Review of e-commerce legislation harmonization in the Association of Southeast Asian Nations (ASEAN) [UNCTAD/DTL/STICT/2013/1]
- In Brief
- Electronic transactions law
- Consumer protection
- Privacy and data protection
- Online content regulation
- Cybercrime and cybersecurity
The Electronic Transactions Act 2001, one of the core cyberlaws, has been complemented by numerous Subordinated Laws (Royal Decrees) and other Government notifications, including a regulation for e-payment service providers, security policy and practice guidelines for the government sector, and data protection policy and practice guidelines for the government sector. Thailand is interested in joining the United Nations Convention on the Use of Electronic Communications in International Contracts and in 2008 Thailand revised and updated the Electronic Transactions Act.
In 2007 Thailand enacted the Computer Crime Act. Thailand has still to advance on draft data protection legislation and there are some challenges in relation to skills and funding for law enforcement agencies and the courts in relation to the implementation of e-commerce laws.
E-commerce in Thailand is promising with an overall Internet use of 24 per cent in 2011. Online payment methods are being developed to support the development of e-commerce. Thailand also enjoys a high level of mobile penetration.
Electronic transactions law
The Electronic Transactions Act 2001 sets out the legal framework for the validity of electronic signatures and electronic transactions. The Act addresses such issues as legal formalities and evidentiary status. The Electronic Transactions Act, which entered into force in April 2002, governs both civil and commercial transactions made electronically, with exceptions only as may be prescribed by Royal Decree pursuant to the Act. It does not override laws and regulations intended for consumer protection.
The Act includes a mix of provisions from several international models, but the key sections follow the UNCITRAL Model Law on Electronic Commerce (the electronic signatures sections cover the Model Law on Electronic Signatures). A draft bill with amendments aimed at aligning the law with the United Nations Convention on the Use of Electronic Communications in International Contracts, to which Thailand is considering becoming a party.
The Consumer Protection Act 1979 and other legislations such as the Unfair Contract Terms Act 1997, the Direct Sales and Direct Marketing Act 2002, the Civil and Commercial Code and the Panel Code may afford consumers engaging in e-commerce some protections and avenues of redress. While the provisions in these laws are not tailored to the unique circumstances encountered in the electronic environment, they may nevertheless apply to afford consumers some protection online.
Privacy and data protection
Draft legislation (the Personal Data Protection Bill), has been under development for many years. Once this Personal Data Protection Bill passes, it will be the comprehensive data protection legislation in Thailand and apply to government and private sectors. Although Thailand does not currently have comprehensive data protection or privacy laws, the principles of privacy and data protection are fundamental to several specific data protection legislation providing personal information protection and prohibiting unauthorized disclosure in certain circumstances as follows:
- The Constitution of Thailand 2007 provides the basic protection of a person’s family rights, dignity, reputation and the right of privacy (section 35 of the Constitution). Some breaches could also be subject to restrictions on disclosure of pictures or statements which violate or affect a person’s privacy, reputation or dignity (section 34 of the Constitution).
- The Official Information Act 1997 protects personal information of Thai people and foreigners resident in Thailand which are maintained by the state agencies.
- The Penal Code provides the restrictions on disclosure of secret information in certain relationships (sections 323 and 324 of the Penal Code).
- Furthermore there are other specific regulations to protect personal information under the Credit Information Business Act 2002, the National Health Act 2007, the Statistics Act 2007 and the Broadcasting and Television Business Operations Act 2008. The sale or disclosure of personal information without the consent of the relevant person could be subject to the privacy related provisions of section 37 of the Constitution and section 74 of the Telecommunications Business Act.
- Data protection policy and practice guideline for state agencies1 modelled on the OECD Privacy Guidelines is also available to provide the preliminary guideline for state agencies to use in setting the policy and practice in personal information protection in electronic transactions.
Online content regulation
Thailand carefully considers measures to control content on the Internet which may affect the national security ground. The Ministry of Information and Communication Technology provides software for preventing inappropriate contents which is publicly available to the users.
Cybercrime and cybersecurity
In 2007, the Act on Commission of an Offence relating to Computer 2007, commonly known as the Computer Crime Act, came into force in Thailand. It contains provisions for offences committed against computer system and computer data and provisions regarding the use of computer to commit computer crimes. The key provisions follow the text of the Budapest Convention on Cybercrime. In addition to the Computer Crime Act, other legal measures under the Electronic Transactions Act are also issued to increase public awareness of information security as follows:
(a) The Notification of Electronic Transactions Commission on Policy and Practice in the Information Security of a State agency 2010;2
(b) The Notification of Electronic Transactions Commission on Category of Electronic Transactions and Rules on Assessment on the Scale of Impact of Electronic Transactions Pursuant to Security Techniques 2013;3
(c) The Notification of Electronic Transactions Commission on Information Security Standards in accordance with Security Techniques 2013.4
Online dispute resolution and domain-name regulation
In order to regulate domain names, Thailand relies on the Trademark Act 1991, which is the legislation providing the protection to all trademarks and service marks registered in Thailand.
 The Notification of the Electronic Transactions Commission on Policy and Practice Statement on Personal Data Protection of a State Agency 2010 (B.E. 2553) is issued under the Royal Decree Prescribing Rules and Procedures of Electronic Transactions in the Public Sectors 2006 (B.E. 2549).
 The Notification of Electronic Transactions Commission on Policy and Practice in the Information Security of a State Agency 2010 (B.E. 2553) is issued under the Royal Decree Prescribing Rules and Procedures of Electronic Transactions in the Public Sectors 2006 (B.E. 2549).
 The Notification of Electronic Transactions Commission on Category of Electronic Transactions and Rules on Assessment on the Scale of Impact of Electronic Transactions Pursuant to Security Techniques 2013 (B.E. 2555) is issued under the Royal Decree regarding Security Techniques in Performing Electronic Transactions 2010 (B.E. 2553).
 The Notification of Electronic Transactions Commission on Information Security Standards in accordance with Security Techniques 2013 (B.E. 2555) is issued under the Royal Decree regarding Security Techniques in Performing Electronic Transactions 2010 (B.E. 2553).