The Ministry of Digital Economy and Society of Thailand (“MDES”) has finally enacted its five Ministerial Notifications under the Computer Crimes Act (No. 2) B.E. 2550 (A.D. 2007) as amended by the Computer Crimes Act No. 2 B.E. 2550 (A.D. 2017) (“CCA”). They were published in the Royal Gazette on 22nd July 2017 and they have come into effect since 23rd July 2017.  Below are some of their issues:-

1. The Ministerial Notification on the Characteristics and the Method of Sending Data Deemed Not Causing a Disturbance to the Recipient B.E. 2560 (A.D. 2017)

The CCA explicitly addresses the issues of spam emails and imposes penalty on a person who sends a computer data or an email to a recipient causing a disturbance to the recipient.

This Ministerial Notification sets forth that if a computer data or an email is sent for the purpose of communicating between parties to a contract or as a transactional evidence of a transaction where both parties have already agreed or for performing a legal obligation or legal relationship, its sending is not considered as causing a disturbance to its recipient. Sending of a computer data or an email by the government or a government agency for the purpose of law enforcement, notification of laws, regulations, rules, orders or any administrative juristic act without any commercial purpose is not considered a spam. A computer data or email sent by an education or charity organization without any commercial purpose is also not considered a spam.

A computer data or an email besides those mentioned above must have technical measure or other method made available by the sender via computer which allows the recipient to easily opt-out or unsubscribe to the said data or email.

After receiving a request to opt-out or unsubscribe from the recipient, the data sender must promptly cease sending the computer data or email to the recipient. If there is a reasonable cause for not being able to cease sending such data promptly, the data sender must cease sending it within 7 days from the date of receipt of the opt-out notice from the recipient.

However, a failure to cease sending a computer data or email to the recipient after receiving the first opt-out or unsubscription notice does not bring any legal liability to the sender. If the recipient sends another opt-out or unsubscription notice to the data sender and if the data sender continues sending the computer data or email to the recipient after the second time notice, the sender will then be subject to a fine not exceeding THB200,000.

The Ministerial Notification does not apply to a data sender who is a telecommunications service provider.

2. The Ministerial Notification on Procedures for the Notice, Suppression of Dissemination and Removal of Computer Data from the Computer System

Under the CCA, any service provider who “cooperates, consents or acquiesces” to a computer crime shall face the same penalty as the offender. However, if service providers are able to prove compliance to this Ministerial Notification, they shall be exempted from penalties.

Under this Ministerial Notification, a service provider must provide a measure for a take-down notice to be submitted by a user or a third party for removal or deletion of an alleged illegal content from its computer system. When a user or a third party finds an illegal content on a service provider’s computer system, that user or third party can file a report or a complaint with the police and then submit a formal notice with the service provider giving details of the illegal content.

After the service provider receives the take-down notice, it must promptly delete or amend such computer data to avoid its further dissemination, make a copy of the take-down notice and forward it to the user or member who is in control of such data and suppress the illegal computer data as soon as possible within the period prescribed in this Ministerial Notification. The applicable timeframes vary by type of illegal content. For instance, if a computer data is obscene and that computer data may be accessible by the public, the timeframe for removal or suppression of such computer data in the computer system is 3 days from the date of receipt of a formal notice with the evidence. If a computer data alleged illegal is likely to damage the maintenance of national security, public security, national economic security or public infrastructure serving public interest or cause panic in the public, the timeframe for removal or suppression is only 24 hours from the date of receipt of a formal notice with the evidence.

3. The Ministerial Notification on the Appointment of the Settlement Committee under the Computer Crime Act

The CCA has established a Settlement Committee with members to be appointed by the Minister of MDES. The Settlement Committee has the power to settle a case through the payment of fines for some criminal offenses under the CCA, such as the unauthorized access of a computer system, disclosure of preventive measures for accessing a computer system, or bringing false information into a computer system.

Under this Notification, in case where an offender confesses of a crime against a person and if the injured person agrees to have the case settled by payment of a fine, the Settlement Committee will set the amount of fine to be paid by the offender considering the severity of the offense, the circumstances of the offense, the damage to the society and/or other users in a computer system, behavior of the offender, occupation, size of business and other factors. An offender whose case is settled by payment of a fine set by the Settlement Committee must pay the fine within 15 days from the date of settlement. Once the case is settled, the right to criminal prosecution under the criminal procedural law for that offense ceases but the rights of the injured person to claim for damages for tort or other civil action continues to exist.

4. The Ministerial Notification on the Appointment of the Computer Data Screening Committee under the Computer Crime Act.

The CCA has established a Computer Data Screening Committee with power to permit officials request a court order to block or destroy any data which is contrary to the public orders or good morals of the Thai people. For determining if a computer data is contrary to the public order and good morals of the Thai people or not, the Computer Data Screening Committee must take into account precedent established by prior Supreme Court judgments and the Thai social context.

Under this Notification, the Computer Data Screening Committee will consist of a Chairman and seven committee members, three of whom shall come from relevant private sector in the fields of human rights, public communication, information technology, or other related field.

5. The Ministerial Notification on the Criteria, Duration and Procedure to Stop the Dissemination of Computer Date or the Removal of Computer Data by the Competent Official or the Service Provider

Under the CCA, if there is dissemination of a computer data from a computer system which is actionable per the CCA, the competent official with approval from the Minister of MDES may file a petition with supporting evidence to the Court of jurisdiction to ask the Court to issue a writ to suppress the dissemination or to remove such computer data from the computer system.

Under this Notification, when the Court issues such writ, the competent officials may themselves suppress the dissemination or remove the computer data or instruct the service provider to suppress the dissemination or remove the computer data.

If the competent officials are to suppress the dissemination or remove the computer data themselves, they must do it promptly after receiving the writ of the Court except for the case where there is a reasonable cause for not being able to do as such at that time. In such case, the competent officials are to do as ordered by the Court within seven days. If the service provider is instructed by the competent official to suppress the dissemination or remove the computer data from its computer system as ordered by the Court, the service provider must do so within the period prescribed in the official’s instruction except for the case where there is a reasonable cause for delay which is allowed for no later than 15 days.