Thailand’s amended Computer Crimes Act (CCA) came into force in May 2017. While the new law addresses some of the intricacies regarding the interaction between parties that create and disseminate information and those who provide the services to facilitate them, there are those who feel the amended CCA is still somewhat broad.

Here is an overview of some of the more relevant changes:

Broader powers for ministry and officials regarding computer crimes

The amended CCA recognizes the new ministry created to oversee information technology laws and regulations, the Ministry of Digital Economy and Society. More importantly, the amended CCA contains numerous sections and clauses providing officials broad powers to investigate.

With “reasonable belief”, officials can request traffic and user-related data from service providers and demand suspect data, or even the device or entire system holding that data, from any person in possession of such. In addition to the possibility of gaining access to computer systems, officials can also demand the removal of information that they deem illegal under the amended CCA.

Opt-out requirements

Section 11 expands from prohibiting sending hidden malware (spyware, viruses, cookies etc.) in data transfers or email to include unsolicited emails (spam). In the case of spam, the sender must offer an easily accessible method to opt out, so recipients can refuse to receive future emails. Specifics regarding the opt out method is left to a future Ministerial Notification.

Data manipulation

Section 14, which covers computer data that is distorted, forged, or false or that can be deemed obscene, related to terrorism, or damaging to national security, both broadens and narrows certain aspects. Data manipulation that causes public or individual damage must be with malicious intent, although offenses under this clause may fall under other clauses of this section. Also, language regarding falsifying data that may damage the Kingdom has expanded to include not just national security, but public safety and the nation’s economy and infrastructure.

The amendment distinguishes between certain data manipulation offenses against the public and against individual. The punishment for actions against an individual is less (three years / 60,000 baht versus five years / 100,000 baht). However, the penalties against individuals can be compounded.

Hosting, dissemination, and social media

The amended CCA now allows for persons and companies that unknowingly host, receive, or disseminate offensive materials to be relieved of liability by reporting or deleting such. However, criteria and screening process is broader and more stringent.

Penalties for posting content that may damage a person’s, or their relatives’, reputation or cause them harm have been increased. However, language was added to allow for “fair criticism” of certain public persons or entities. Nevertheless, this does not override the lese majeste laws.

GPS Legal is here to assist

Since every company today relies on computer technology in some form, this law will affect your business in one way or another. If your company is Information and Communications Technology (ICT)-related, there are many other provisions that need to be considered carefully.

At GPS Legal, we want to make sure your business, regardless of industry, is compliant with the law and understands the protections afforded by them. Please feel free to contact us with any questions or concerns.