Kritiyanee Buranatrevedhya

Kritiyanee focuses on Artificial Intelligence (AI), digital platform liability, data protection and cybersecurity, digital ID, and complex technology matters. She also focuses on IT and IP commercial matters, which span across various business sectors, including technology, financial services, automotive, insurance, airline, consumer goods and retail, food and beverage, hospitality, and healthcare.

She is a Certified Information Privacy Professional/Europe (CIPP/E). She has supported the PDPC as a coach for national competitions on the PDPA. Kritiyanee has recently been appointed by the Thai Parliament as advisor to the Ad-Hoc Committee for Considering and Studying the Guidance on Regulation and Promotion of Using Artificial Intelligence Technologies to Facilitate the Future Changes (AI Committee), an official committee established under Thailand's House of Representatives to prepare AI laws in Thailand.

• Assisted local and international companies with legal analysis of the current AI legal landscape and development in Thailand, conducted a risk assessment, provided a legal guideline to avoid any potential risk while developing AI products/services, draft AI guidelines and governance model, and conducted training on Al Laws to provide the latest developments on AI to international and local businesses, the Bank of Thailand and universities.
• Advised onshore and offshore online service providers on Digital Platform Royal Decree by supporting businesses on their business structures to mitigate risk while still in compliance with local laws. Furthermore, she provided clients with post notification legal strategy, reviewed and revised clients' terms and conditions, and acted as a local coordinator for offshore platform service providers.
• Assisted local and international companies on data compliance matters and data breach incidents, including risk assessments, legal guidelines for appointing a data protection officer (DPO), advising on the legal obligations of data controllers and data processors, conducting data mapping and identifying gaps, preparing legal documents, and revising policies and procedures related to data protection, IT policies, and more.
• Advised clients on various complex technology matters such as licensing terms for facial recognition software, validity and enforceability of e-signatures, analysis of security for e-commerce businesses, digital content, blockchain, e-sports, gaming, NFTs and more.
• Assisted clients on various IP matters, including conducting due diligence for the Thai oil and gas company, conducting IP due diligence to acquire another big-name music company in Thailand, advising a top tier music company in Thailand on copyrights and licensing arrangements, preparing IP agreements, drafting and negotiating talent and collaboration agreements for a clothing brand, and counselling various clients in other areas of intellectual property laws.
• Drafted and negotiated agreements for blockchain-based platforms for operators handling Thailand's National Digital ID Project, IT outsourcing projects; expansion for cloud service providers; mobile applications; websites; streaming services; social networking sites; digital content; and online contests.
• Developed a Risk Matrix concerning marketing activities for Thailand's corporations and Fortune 500 companies for analysis of applicable legal bases for the client to rely on for handling data, as well as mitigating risks involving ad recommendations pursuant to the PDPA for data monetization.
• Assisted various international companies on cross-border transfer of personal data sent or transferred to a foreign country and appropriate safeguards. Advised various international financial, payment, and banking companies regarding cross-border transfer of personal data overseas.
• Handled negotiations for clients in the gaming industry with the Thai regulator in a dispute arising out of Thai government concerns over an augmented reality mobile game.
• Provided legal support to a government entity on its Binding Corporate Rules (BCRs) Project for compliance with the EU GDPR and advised on the process for selection of the BCRs Supervisory Lead Authority in the EU.
• Advised several multinational companies on the AI regulatory framework in Thailand, monitored its development, and provided legal updates and risk analysis regarding AI.
• Advised local and international clients on complex data breach incidents, provided legal counsel on response and action, including notification requirements to the authorities and data subjects, post-notification remediation measures, the potential impact on clients' businesses, and implemented improvements to the client's system to reduce the risk of future breaches.
• Advised a leading global payment and technology company on a new platform that allows data subjects to exercise their privacy rights; assessed the products' applicability with Thai data privacy laws and required obligations such as notification with the competent authority, consent requirements, data subjects' rights, data localization, cross-border transfer, etc.
• Co-leader with another partner in the financial practice group on a collaborative project between major financial institutions and securities companies in Thailand for extensive data protection work, including analyzing the legal roles applicable to each custodian-related role. The project helped eradicate earlier pain points in this industry due to inconsistencies between each party that often led to un-closable deals and agreements.
• Advised various data protection advisory work including: (1) company and government surveillance & interception; (2) data monetization; (3) data breach requirements, revising breach notification reports, and how to handle breach reports for the public with care; (4) criminal background checks of employees; (5) internal investigation of employee misconduct; (6) email review and retention; (7) CCTV surveillance; (8) implementation of facial recognition software; (9) the use of sensitive data; (10) whistle-blower hotlines/channels; and (11) the use of personal data for AI training for both global and local clients in a variety of industries.
• Assisted various online platforms on digital items based on NFT blockchain technology to enter into licensing and service agreements with IP providers. Assisted in the agreements with businesses to list and sell their items on the digital marketplace. Advised on the structure and revision of an NFT marketplace platform's legal documents including Terms of Service, Artist Agreement, End-User Agreement, Privacy Policy, and Consent Form. The project involves NFT ownership among creators, sellers, donation centers, first- and second-hand buyers; transfer of intellectual property rights and licensing; use of trademark for marketing purposes; and data protection in case of individual buyers and/or juristic person buyers.
• Assisted an international financial service provider in curbing violence and harassment online by providing key pieces of legislation - the Computer Crime Act, The Criminal Code, and other relevant laws - to curb online violence. Provided legal advice on regulatory bodies and their functions regarding hate and violent activity on the client's platform in Thailand.
• Counselled clients in the area of intellectual property commercialization, including copyrights, trademarks, trade secrets, and IP licensing.

• Named as a Up and Coming in TMT by Chambers AP, 2024
• Named as a Next Generation Partner by The Legal 500 AP, 2023-2024
• Named as a Rising Star by Managing IP in their Rising Stars Awards Asia-Pacific 2021
• Honorable Mentions and Ranked by The Legal 500 AP as a key lawyer in Data Privacy, 2019-2020

• Appointed by the Thai Parliament as Advisor to the Ad-Hoc Committee for drafting artificial intelligence (AI) law in Thailand, 2024
• Member, International Association of Privacy Professionals (IAPP)
• Member, Internet Society (ISOC)
• Certified Information Privacy Professional/Europe (CIPP/E)
• Granted a full scholarship to attend Asia-Pacific Internet Governance Academy in University in Seoul, Korea. The Academy is hosted by the Korea Internet & Security Agency (KISA) and the Internet Corporation for Assigned Names and Numbers (ICANN), 2016.