2007 CCA | Draft CCA |
Article 15 Any service provider intentionally supports or consents to an offence under Article 14 within a computer system under their control shall be subjected to the same penalty as that imposed upon a person committing an offence under Section 14. | Option 1 “Article... service provider who is or should be aware of any computer data deemed a violation of the Article... (information deemed an offence to national security) or Article... (If any information which may compromise national security) is found in the computer system under the charge of the service provider and he fails to promptly act to deal with it or to halt the dissemination of such information shall be subjected to the same penalty rate in the Article”
Option 2 (To encourage the application of Notice and Take Down and to develop guidelines or procedure based on which a service provider can collectively use, similar to best practice) “Article... When a service provider is aware or should be aware of or has been informed by competent officer of an act deemed an offence by the Article ... (If any information which may compromise national security) or Article ... (If any information which may compromise national security) and that data is stored in the computer system under his charge, the service provider should promptly act to deal with it or to halt the dissemination of such computer data within an appropriate amount of time since the time he is made aware of or has been informed or within the time specified by the competent officer. If the service provider fails to promptly act to deal with it or to halt the dissemination of such computer data, he shall be subjected to... Service provider in the first paragraph refers to a person in charge is designated to oversee the data stored in the computer system under one’s charge. The guidelines and procedure of the competent officer in the first paragraph shall be in compliance with the notification made by the cabinet.” |
One of the most pertinent problems of the 2007 CCA is the imposition of liability on service provider who "intentionally supports or consents to” the dissemination of offensive information at the same penalty as the offender themselves. Such a provision hampers growth of online business as a number of entrepreneurs would be quite afraid that they could be held liable despite their unintentional support or consent given therein. The provision simply encourages widespread self-censorship.
In the new draft, the wording has been changed. The phrase that a service provider who "intentionally supports or consents to” has been changed to that a service provider who “is or should be aware of”, particularly an offence against national security.
The drafting committee proposes two options which are not very dissimilar. The first option puts it that a service provider “is automatically or should automatically be aware of”, an assumption of which came from the fact that since the service provider is in charge of the computer system, they are aware of or should be aware of the existence of the computer data deemed offensive.
The second option simply treats it as an automatic obligation of a service provider and only adds to the phrase “a service provider who is aware of or should be aware of or has been informed by a competent officer to promptly act to deal with it or to halt the dissemination of such information.
According to a commentary to the draft law (http://ilaw.or.th/sites/default/files/pdf_6.pdf), the drafters explain that the provision makes it clear that a service provider is not supposed to be aware only when they are informed by the competent officer that there is offensive computer data in the computer system under their charge. It is supposed that a service provider should already have a measure to oversee it. If the provision only provides that such “awareness” has to exclusively stem from notification of competent officer, it could be used as a legal loophole by the service provider to fail to ensure appropriate oversight of their own computer system and to screen out any offensive information.
It should be noted that the phrasal change from that a service provider who "intentionally supports or consents to” to “is or should be aware of” has not done much change to its implication. An attempt to describe interaction between competent officer and service provider after the notification is made is not identical to Notice and Take Down measure, since the draft law fails to spell out guidelines and procedure and only imposes automatic liability to a service provider.
