Safe Harbor: Suppression of Dissemination and Removal of Computer Data from the Computer System B.E. 2565 (2022)

Safe Harbor: Suppression of Dissemination and Removal of Computer Data from the Computer System B.E. 2565 (2022)

Recently, the Ministerial Notification of Ministry of Digital Economy and Society (MDES) re: Procedures for the Notification, Suppression of Dissemination and Removal of Computer Data from the Computer System B.E. 2565 (2022) (the “Ministerial Notification”) was published in the Government Gazette, replacing the previous version which came into force in 2017. The Ministerial Notification lays down safe harbor procedures to be complied by service providers and social media platforms in order to be exempted from liability for cooperating, consenting, or supporting offences in relation to illegal computer data under Section 15 of the Computer Related Crime Act B.E. 2550 (2007) as amended by Computer Related Crime Act (No.2) B.E.2560 (2017) (the “CCA”).

According to the Ministerial Notification, service providers offering the following types of service could benefit from safe harbor if they can prove that they have complied with conditions specified therein.

green and white line illustration
  1. Intermediary services, for example, facilitate computer information transmission routing, transitory communication – mere conduit, provide necessary transient storage, or hosting carried out by an automatic technical process;
  2. System caching;
  3. Storing information residing on systems or network at direction of users;
  4. Linking users to computer information by using information location tools; and
  5. Social media platform.

In general, service providers/social media platforms must transmit, storing or linking computer information in their control without any modification or interference and have no collaboration in, relation to or knowledge upon illegal activities specified in Section 14 of the CCA carried out by services users or other third parties. Also, service providers must not receive direct or indirect compensation or benefit for disseminating such illegal computer information.

In addition to the above-mentioned conditions, service providers/social media platforms must also prove that they have implemented Notice & Takedown Policy, which outlines as follows:

security logo
  1. Notification procedures must be adopted by service providers for suppression of dissemination and removal of illegal computer data, providing service users or other third-party channels to report illegal activities. A take down notice must contain at least name and contact details of service providers/social media platforms and complaint form for service users to report, for example, details of alleged perpetration and damages occurred.
  2. Service users can notify illegal computer information by either filing a report or a complaint to the inquiry officer or notifying service providers/social media platforms by completing the provided complaint form.
  3. Service providers/social media platforms must respond expeditiously by suppressing the dissemination of and/or removing illegal computer data from their system as well as forwarding a copy of the complaint form to service users, members, or other relevant persons.  

Furthermore, takedown measures also available to officers by issuing an order to service providers/social media platforms who are reported by an injured person, government officials and etc. to have illegal computer contents in their control. Similar to Notice & Takedown Policy adopted by service providers, upon receiving an order from officers, service providers/social media platforms must expeditiously suppress the dissemination and/or remove illegal computer data as well as forward a copy of the complaint to service users, members, or other relevant persons under their control. However, service providers/social media platforms may file an appeal against the order to the Permanent Secretary of MDES within 30 days from the receipt of order.

Author: Panisa Suwanmatajarn, Managing Director