).

Thailand’s National Big Data Policy can be made more coherent and sustainable by further clarifying its role, positioning and scope as a meta data governance instrument (i.e. a policy governing policies) that addresses data policy issues related to different sectors. It would be helpful for the National Big Data Policy to have specific and dedicated data strategies and actions plans addressed to each sector. The demarcation of the purposes, corresponding actions and intended outcomes for specific public sector organisations or segments need to be clear. This implies reinforcing the relevance of those areas that fall directly under the government sphere (i.e. open government data, data ethics in the public sector).

Ireland, the Netherlands and the United States (US) have done this comprehensively in their national data strategies and action plans. Ireland’s Public Service Data Strategy (2019-2023) is clear in linking its overall national data strategy with other data initiatives and policy instruments such as the National Data Infrastructure and Open Data Strategy, thereby establishing a unified and cohesive approach to implementing public sector data initiatives with shared principles, objectives and actions (OECD, 2019, p. 38[1]). The Netherlands’ Government Data Agenda, which focuses on unlocking the value of data as a tool to address policy challenges, integrates the country’s policy goals with improved management of data in the public sector, and publication and re-use of open government data. Moreover, the implementation of this agenda is the shared responsibility of the Dutch Ministry of the Interior and Kingdom Relations, central and local governments (OECD, 2019, p. 37[1]). The US Federal Data Strategy and 2020 Action Plan consists of detailed principles, practices and steps to take to leverage the value of data for the whole federal government data asset portfolio (Box 6.5).

Box 6.5. The US Federal Data Strategy and 2020 Action Plan

The US Federal Data Strategy

In June 2019, the US government issued its Federal Data Strategy, which presents a ten-year vision to unlock the full potential of the country’s federal data assets while safeguarding security, privacy and confidentiality. It adds to several existing initiatives, policies, executive orders and laws that over the past few decades have helped make the US a front-runner in terms of strategic management and re-use of government data. The Federal Data Strategy is based on three core principles: ethical governance, conscious design and learning culture.

In order to capture the linkage between user needs and appropriate management of data resources, the data strategy covers 40 practices that guide agencies throughout their adoption of the strategy. To further ensure coherent implementation of the strategy in the early phase, federal agencies are required to adhere to annual government action plans that include prioritised steps, time frames and responsible entities. The Federal Data Strategy focuses on four areas:

• Enterprise data governance: Focuses on the management of government data. Establishes data policies and specifies the roles and responsibilities for public sector organisations regarding data privacy, security and confidentiality protection. Defines the roles and responsibilities for monitoring compliance with data standards and policies.

• Access, use and augmentation: Focus on the development of policies and procedures to ensure public sector organisations and external stakeholders can easily access and re-use government data – through improving data dissemination, increasing the amount of non-sensitive data available on line and leveraging new technologies and best practices to promote access to sensitive or restricted data while protecting the rights of citizens.

• Decision making and accountability: Aim to improve the use of data for decision making and accountability purposes and promote the use of data for policy monitoring and evaluation purposes to inform future policy decisions. Focus on the provision of high-quality and timely data for evidence-based decision making or on providing specific datasets such as spending data to foster public sector accountability and transparency.

• Commercialisation, innovation and public use: Focus on facilitating the use of government data by external stakeholders, making the data more accessible and relevant for commercial purposes, innovation or other public uses. Foster the use of government data to promote economic, good governance and social value, targeting different groups such as private firms, researchers or citizens.

Figure 6.6. Four focus areas of the US Federal Data Strategy

US 2020 Action Plan

The 2020 Action Plan establishes a solid foundation that will support the implementation of the Federal Data Strategy over the next decade until 2030. It identifies initial actions for agencies that are essential for establishing processes, building capacity and aligning existing efforts to better leverage data as strategic assets. It also covers 16 critical steps to launch the first phase of the data strategy vision, including the development of data ethics frameworks and data science training for federal employees. Furthermore, it encompasses a series of pilot projects underway at various government agencies and a set of government-wide efforts designed to support all agencies through the development of tools and resources. Finally, Annual Action Plans are developed iteratively and incorporate stakeholder feedback and input.

Source: US Government (2020[13]), 2020 Action Plan, https://strategy.data.gov/action-plan/.

Developing a comprehensive national data plan covering the central, subnational and local levels would be critical for enabling an extensive data-driven public sector for Thailand. As with the Digital Government Development Plans, the DGA, together with the Digital Government Development Commission, could take the lead in developing an Action Plan for Public Sector Data or a similar policy document, which not only aligns to future National Economic and Social Development Plans and Digital Government Development Plans but also connects and underlines the different data policy aspects discussed earlier (e.g. open government data, data ethics). Moreover, this Action Plan for Public Sector Data should be acknowledged as a core element of the National Big Data Policy to further clarify the value of the latter as a metadata governance instrument as mentioned earlier.

In addition, the government of Thailand fares well in providing strong political support and will to create and see through its National Big Data Policy but falls short on the operational aspect for the execution and implementation of the National Big Data Policy, in particular addressing data access, sharing and re-use in the public sector. Therefore, the Action Plan for Public Sector Data should also set the right accountability and enforcement mechanisms supported by a stronger lead role of the DGA as proposed earlier. As such, it will need to specify targets, monitoring mechanisms and impact assessments for each key stakeholder and milestone.

A way to move forward in the short term could involve an inclusive approach for the development of the Action Plan for Public Sector Data in consultation with the wider digital government ecosystem of the public sector, private sector and civil society stakeholders. For instance, the United Kingdom (UK) had employed an open consultation process for its National Data Strategy, with the Department for Digital, Culture, Media and Sport collecting evidence from the public that could inform the development of the strategy and conducting a series of roundtables and testing exercises in view of the final document in 2020 (OECD, 2019, p. 38[1]). Another example is that of Germany, which conducted several public consultation rounds with an expert committee and a broad-based online process with citizens and specialists on a draft paper for a national data strategy promoting data provision, access, sharing and responsible data use before the final Data Strategy of the Federal Government was presented in mid-2020 (Die Bundesregierung, 2020[14]).

Such an open, inclusive and collective approach is especially important with the government of Thailand’s vision to integrate systems, data and information from over 400 government agencies and consolidate their public services into a one-stop digital government platform for citizens and businesses to access conveniently, promptly and securely, as shared during the OECD peer review mission in Bangkok. Moreover, this approach could help in building ownership within the public sector – beyond the identification of those gaps as done by the DGA through the Survey Project on the Readiness of Digital Government Development of Government Agencies in Thailand.

Capacity for coherent implementation

Institutional co-ordination and compliance

The MDES co-ordinates the National Big Data Policy through the Steering Committee for Big Data, Data Centres and Cloud Computing (Figure 6.7), with the former acting as secretary. This secures the MDES’ leadership, decision-making and co-ordinating role, with the political backing of the deputy prime minister as chairperson and the Minister of Digital Economy and Society as vice-chairperson (Tortermvasana, 2018[15]). The composition of the steering committee involves 20 line ministries that carry out projects in diverse line and horizontal policy areas like agriculture, tourism, taxation, mobility and natural resources (NSO, 2019[8]). The committee members are the permanent secretaries of the 20 ministries, the NESDC and the DGA.

Figure 6.7. Thailand’s Steering Committee for Big Data, Data Centres and Cloud Computing

Source: NSO (2019[8]), “Big data application in Thailand’s government”, https://unstats.un.org/bigdata/events/2019/hangzhou/presentations/day3/5.%20Big%20Data%20Application%20in%20Thailand%E2%80%99s%20Government.pdf.

The Steering Committee for Big Data, Data Centres and Cloud Computing aims to steward the management of all of the data generated by the state agencies and inform policy and decision making for the digital transformation journey – by consolidating data from all ministries involved into a centralised big data management system. This process involves the conversion, identification and structuring of public value data to be generated across different policy areas: citizens’ quality of life, smart operations, citizen-centric services, resource sharing and budgetary savings.

The committees under the steering committee undertake specific tasks such as data structuring and management in parallel with extracting knowledge and insights from the datasets and designing targeted strategies to improve public processes and service delivery. For this purpose, the committees are charged with fundamental tasks such as discovering, naming and verifying datasets, and identifying areas to generate public value – with the objective of creating an ecosystem to facilitate policy and business decisions (Tortermvasana, 2018[15]).

The process of data governance covered in the Data Governance Framework is meticulous in setting forth basic principles for the implementation capacity, such that: i) data must be selected for regulatory outcomes; ii) compliance, security and privacy must be ensured; iii) standards and guidelines must be defined; and iv) human management and organisational culture must be involved. In this context, collaborative and cohesive data governance across the public sector is pivotal. The MDES and DGA are at the helm of fortifying good data management practices across the public sector towards greater integration. Yet, due to the decentralisation of power, responsibilities and information (covered in the previous sub-section “Leadership”) and the lack of mature data governance standards, the public sector generally experiences low efficiency and effectiveness in implementation.

While data governance tools such as the Thai Data Governance Framework are sound conceptually, the government of Thailand still faces challenges in the implementation process at an operational level. Public sector organisations still struggle to implement good data management. For instance, the Department of Provincial Administration (DOPA) sits on the board of the DGA and is responsible for the citizen data registry and a data-sharing platform with the Ministry of Interior (MOI). The MOI, together with other line ministries managing data registers, still faces obstacles in data governance, standards, discoverability and quality for data sharing at an operational level with the public sector organisations it works directly with.

The signing of memoranda of understanding (MOUs) has been used for linking data among government agencies. As covered in Chapter 5, the DGA is piloting various projects such as the Government Data Exchange Centre (GDX), the Linkage Centre and the G-Cloud cloud computing tool. At the same time, the Steering Committee for Big Data, Data Centres and Cloud Computing is overseeing the formation of a centralised big data management system and a central cloud computing centre but still has not defined which government agency will be responsible for them due to the complexity and variety of datasets (Tortermvasana, 2018[15]). These nascent digital government initiatives may fail if co-ordination and the enforcement of centralised data standards are weak.

The DGA, as the leading public sector organisation responsible for ensuring that government agencies properly determine the purpose, control and verification of the management of their data, could provide greater assistance by providing more practical measures, guidelines and good practices on top of the Data Governance Framework. The DGA, the ONDE, the Digital Government Development Commission and the Steering Committee for Big Data, Data Centres and Cloud Computing could be the four government bodies through which co-ordination, implementation and compliance are secured for the proposed Action Plan for Public Sector Data across the public sector – with the latter two serving more of an advisory role.

In addition to the high ambitions and long-term goals set out in the broad 20-Year Digital Economy and Society Development Plan (2017-2036) or Digital Thailand, the government of Thailand needs to pay keen attention to developing the essential capacities for coherent implementation – particularly in involving and co-ordinating different policy areas and levels of government for coherent implementation. This area was identified to be a weakness in the governance of Thailand’s open and connected government (OECD/ADB, 2019, p. 90[16]).

Apparently, the MDES intends to involve the academia in the Steering Committee for Big Data, Data Centres and Cloud Computing, since policies on data governance and metadata catalogues are led by both the minister and stakeholders from academia. Suan Dusit University (SDU) has collaborated in the creation of the Government Big Data and Data Analytics Centre to increase use cases. The DGA should also be involved in leading and co-ordinating this initiative since this task comes under its mandate of studying, researching, experimenting, endorsing and sponsoring academic works, research and innovation to enhance digital government development (see Key Objective 7 of Box 6.3).

Regulation

Regulation plays an important role in defining the set of rules around the use and treatment of data (OECD, 2019, p. 42[1]). As discussed in Chapter 3, the government of Thailand has risen to the act of solidifying and reinforcing the legislative support and guidance for its policies to build a data-driven public sector in recent years. In 2019, the National Legislative Assembly of Thailand (NLA) passed six technology-related legislations to improve and clarify the regulatory environment for public and private digital services:

• Electronic Transactions Act No. 3, B.E. 2562 (2019), and No. 4, B.E. 2562 (2019).

• Electronic Transactions Development Agency Act, B.E. 2562 (2019).

• Digital Economy and Society Council Act, B.E. 2562 (2019).

• Personal Data Protection Act, B.E. 2562 (2019).

• Cyber Security Act, B.E. 2562 (2019).

• Digitalisation of Public Administration and Services Delivery Act, B.E. 2562 (2019).

These efforts in digitalisation reform are notable. As discussed in Chapter 3, the Digitalisation of Public Administration and Services Delivery Act, B.E. 2562 (2019), was highlighted widely as the first digital government law in Thailand. It is intended to accelerate digital transformation in the public sector with a solid legal framework. Three focus areas are: i) digitalisation of processes and services using a citizen-centric approach; ii) data integration between government agencies to provide comprehensive digital services for citizens and businesses; iii) open government data in machine-readable formats to enable citizens and businesses to re-use and develop innovations – and the plans, rules and standards to elaborate on these legal provisions are still underway (Rohaidi, 2019[19]).

Yet, legislation is a first step but it does not guarantee effective and sustained implementation. During the OECD peer review mission in Bangkok, the Office of the Council of State under the PMO in charge of drafting the Digitalisation of Public Administration and Services Delivery Bill shared that the legislation is intended to change the public sector culture, enforce data sharing and facilitate the operations of the Government Data Exchange Centre (GDX) and Open Government Data Centre.

The prime minister of Thailand actively supports the Digitalisation of Public Administration and Services Delivery Act, B.E. 2562 (2019) but still faces resistance from various government agencies due to the lack of readiness and capability. As discussed in the previous chapters, both hard and soft regulatory instruments need to be enforced actively with strong co-ordinated efforts across the public sector. This process requires marked changes in the organisational structure and culture including human resources, digital infrastructure and public trust. This proves the point that legislation and regulation need to be accompanied by agile, innovative institutional approaches that enable strategic and anticipatory change according to the circumstances.

As discussed in Chapter 3, regulations may slow or hinder the process of data integration. There needs to be a balance between flexibility and scalability on one end, and preserving the complexity of control and compliance for data integration on the other that prevents fragmentation (OECD, 2019, p. 33[1]). Regulations around data governance should allow for purposeful and organic changes in the environment and among actors. Such a balance also provides experimental freedom for new initiatives that are focused on solving problems for better public outcomes and free from policy delivery constraints (OECD, 2019, p. 78[1]).

One area of regulatory tension has been identified to be between data protection and data sharing. The ONDE, responsible for designing digital economy and society policies, highlighted that it has not embarked on open data or data-sharing initiatives due to legislative restrictions and the administrative burden emerging from the Personal Data Protection Act. The balance between a flexible and structured approach can help to foster common understanding, alignment and coherence of data initiatives. It creates greater support for concerted actions when addressing challenges and delivering results (OECD, 2019, p. 33[1]).

The government of Thailand could, for instance, elaborate on soft legal and regulatory instruments such as codes of practice, recommendations, standards and guidelines that specify data integration and sharing, aimed at fostering these cultural changes, developing the understanding and skills to unlock the potential of accessing, sharing and using data ethically.

Data integration: Infrastructures, standards and guidelines

The government of Thailand has set policy milestones for establishing several one-stop services such as PromptPay, Biz Portal, Farmer ONE, the Linkage Centre, e-Social Welfare, GIN, the Government Application Centre (apps.go.th), the Open Government Data Centre (data.go.th) and the Government Data Exchange Centre (GDX) (Thiratitayangkul, 2019[21]). This has culminated into the launch of a mobile application CITIZENinfo in late 2019, a one-stop service that has a citizen and a business portal, offering information on public services from government agencies nationwide. It functions like a government kiosk and an integrated e-services platform that uses digital documentation like the digital ID and runs on integrated big data and analytics (Thiratitayangkul, 2019[21]). However, the OECD found that these one-stop services are driven more by an e-government approach and a one-way provision that is not fully digital, as discussed in Chapter 5. The leap to being truly data-driven will require stronger efforts to build and strengthen a holistic, coherent, scalable and agile data architecture and infrastructure.

Government data are not naturally harmonised because government agencies with different responsibilities from various policy areas have different datasets and formats (Ubaldi, 2013, p. 31[17]). Several public sector organisations express their aspiration and plans in the use of big data and data analytics. Nevertheless, the main barrier that constantly resurfaced through the interviews conducted and the data collected within the framework of this review is the lack of standards and guidelines, in addition to flawed human resource capability, which made the process of data management and analysis challenging. The government of Thailand currently has policies, standards and guidelines on data security and stability, data disclosure, data link and exchange, data confidentiality, open data, personally identifiable information, data innovation design and data governance assessment (DGA, 2018, p. 45[9]). However, focusing also on the data generation stage would help to secure integration in the later stages of the data value cycle. So far, the guidelines and standards available address data access and sharing once the data has been already generated or assume data assets are discoverable and accessible.

A good example is the National Information Committee, which was under the Ministry of Information and Communication Technology (MICT) and now the MDES. The National Information Committee drives information policy, manages the geographical information system (GIS) and geospatial datasets from 30 public sector organisations. Still, it faces difficulty in data discoverability and data ownership for a large number of datasets under its purview. In response to such a challenge, different countries have had different responses. Korea and the UK have developed a single data inventory for the government to provide ease of internal data discoverability and data re-use. Korea has especially taken practical steps to put the needs and structure of base data registries into legal records to simplify the sourcing and curation of datasets (OECD, 2019, p. 64[1]). Most relevant is Italy, which developed technical regulations on the territorial data of public administrations and a national metadata catalogue to guarantee the discoverability and clarity of spatial data and related public services (OECD, 2019, p. 44[1]).

Another example is the Ministry of Commerce (MoC) that expresses strong support for digital integration and greater alignment and co-ordination in the development of digital policies and initiatives. It has a pilot project to share web service data with the Ministry of Agriculture and Cooperatives (MOAC) and the Rice Department, in view of real-time data-sharing projects for maize, palm oil and sugar in the future. However, as shared during the OECD peer review mission in Bangkok and the OECD survey, the MoC has not yet been able to complete the basics such as mapping the business ecosystem and datasets or harmonising operating models and metadata standards. This reinforces the message that the government of Thailand needs stronger data policies, standards and guidelines with compliance for the implementation of its high ambitions for a data-driven public sector to come to fruition.

Data value cycle: Gaps, challenges and solutions

The data value cycle presents the crossroads and synergies of the most strategic, tactical aspects of data governance (e.g. policies and regulations) with the technical aspects (e.g. architecture and infrastructure for data management, open data and sharing). It is a continuum of inter-related stages where different stakeholders add value and contribute to data re-use (OECD, 2019, pp. 46-47[1]). Looking at the data value cycle, the government of Thailand is still held back in the first two phases of collection, generation, storing, securing and processing (Figure 6.8).

Figure 6.8. The data value cycle

Source: van Ooijen, C., B. Ubaldi and B. Welby (2019[4]), "A data-driven public sector: Enabling the strategic use of data for productive, inclusive and trustworthy governance", https://dx.doi.org/10.1787/09ab162c-en.

This explains why several public sector organisations in Thailand are still struggling with the heterogeneity of government data and the complexity of data integration. They are unable to progress to the third and fourth stages of creating value from data and data-driven processes. Oftentimes, governments get stuck in the first two stages of understanding what kind of government data exists, what form and how they can be used – in order to organise, categorise and integrate the data after. They also need to address issues regarding the interoperability of systems and standards and quality of data. The role of leading bodies such as the DGA, the Digital Government Development Commission, the MDES and committees such as the Steering Committee for Big Data, Data Centres and Cloud Computing will remain key for this purpose.

The DGA is charged with the mandate and task of increasing internal connectivity and integration for interoperability via secured networks or platforms. In addition to the aforementioned GIN and Government Data Exchange Centre (GDX), several more open data and data-sharing projects include: the Digital Government Platform to link important public sector data among more than 620 government agencies through the Single Sign-On system, the e-CMS Version 2.0 on G-Cloud and the government application programming interface (API) system; the government information infrastructure that hosts more than 2 895 open datasets on the Open Government Data Centre (data.go.th); the Government Information Centre (info.go.th) for citizens to access government services datasets and comprehensive service manuals (DGA, 2018, pp. 33-39[9]).

To strengthen the efficacy and efficiency of the data as a service (DaaS) approach presented in Chapter 5, reinforcing the role of the DGA as the leading public sector organisation to set, co-ordinate, align and enforce the data policies and standards in the early stages of the data value cycle (e.g. data generation) would serve well to propel data integration and re-usability towards value creation across the public sector. It would also be helpful to attribute greater accountability to the DGA for this process, as leadership and accountability are mutually reinforcing. More formal requirements through legal and regulatory frameworks are needed to secure responsibility, integrity and consistency in contributing government data to the data-sharing platforms developed by the DGA, including the open government data portal. Emphasising data stewardship and ownership by the hundreds of government agencies or private sector organisations that are involved is also important for consistency and compliance.

While the government of Thailand is progressing well by creating new digital tools, platforms and services that accelerate data integration, open data and data sharing, dedicating more resources to replicate and scale standardised data architectures and infrastructures across the digital economy and society will unlock smoother and more trustworthy access and sharing of data within and outside the public sector. Having in mind Thailand’s regulatory momentum on digitalisation, designing data policies, standards and guidelines in legislation and executive decrees that unlock better harmonisation and co-ordination at all levels of the government would be a boon in strengthening a data-driven public sector. Priorities to be addressed include data accessibility, data ownership, data sharing, data use, data interoperability, metadata, data skills for public officials and engagement with the wider ecosystem of the public sector, private sector and civil society stakeholders.

Ethics

As discussed in the OECD report The Path to Becoming a Data-Driven Public Sector, data ethics is a branch of ethics that “studies and evaluates moral problems related to data (including generation, recording, curation, processing, dissemination, sharing and use), algorithms (including AI, artificial agents, machine learning and robots) and corresponding practices (including responsible innovation, programming, hacking and professional codes), in order to formulate and support morally good solutions (such as right conduct or right values)” (Floridi and Taddeo, 2016[25]; OECD, 2019, p. 109[1]).

Globally, citizens’ attitudes towards data practices in the public and private sectors are changing quickly and the interest in ethical approaches to data management is growing due to the advancement of digital technology and collection of a massive amount of data, leading to its extensive use and the emergence of cases of data misuse and abuse. These circumstances call for public leadership that can establish and ensure a culture of ethical and responsible use of data. Handling data ethically can balance innovation with data protection while placing data subjects and users at the centre of the public service design process. This circles back to the importance of involving the public, private sector and civil society stakeholders to engage in the process to build trust (OECD, 2016, pp. 157-158[26]). Public communication and participation with these stakeholders to agree and align on a set of behaviours and practices around data ethics can encourage transparency and ownership to abide by the ethical management of data.

A discussion of data ethics should also involve a discussion of digital rights. Inspired by the evolution of human rights and fundamental freedoms in relation to the digital age, the OECD designed a tentative framework that classifies digital rights roughly into the first, second and third generations (Figure 6.9) (OECD, 2019, p. 107[1]).

Figure 6.9. Digital rights towards a citizen-driven digital transformation

Source: OECD (2019[1]), The Path to Becoming a Data-Driven Public Sector, https://doi.org/10.1787/059814a7-en.

The first generation of digital rights falls under the civil and political category and should be regarded as fundamental: the right to communicate digitally with the public sector, the right to personal data protection and the right to cybersecurity to name but a few. The second generation of digital rights falls under the socio-economic category and emerged from the rapid advancement of digital technologies in platforms and portals: the right to a digital identity, the right to access one-stop-shops and open data to name but a few. The third generation of digital rights falls under the collective developmental category that has become important due to the emergence of new technologies like AI: the right to the transparent use of data, the right to access open algorithms and the right to data ownership and management to name but a few.

Most OECD member countries have legislative provisions that cover up to the second generation of digital rights. Finding ways to protect these digital rights is crucial but not enough to create a safe operational environment of trust that not only complies with regulatory provisions but also adheres to values such as fairness, transparency, agency in the use of data at the more operational level. Therefore, a formal legalistic approach through “hard” regulations is best paired with “soft” frameworks and guidelines that are embedded deeply in the working culture and encourage self-regulation spontaneously.

Ethical approaches play a pivotal and significant role to guide the behaviours of public administrators and public officials in the public sector. They ensure that data will be managed in ways that do not harm or undermine the utility of others, even when done in a lawful way. For instance, collecting data from COVID-19 patients such as their age, occupation, affiliations and addresses may help with contact tracing but this could be unethical if their personal safety is compromised. Governments, therefore, play a fundamental role in determining ethical practices in government processes that manage data and should aim at guiding decision making and informing on ethical behaviour around data (OECD, 2019, p. 109[1]).

The government of Thailand has begun building the legal foundations in recent years to explore, define and guarantee the first and second generations of digital rights with some incorporation of the third generation. However, it has not yet designed ethical principles, frameworks or guidelines on data management and use in the public and private sectors. This presents an opportunity to consider various paths to achieving the goal of shaping behaviour that is conducive to a healthy data-driven public sector that centres on the human aspects of data management and respects the rights of citizens.

These data ethical frameworks and guidelines should contain principles, information and approaches to conduct value-driven practices and decision making that aim to increase understanding of what it means to manage and use data in a way that places fundamental rights and freedoms at the core of government practice and how this translates to specific actions.

In light of the above, the OECD launched the Good Practice Principles for Data Ethics in the Public Sector in 2021 as a means to provide a common values-based ground for the trustworthy management of data by public entities (Box 6.7).

At the national level, the UK Data Ethics Framework specifically sets out principles on the appropriate use of data in the public sector and continues to be iterated through detailed guidance, a workbook to be used for new data projects and workstreams (GOV.UK, 2018[28]).

In a later stage, enforcement and compliance with ethical practices can be executed via an independent government agency, with a lead role in supporting other public sector organisations in capacity building and data management. The DGA has a strong fit for this role with its anti-corruption policy and mandate in “supporting and promoting personnel at all levels to be aware of the importance of behaving in compliance with morals, ethics and anti-corruption awareness” (DGA, 2018, p. 83[9]). For this to be achieved effectively, the DGA could be given the power and authority across the public sector and country in supervising and monitoring the practices in accordance with the laws and regulations around data management and use. While the Personal Data Protection Committee (PDPC) is the supervising authority for data protection, the DGA could be the main steward for the government’s trustworthy data management and use. Both bodies will need to co-ordinate strategically and closely, set strategies and exchange information. They should test ideas, design principles and measure risks continually as data are used and new technologies such as AI are applied on top of them.

To strengthen the DGA’s efforts in data ethics, it could create a data ethics advisory group like New Zealand. New Zealand’s Data Ethics Advisory Group is headed by the Government Chief Data Steward (GCDS) (i.e. a position non-existent in Thailand by law) and the group’s purpose is to assist the government to understand, advise and comment on issues around new and emerging uses of data. Seven independent experts from different fields like privacy, human rights law and innovation, which are relevant to data use and ethics, were appointed as members. Diversity of perspectives is ensured too, with one position reserved for a member of the Te Ao Māori Co-Design Group to support Māori data governance (Stats NZ, 2019[29]).

Such a data ethics advisory group can support the DGA by looking into new initiatives in the early stage of development, such as exploring the idea of using data trusts to facilitate ethical and trustworthy data sharing. Similarly, in this area, ensuring the success of establishing an ethical environment will require consistent communication and engagement over these ethical frameworks, guidelines and principles in the data access and sharing ecosystem that include actors from the private sector and civil society.

Privacy

Privacy refers to the protection of rights of data subjects and a central part of this is consent to the collection, processing and use of data from these data subjects. This is a huge area of concern for data subjects, especially on the treatment of sensitive and personally identifiable data. A reasonable and balanced approach to data protection can secure the value of data sharing, such as the delivery of cross-border public services (OECD, 2019, p. 25[1]).

As such, it is important to address the following issues when it comes to publishing and using data in an open data and data-sharing ecosystem: which public sector organisations hold the data, have the right to access the data, have made an enquiry about the data, use the data and for what purposes; the right to provide data once only to the government; and the right to agree or refuse permission for data provided to be shared and re-used by other public sector organisations (OECD, 2019, p. 113[1]).

Many governments have begun to create formal legislation and accompanying frameworks and guidelines to protect data subjects’ privacy for both citizens and businesses across the data value cycle. The European Union General Data Protection Regulation (GDPR) was landmark legislation that created a global upwards convergence towards high standards of data regulation protection after its implementation in 2018. In the implementation of the GDPR, the UK ensured that the provisions of the Data Protection Act 2018 are in line with the privacy safeguards and code of practice for data sharing in the Digital Economy Act 2017 (Chapter 5: “Sharing for research purposes”) to ensure that data will not be misused or shared indiscriminately (GOV.UK, 2020[30]).

In the effort to design and offer more citizen-centric services, the government of Thailand has committed to balancing the security of lives, assets and public data with the need to address constant changes of public needs and facilitating public service delivery. To protect privacy and allow users to give consent with explicit knowledge of how the data is collected, processed and used, the government of Thailand passed the Personal Data Protection Act, B.E. 2562, in May 2019 and that came into full force in May 2020.

The Personal Data Protection Act, B.E. 2562 (2019), established the PDPC, with the vice-chairperson as the Permanent Secretary of the MDES and the directors as the Permanent Secretary of the PMO, the Secretary-General of the Consumer Protection Board, the Director-General of the Rights and Liberties Protection Department and the Attorney General (ETDA, 2019[31]). This follows from the Official Information Act, B.E. 2540 (1997), that had specific provisions to prevent the misuse of personal data by public officials and the right for citizens to know how their data are being used by public sector organisations.

The Digitalisation of Public Administration and Services Delivery Act, B.E. 2562 (2019), also stipulates under Section 14 that government agencies receiving data from another public sector organisation for the purpose of improving public administration and services should keep the data securely and that there should be no disclosure or transfer of such data to persons without the right to access it.

The Electronic Transactions Development Agency (ETDA) said during the OECD peer review mission to Bangkok that while promoting the National Digital ID (NDID) project, it also plans to raise awareness in the public sector and among citizens and businesses on privacy and how to protect their data in using digital tools. It was involved in the drafting of the Personal Data Protection Act. In May 2018, the MDES set up a Data Protection Knowledge Centre (DPKC) as the centralised unit to create awareness of data protection in the public and private sectors, with the ETDA as the operator and lead. In this respect, it would be ideal for the ETDA to continue in its leadership on securing privacy for data subjects in the treatment of public sector data, focus on education and building an awareness and working culture of practising data protection to build a safe environment until the office of the national PDPC is fully operational.

It could also consider fostering interoperability with other privacy frameworks to enable cross-border data flows, such as the OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data (OECD, 2013[32]) and Regulation (EU) 2016/679 GDPR (van Ooijen, Ubaldi and Welby, 2019[4]).

Transparency

Transparency is about creating an open and trustworthy environment where policy and government information, decisions, processes, frameworks and rationales are made known to the public in a timely, accessible and comprehensible manner, which has an effect of increasing public officials’ accountability to each other and the public (OECD, 2019, p. 115[1]). This approach has direct applications on how personal or sensitive data is used by public sector actors, by whom, for what purpose and with what outcomes. With emerging technologies, transparency about how data is used and processed is fundamental for public trust and the good use and scaling of machine learning.

As the DGA of Thailand continues to create data policies, standards and guidelines on open data, data sharing and the re-use of data in the public sector, it could consider opening its actions, sharing data informing decisions processes and performance to public scrutiny as a way of gaining public trust. This often serves as a powerful and practical tool to gain the support and trust of citizens and businesses in the complex process of digitalising the government and public sector, since it allows them to see, understand, know how various data subjects’ data are used and therefore participate in the best possible way to create value for the economy and society.

Citizens can have the chance to contest should the data seem biased or wrong, which can help to augment the quality of data, fairness and value creation. Finally, the policies, standards and guidelines centred on openness also serve as one of the key pillars for when the government starts to incorporate more AI, to make the data processing sustainable and trustworthy – as agreed on by 20 countries of the OECD Thematic Group on Emerging Technologies (Ubaldi et al., 2019, p. 21[33]).

In Thailand, transparency in a data-driven public sector can be increased with the exposure of the data and algorithms. This is in line with a provision in the GDPR on the right to be informed about the existence of automated decision making. Principle 6 of the UK Data Ethics Framework also specifies that all activity in data science should be done “as open and accountable as possible” (GOV.UK, 2018[28]). France’s Digital Republic Law no. 2016-1321 of 7 October 2016 aims to build a trustworthy and transparent digital and data-driven public sector through a legal framework that protects people’s personal data and guarantees transparency of local and municipal government data (Dreyfus, 2019[34]).

Security

Security involves the management of risks around the treatment of public sector data by the government, to prevent any unauthorised access and use (OECD, 2019, p. 116[1]). To strengthen the foundation of public trust in how the public sector manages and uses data, citizens and businesses should know that the government is protecting the data from potential risks. Furthermore, cyberattacks can be costly for the country in terms of financial, economic, social, geopolitical and national security – damaging or impairing government processes and public services.

In line with plans for building Digital Thailand, the government of Thailand is ramping up efforts to secure the digital architecture and infrastructure in the public sector by consolidating the legislation, regulations and institutions. It plans to improve Thailand’s ranking in the International Telecommunication Union (ITU) Global Cybersecurity Index with the development of national security policy, critical information infrastructure and standard operating procedures (Boonnoon, 2018[35]).

Thailand’s Computer Crime Act, B.E. 2550 (2007), provided a definition of computer-related crimes and authorised government officials to investigate them. Amendments in the Computer Crime Act No. 2, B.E. 2560 (2017), further clarified the ambiguity of illegal content and defamation and improved the efficiency and integrity of the law enforcement process. It also aimed to prevent hacking data and information that could be wrongfully exploited. But in the past years, the government has done a minimal amount operationally to respond to the thousands of cyberthreat incidents and government agencies still have a poor capacity to respond to cyberthreats (Leesa-Nguansuk, 2019[36]). The Cyber Security Act, B.E. 2562 (2019), aims to change this with the creation of a National Cyber Security Committee, the National Cyber Security Agency (NCSA) and new rules to handle cyber threats.

The NCSA is chaired by the deputy prime minister and joined by the Minister of Digital Economy and Society, and has appointed seven cybersecurity expert commissioners. The NCSA will serve as Thailand’s key communication centre and data hub for cybersecurity, to fight illegal data piracy and cybersecurity breaches in its digital infrastructure. It will be receiving a budget of BHT 500 million to BHT 1 billion for this purpose, co-operating with Cisco Thailand to train 1 000 security personnel and oversee the Thailand Computer Emergency Response Team (ThaiCERT) that used to be under the jurisdiction of the ETDA (Boonnoon, 2018[35]). The ETDA will then play a supporting role, continuing to provide licenses for digital identities and signatures and define security standards for data exchange (Boonnoon, 2018[35]).

Since Thailand has just begun its efforts in security, focusing on the development of an independent national digital security strategy with detailed policies, directions and guidelines for public sector organisations would be a strategic next step. Many OECD member countries have also identified digital security as a high priority and developed standalone strategies (OECD, 2019, p. 116[1]). Korea’s strategy imparts authority to the National Information Resources Services for centralised co-ordination and focuses on best practices. The UK has a specific chapter on digital security in its national digital strategy and another separate National Cyber Security Strategy (2016-2021). Its National Cyber Security Centre is charged with building cyber security partnerships across the public and private sectors, providing cyber incident response and liaising with the national security services.

Lastly, digital security skills are a cornerstone – extensive training in cyber security capability should ensure that the country has a sustainable supply of home-grown cyber professionals that can meet the demands for a digital economy and society. Thailand will need to do the same and proceed in the execution phase with strong governance and co-ordination.