In recent years, the government has been actively promoting the adoption of digital technology to develop public administration and services. This includes enabling data connectivity and exchange between government agencies.

In addition, the enactment of the Digitalization of Public Administration and Service Delivery Act B.E. 2562 (2019) was introduced to establish guidelines for the application of digital technology in public administration. This aligns with the recommendations of the National Reform Council (NRC) and the National Reform Steering Assembly (NRSA) to elevate the government towards becoming an “Open and Connected Government.” The integration and exchange of government data serve as a fundamental pillar in developing Bureaucracy 4.0 and act as a key mechanism for driving national strategies, policies, and plans.

In the Digitalization of Public Administration and Service Delivery Act B.E. 2562 (2019), government agencies are required to interconnect and share data with one another. Furthermore, the Act mandates the establishment of a Central Data Exchange Center, which functions as the core platform for digital data exchange and digital registries among government agencies. This initiative aims to enhance public service delivery by enabling seamless and efficient digital government services for citizens.

The Digital Government Development Agency (Public Organization) or DGA has developed the Government Data Exchange (GDX) system to serve as a central hub for digital data exchange and digital registries among government agencies. This system supports government agencies in delivering digital public services in accordance with Section 15 of the Digitalization of Public Administration and Service Delivery Act B.E. 2562 (2019).

Currently, 194 government agencies are connected to the Government Data Exchange (GDX) system. In the fiscal year 2021 (B.E. 2564), data exchanges through the GDX system occurred more than 35.3 million times.

Moreover, 7 agencies have opened their data for exchange via GDX, including:

• Department of Provincial Administration
• Department of Business Development
• Cooperative Promotion Department

There are 36 datasets accessible through the system. More details can be found at:
https://gdx.dga.or.th/DataCatalog/Dictionary

Definitions

1. Data Producer 

A data producer refers to a government agency that creates, collects, and stores digital data for their operations aligned with their duties and responsibilities.

Examples:

Department of Provincial Administration (for population registration data)

Department of Business Development (for corporate registration data)

2.Government Data Exchange (GDX) System

The GDX system is the digital platform developed by the Digital Government Development Agency (Public Organization)(DGA). It serves as a central hub for digital data and registry exchange between government agencies, supporting digital public services. The system operates under Section 15 of the Digitalization of Public Administration and Service Delivery Act B.E. 2562 (2019).

3. Data Consumer 

A data consumer is a government agency that requires data from data producers to support public services or fulfill their mission.

Benefits for Agencies

1. Data Consumers 

Access to Digital Data: Data consumers can access digital data from multiple agencies under a unified standard and method, supporting the agency’s operations in delivering digital public services.

2. Data Producers

Data Accessibility & Linkage: Other agencies can access and link to the digital data provided by data producers, as specified in Section 13 of the Digitalization of Public Administration and Service Delivery Act B.E. 2562 (2019), within the data access rights set by the producer.

Centralized Data Exchange Oversight: The GDX system ensures that data exchanges between agencies maintain high standards and security levels.

• Authentication: Verifies the identity of users/systems.
• Access Control: Ensures proper authorization for data access.
• Data Logging: Maintains records of data access.
• Security Measures: Protects against unauthorized data access (e.g., hacking, denial of service attacks).
• Ensures compliance with laws and regulations.

3. Digital Government Development Agency (Public Organization) (DGA)

DGA coordinates and assists agencies in connecting and exchanging data via the GDX system. This includes providing API documentation, conducting connection tests, and offering monitoring and usage statistics. This reduces the operational burden on the data-producing agencies’ staff.

Learning media

https://www.youtube.com/embed/Pu4m5h3OuD8

Technical Characteristics

The Government Data Exchange (GDX) system functions as a gateway between the digital systems of data consumers and data producers. The process of linking data through the GDX system involves the following steps:

1. Data Request: The e-Service or Back Office system of the data consumer sends a data request to the GDX system.
2. Data Access Verification: The GDX system checks if the requesting agency has the been allowed by the data producer to access the data. If the request is authorized, the GDX system forwards the data request to the data producer.
3. Data Retrieval: The data producer retrieves the requested data from its database and sends it to the GDX system.
4. Data Delivery: The GDX system then forwards the retrieved data to the e-Service or Back Office system of the data consumer. Importantly, the transferred data is not stored in the GDX system.

Relevant Legal Provisions for Government Data Exchange

Data Producers 

The Digitalization of Public Administration and Service Delivery Act B.E. 2562 (2019), Section 13, states “For public administration purpose and service delivery, government agencies are required to facilitate the linking and exchange of digital data that they have created and hold, upon request from other government agencies, to enable integration and cooperation.”

Central Government Data Exchange Center

The Digitalization of Public Administration and Service Delivery Act B.E. 2562 (2019), Section 15, states: “The Central Data Exchange Center shall be established to serve as the hub for the exchange of digital data and digital registries between government agencies, supporting government operations in delivering public services through digital systems. The Center shall carry out the following tasks:

1. Define policies and standards for data exchange and integration; and submit them to the Digital Government Development Committee for approval.
2. Coordinate and assist government agencies in integration and exchanging digital data with each other, ensuring the process follows consistent standards, methods, and conditions as set by the Digital Government Development Committee.
3. Prepare descriptions of the government’s digital datasets and maintain records of digital data exchanges.
4. Carry out other tasks as assigned by the Digital Government Development Committee.”

Digital Government Development Agency (Public Organization) (DGA)

• Royal Decree Establishing the Digital Government Development Agency (Public Organization), B.E. 2561 (2018), Section 8 (3): “Promote and support the integration and exchange of data between government agencies, the disclosure of government data via digital technology, and serve as a central hub for the exchange of digital government data to facilitate public services and government operations.”

• Royal Decree on the Principles and Procedures for Good Governance (No. 2), B.E. 2562 (2019), Section 10: “Initially, the Digital Government Development Agency (Public Organization) shall establish a digital platform for government agencies to use in providing services to the public and in coordinating with one another within ninety days from the effective date of this Royal Decree.”

• Circular on Public Services and Inter-Government Coordination Using the Central Digital Platform, dated September 8, 2020: This circular defines the Government Data Exchange Center (GDX), developed by the Digital Government Development Agency, as the central digital platform under the Royal Decree on Good Governance (No. 2), B.E. 2562.

• Digitalization of Public Administration and Service Delivery Act B.E. 2562 (2019), Section 19: “Initially, the Digital Government Development Agency (Public Organization) shall operate the Central Data Exchange Center as a temporary measure, but no longer than two years. Upon the expiration of this period, the Digital Government Development Committee shall assess the necessity and appropriateness of transferring the responsibilities of the Central Data Exchange Center to another government agency.”

Personal Data Protection

If a government agency holds digital personal data and intends to allow other agencies to access it via the Government Data Exchange Center (GDX), it must comply with the Personal Data Protection Act (PDPA) B.E. 2562. Under the PDPA, agencies that hold or have access to digital personal data are considered “Data Controllers”. According to Section 27, Data Controllers are prohibited from using or disclosing personal data without the data subject’s consent, except in cases where exemptions apply under Section 24 or Section 27, such as:

1. Public Interest and Government Functions (Section 24(4))
   • If data processing is necessary for public service duties or the exercise of state authority granted to the Data Controller.
2. Legitimate Interest (Section 24(5))
   • If data processing is necessary for lawful interests of the Data Controller or third parties, unless those interests are outweighed by the fundamental rights of the data subject.

The Digital Government Development Agency (Public Organization) (DGA), operating the GDX system, is considered a “Data Processor” under Section 6. It processes personal data on behalf of Data Controllers and follows strict compliance measures under Section 40, which include:

• Processing data strictly as instructed by the Data Controller, unless the instruction violates the law or PDPA regulations.
• Implementing strong security measures to prevent data loss, unauthorized access, modifications, or disclosure, and reporting any data breaches to the Data Controller.
• Maintaining records of processing activities as per regulatory requirements.

To facilitate secure and compliant data exchange between agencies, Data Controllers can establish a formal agreement with the DGA (GDX operator) in the form of a Data Processing Agreement (DPA). For further details, refer to the Guidelines on Personal Data Protection, published by the Legal Research and Development Center, Faculty of Law, Chulalongkorn University.

System Security

The Digital Identity Verification System is hosted on a cloud infrastructure provided and managed by the Digital Government Development Agency (DGA). This government cloud system has a Service Level Agreement (SLA) with at least 99.5% uptime, and it is designed with strong data protection measures. It complies with high-security standards and has been certified for ISO/IEC 27001: 2013, which is an Information Security Management System (ISMS) certification.

Furthermore, the applications and systems involved adhere to the Computer Crime Act (Amendment) B.E. 2560 and the Cybersecurity Act B.E. 2562.

In addition, the system was developed with security considerations, including:

• Application, system, and platform development under ISO/IEC 9001 standards.
• Before deployment, all applications, systems, and platforms undergo thorough testing, including Functional Tests, Performance Tests, and Security Tests. These tests ensure that the system operates flawlessly, is highly available, and has low security risks.

The Digital Government Development Agency (DGA) conducts security tests for applications and platforms using at least two methods:

1. Static Application Security Testing (SAST): This method involves reviewing the source code of the developed application and platform to identify potential vulnerabilities or risks that may expose the system to attacks or breaches by malicious actors.
2. Vulnerability Assessment (VA): This method involves assessing the installed applications and platforms to evaluate whether they are susceptible to attacks due to insecure settings or infrastructure configurations that might not be adequately protected.

Contact Information for Service Requests:

Government agencies interested in using this service can contact the DGA Contact Center via:

Phone: 02-612-6060

Email: [email protected]

Note: This service is not available to the general public or private sector organizations.

More information

For more details on the Government Data Exchange Center (GDX), please refer to the following resources:

• Service Presentation Document (Product Presentation)
• Service Overview Video
• List of Data Available for Exchange via GDX
• Frequently Asked Questions (FAQ)

• Guidelines for Data Exchange via Application Program Interface (API)
• Guidelines for Data Exchange via GDX Web Portal

• Service Request Form