MDES Notification on Criteria on Storing Computer Traffic Data of Service Providers B.E. 2564 (the “Notification”)
On 14 August 2021, the new Criteria on Storing Computer Traffic Data of Service Providers was issued by the Ministry of Digital Economy and Society (“MDES”) in replacement of the previous criteria which had become effective since 2007.
The service providers will be subjected under the Notification including (i) providing Internet access to the public or enable communication available between persons in other ways through computer systems covering the telecommunication and broadcast carrier, access service provider, host service provider, online application store, and social media service provider; or (ii) store computer data for benefits of other persons including content and application service provider, cloud computing service provider, and digital service provider. Generally speaking, most service providers of popular platforms like App store, Google play, Facebook, YouTube, Instagram, WhatsApp, Clubhouse and Telegram are technically under the Notification.
The regulated service providers are required to arrange verification and authentication, data retention, and CCTV available to all users. Particularly, applicable technology used for verification and authentication must also meet the requirements and minimum standards for reliability and electronic means under the ETA. This obligation applies to the event that a service provider hires a third party to store the computer traffic data on its behalf.
Furthermore, the service providers must store the computer traffic data for a certain period. However, such period may be extended in case there is any reasonable cause to suspect that there would be any offence under the Computer Crime or in relation to the national security, terrorism, public interest or required by an inquiry officer.
Legal Insight Vol. August 2021 of Bangkok Global Law
The PDF file can be downloaded via the link as set below.