In the information age, e-commerce such as online retail sales is growing fast as a result of the vast increases in the number of people who use the internet around the world. At the same time, many criminal activities are occurring via this new way of trade communication. The traditional laws of Thailand, however, do not cover all aspects of these activities. Thus, Thailand has enacted new laws, namely, the Computer-Related Crimes Act B.E. 2550 (“Computer Crime Law”).
Under the Computer Crime Law, activities that are considered to be criminal include illegal accession to other people’s computers, inputting into a computer system wholly or partly fake or false computer data, inputting data that is against national security, etc. If a person commits a crime under this Computer Crime Law, they will be punishable under both civil and criminal penalties. Moreover, an important function of this Computer Crime Law is the supervision of the responsibilities of service providers.
Service providers under this Law covers several types of business operators. According to the Law, all business operators having a system to communicate among their employees and third parties have to be aware that they are also considered as service providers. All providers are required to maintain records of the traffic data on their systems such as access logs specific to users and authorization servers, date and time of connection to the server, IP addresses of connections to the server, user ID and sender and receiver e-mail addresses, etc. for not less than 90 days from the date when such data was entered into a service provider’s computer system in secured media which can identify a user. These records will be kept for the purpose of evidence if a crime occurs.
Service providers are also required to keep a record of users’ data as necessary for the purpose of identifying the user from the first day of such a service and store such users’ data for not less than 90 days. Any providers who fail to comply with the above duties shall be liable to be fined not exceeding 500,000 Baht. Moreover, service providers shall not intentionally support or give consent to the commission of an offence such as inputting into a computer system wholly or partly fake or false computer data that is likely to cause damage to another person or the public, inputting into a computer system false computer data in a manner that is likely to undermine national security or to cause public panic or inputting into a computer system pornographic computer data that is accessible to the public or publishing, etc. Any providers who commit any of the above offences will be liable to imprisonment for a term not exceeding 5 years or a fine not exceeding 100,000 Baht, or both.
It has been said that Thailand now has laws to protect against abuses of business operations on the internet. The relevant parties, especially service providers, should therefore be aware of their responsibilities under the law. And as business practices and technology continue to change rapidly, authorities must keep the laws up-to-date in order to adequately address all new coming practices and technologies.
By Panisa Suwanmatajarn, Associate © July 2011
Khun Panisa can be reached at firstname.lastname@example.org