Five Ministerial Notifications Under the Computer Crime Act Finally Come Into Force
In our May 2017 Client Alert (accessible via this link), we mentioned five draft Ministerial Notifications, which prescribe regulations and establish certain important procedures that correspond to provisions of the Computer Crime Act (the CCA). These Notifications were since passed and came into effect on 23 July 2017. Below are some of the key amendments to each.
1. The Ministerial Notification re: the Characteristics and the Method of Sending Data Deemed Not Causing a Disturbance To The Recipient.
The CCA criminalizes the sending of computer data that causes a disturbance to the recipient without allowing the recipient to easily opt out from receiving such data. This Notification clarifies that provision. It excludes telecommunications service providers from the definition of the term “sender of data,” prescribing that a telecommunications service provider is merely a medium for the sending of the computer data and/or emails (i.e., not the actual sender).
In practical terms, this amendment offers protection to telecommunications service providers, ensuring that they will not be deemed criminally liable for use of their network by senders of data to send data that otherwise qualifies as a disturbance to a recipient.
2. The Ministerial Notification re: Procedures for the Notification, Suppression of Dissemination and Removal of Computer Data from the Computer System.
The CCA provides safe harbor for service providers whose computer system contains illegal content. If the service provider can prove that they followed procedures under this Notification, then that service provider is exempt from penalties.
This Notification establishes specific timeframes (i.e., 24 hours, 3 days, and 7 days) during which service providers must take down illegal content. The applicable timeframes correspond to different types of illegal content. For example, if content threatens national security, public safety, and/or national economic security, the removal timeframe is 24 hours following the submission of notice and applicable evidence by end users to the service providers.
In addition, for the first time, this Notification prescribes a counter-measure available for owners of data to object to the suppression or removal of their data by submitting a formal notice to the service providers together with the required evidence (e.g., a complaint filed with the police).
It is worth noting that the safe harbor procedures under this Notification vary for each service provider (i.e., Internet service providers, online service providers, cloud computing services, data centers, portal websites, and social media sites). If service providers do not follow the procedures set forth in this Notification, they will lose the safe harbor protection and be subject to the same penalty as the person who uploaded or input the illegal content into the computer system.
3. The Ministerial Notification re: the Appointment of the Settlement Committee under the Computer Crime Act.
The previous draft of this Notification established the Settlement Committee's authority to settle certain violations under the Computer Crime Act through the payment of fines, prescribing that any fine amount shall be based on the severity of the charges, the circumstances of the offense, and other factors. The final revision, which is now in effect, adds that precedent fines in other cases should also be taken into account.
If a case is settled pursuant to the procedures set forth in this Notification, the right to criminal prosecution under the law of criminal procedural for such an offense ceases.
4. The Ministerial Notification re: the Criteria, Duration, and Procedure to Stop the Dissemination or the Removal of Computer Data by the Competent Official or the Service Provider.
The CCA establishes that pursuant to a court order for removal of illegal data, competent officials may (1) remove such data themselves or (2) order the service provider to remove such data. This Notification establishes that the Ministry of Digital Economy and Society, for the purpose of ensuring the removal of illegal content pursuant to such a court order, may put in place a directory of removal orders so the status of the removal can be monitored and examined.
It is important to emphasize that the removal of illegal content under this Notification applies when there is the court order. However, safe harbor under the Notification described in no. 2 above applies to the removal of illegal content without a court order.
5. The Ministerial Notification re: the Appointment of the Computer Data Filtering Committee under the Computer Crime Act.
The CCA establishes a Computer Data Filtering Committee (the “Filtering Committee”), empowered to reduce the dissemination of computer data that violates public order and good morals. The previous draft of this Notification set out the powers and duties of the Filtering Committee regarding such data.
The final revision adds that in making any such determination whether such data violates public order and good morals, the Filtering Committee must take into account precedent established by prior Supreme Court judgments and the Thai social context.
As these five Ministerial Notifications are already in effect, we advise careful observation of and compliance with the criteria set forth therein. We will continue to provide practical updates as further developments occur.