On 3 August 2021, The Cabinet has acknowledged the draft Notification of the Ministry of Digital Economy and Society Re: Criteria for Maintaining Traffic Data of Service Providers B.E. …. (“Draft Notification”) as proposed by the Ministry of Digital Economy and Society.

The Objectives

The Draft Notification of the Ministry of Information and Communication Technology Re: Criteria for Maintaining Traffic Data of Service Providers B.E. 2550 (2007) has been enforced for a long time and is inconsistent with the current situation.

This Draft Notification will provide the duties and responsibilities regarding maintaining computer traffic data for service providers and help the investors to promote the investment in electronic services. However, its provisions cause effects to the people and the private sector in which failure to comply with the same can create resulting in penalties as stipulated in the Computer-Related Crime Act B.E. 2550 (2007) and its amendments.

Main Points of the Draft Notification

1. In case that there are specific laws governing for maintaining of traffic data, those will be enforced. Except for provisions related to below activities, the provisions of this Draft Notification will be applied:
   – Event Logging;
   – Protection of Log Information;
   – Log Information Administration and Operation; and
   – Clock Synchronization
2. The specific terms which have been defined in this draft Notification are service providers, digital identification and authentication systems, identification and authentication, computer data, traffic data and social media.
3. The Draft Notification also provides types of service providers obligated to preserve computer traffic data, e.g., telecommunication and broadcast carriers, assess service providers, host service providers, internet cafe service providers, computer program/software/AI technology service providers, online application stores, social media service providers, service providers as a medium for data transmission through computer networks and content and application service providers.
4. The service providers have its duty to provide the digital identification and authentication systems for usersincluding the security measures for administrative safeguard, technical safeguard, physical safeguard and access control.
5. The service providers have its duty to provide secure methods for maintaining the traffic data  by having a confidential data storage system, storing in a computer or system that can maintain the completeness and authenticity of the data including determining the period of maintenance.
6. If the service providers agree with any third party to perform their duties under this Draft Notification, the service providers still need to maintain the traffic data, arrange for a copy of traffic data, possess a copy of identifiable traffic data and deliver to the competent official immediately upon request.