Thailand’s amended Computer Crime Act, which took effect in May this year, has brought about much needed changes in the way businesses can conduct electronic marketing. Spammers will now face criminal charges and hefty penalties if found guilty.

The latest rules are in line with Thailand’s national efforts in digital transformation as part of the “Thailand 4.0” policy to develop the country into a value-based economy driven by technology and innovation. To further this goal, the Thai government is actively promoting digital platforms, research and development, and science and technology.

Earlier this year, the Electronic Transactions Development Agency (ETDA) also revealed that in 2016, Thai people will use the internet, on average, 45 hours per week or 6.4 hours per day.  Notably, 75.8 percent of that internet time will be spent on electronic messages.  This high usage volume has provided plenty of electronic marketing opportunities, which continues to be one of the most economical ways to conduct marketing in Thailand.

To facilitate this economic change, and to provide legal protection for online users, the government and the National Legislative Assembly have updated a number of key laws, including the Computer Crime Act. The Ministry of Digital Economy and Society is also developing subordinate regulations to support the Computer Crime Act. One noteworthy area of change has been to the legal restrictions on inappropriate electronic marketing, and particularly spam emails.

Electronic marketing offenses under Section 11 of the Computer Crime Act

Although Section 11 of the old Computer Crime Act prohibited sending emails or electronic data which had concealed or falsified origins that affected the normal operation of a recipient’s computer, it did not apply to electronic marketing spam – emails or electronic data that disturbed the recipients. To address this exclusion, section 11 of the new Computer Crime Act makes it an offense to send emails or electronic data that disturbs recipients, and which do not allow recipients to unsubscribe.

The Ministry of Digital Economy and Society also subsequently issued a Ministerial Notification for Characteristics and Methods of Sending Data Deemed Not to Cause a Disturbance to the Recipient, which defines the types of emails and data that are not considered to cause disturbances to recipients. The notification provides “safe harbor rules” for businesses to abide by in their electronic marketing campaigns, when emailing existing or prospective customers, business partners, or third parties.

Safe harbor rules under the Computer Crime Act

Under the “safe harbor rules”, a “sender” is defined as any person who intends to send company emails or data for commercial purposes, and any website, application or social media operator that advertises or supports the sending of such email or data. The rules do not apply to telecommunications business operators that act as intermediaries for transmitting such emails or data, in order to prevent undue criminal liability for these operators when third parties use their services and networks.

The following types of data are not considered to cause a disturbance to recipients:

1. Data sent to another person as evidence of an agreed contractual transaction, or for compliance with the law, or for expressing a relationship or a legal relationship between each other;
2. Data sent by government authorities that enforce the law, and for non-commercial purposes;
3. Data sent by an educational institution, a charitable body, or other organizations, and for non-commercial purposes; and
4. Data sent in a legal manner which does not violate any individual rights, and for non-commercial purposes.

Emails or data that are sent for commercial purposes, and do not fall under the scope of the above, are only permissible when the recipient’s consent has been obtained. The following conditions for opting out or unsubscribing must also be met:

• The data must specify signs, details, and processes that will enable the recipient to opt out or unsubscribe from receiving such data, and must include technical measures that will enable the recipient to do so quickly.
• A sender who receives a request to unsubscribe must cease sending data to the recipient immediately if possible, or, in certain circumstances, within seven days after receiving the request.
• The process or request form for opting out or unsubscribing must not be conditional and must not divert the recipient to any additional commercial purposes (e.g. clicking on an opt-out link takes the user to other websites or sales distribution channels).
• If the sender continues to send data to the recipient after a request has been made, the recipient may send a second written request by way of email, registered postal mail with a return address, or through other channels by which they can confirm receipt. If the sender continues to send data after receiving a request of this nature, they are deemed to be committing a spam offense.

Implications for electronic marketing

Under the new rules, an offense incurs a maximum fine of THB 200,000 levied against each single spam email. It is thus important for corporations that engage in online business activities to comply with the safe harbor rules and be cautious in their online communications to avoid potential exposure to this penalty.

As the new Computer Crime Act and subordinate regulations have only been in effect for a short period, it remains to be seen how requirements can be complied with in practice. There are a few interesting issues to consider, such as how a sender can obtain consent from a recipient, and whether implied consent is acceptable. It should also be noted that the safe harbor notification grants the permanent secretary of the Ministry of Digital Economy and Society the authority to interpret and consider any issues arising from actions under the notification, which leaves open the possibility of additional legislative changes in the near future.