Significant regulatory change for service providers on storing computer traffic data – Lexology

The Notification of Ministry of Digital Economy and Society Re: Criteria on Storing Computer Traffic Data of Service Providers B.E. 2564 (2021) (the “New Notification”) has been issued to replace the previous Notification of Ministry of Information and Communication Technology Re: Criteria on Storing Computer Traffic Data of Service Providers B.E. 2550 (2007) (the “Previous Notification”). This New Notification has become effective on 14 August 2021 and significantly changes the regulatory obligations with respect to the retention of computer traffic data applied to service providers.

Summary of the key changes are as follows.

1. Additional and updated service providers subject to the New Notification

In this New Notification, the categories of regulated service providers have been expanded significantly. The current regulated categories of service providers are updated to cover new services, whilst the New Notification also regulates new categories of service providers. Please see a summary of the regulated service providers in the table below.

b23cec9c 2a11 43e2 b527 d25ee1c31276 ProxyEgg Significant regulatory change for service providers on storing computer traffic data - Lexology

2. Additional obligations on verification and authentication system, data retention and CCTV

The Previous Notification broadly addresses verification and authentication requirements. However, the New Notification further specifies the user verification and authentication requirements. The user verification and authentication system shall be in accordance with standards specified in the Electronic Transactions Act B.E. 2544.

The service provider shall also provide security measures for storing the computer traffic data, as follows:

  • store the computer traffic data in media, computer equipment or a computer system that can maintain the integrity and authentication of users;
  • set up an access control system for the computer traffic data;
  •  assign a person who coordinates with the MDES official;
  •  the stored computer traffic data must be able to identify and authenticate individual users (e.g., indicating proxy server, network address translation, proxy cache, cache engine, free internet; or Wi-Fi hotspot).

The types of computer traffic data required for each category of service providers has also changed. Each category should further check the applicable requirements.

Under the New Notification, there are new obligations for restaurants or any businesses that offer internet as additional services for customers, such businesses must install CCTV to record user access details, prepare a user log detailing user access each day, and carry out an activity that can identify the identity of the users.

3. Change of data retention period

The New Notification also changes the retention period. In general, the service provider shall store computer traffic data for at least 90 days from the date when such data is input into a computer system. However, if (a) there is reasonable cause to believe that there are offences under the Computer Crime Act; (b) for the purposes of collecting information and evidence on the offences relating to national security, terrorism, or public disorder concerning the use of computer system or computer data; or (c) there are requests from an inquiry officer, the competent official may order the service provider to extend the computer traffic data retention period for a maximum of 6 months consecutively, but not exceeding 2 years in total.

4. Third party service providers must comply with the requirements under the New Notification

Under the New Notification, third party service providers, e.g. cloud service providers, that are engaged by a regulated service provider to store computer traffic data must store, make a copy, keep the computer traffic data, and deliver such computer traffic data to the authorities upon request. Such computer traffic data must be able to identify and authenticate the identity of users as prescribed under the New Notification.

There are other new concepts and requirements under the New Notification, e.g. AI, social media, offshore service providers.

We would like to take this opportunity to highlight that there are significant changes that would likely impact the operation of service providers. The technical requirements of which are quite complex and detailed. Thus, it is imperative that business operators revisit the current practice and are ready for compliance. In terms of enforcement, it remains to be seen how the New Notification could impact offshore service providers as certain names of offshore service providers, e.g. App Store, Google Play, Chatbot, Clubhouse, Telegram, Facebook, YouTube, Instagram, LinkedIn, Line, MSN Messenger, WhatsApp, are specified in the New Notification.

Content is provided for educational and informational purposes only and is not intended and should not be construed as legal advice. This may qualify as “Attorney Advertising” requiring notice in some jurisdictions. Prior results do not guarantee similar outcomes. For more information, please visit:

Source of this news:

Related posts:

Snag yourself a VPN subscription on sale this weekend - Mashable
Deal pricing and availability subject to change after time of publication. If you’re looking for a sign to invest in your internet security, this is it: The below VPN subscriptions of every shape ...
Hiroshi Ishiguro: The Man Who Made a Copy of Himself - IEEE Spectrum
Photo: Makoto Ishida Hiroshi Ishiguro, a roboticist at Osaka University, in Japan, has, as you might expect, built many robots. But his latest aren’t run-of-the-mill automatons. Ishiguro’s recent...
Shortening CIP Security From: Rockwell Automation - Manufacturing. on line
Recently launched to assist manufacturers with CIP security is the Allen-Bradley CIP Florida security Proxy   along with Rockwell Automation. Features and even capabilities include: Can...
Indien Tuweni 2 Adds JSON-RPC Support - iProgrammer
Apache Tuweni has been updated to fassung 2 . 0, with breakthroughs including JSON-RPC clients while servers, and a new filtration systems that application with a simple pants pocket. Apache Tuwen...
3 Easy Steps to Hide Your Geo Location -
Reasons to Learn How Do I Hide My Geolocation? At present, Internet users often face difficulties while trying to access a certain resource or perform necessary action. Governments aim to restrict c...
Why Your Company Should use Proxy Servers? - Foreign Policy 2018
If you are just an average Joe, then you probably don’t have a full understanding of the purpose and use of proxy servers. Most people heard about using a proxy for unblocking the US library on ...
How to Run Etherpad Lite on Ubuntu 20.04 LTS - BollyInside
This tutorial is about the How to Run Etherpad Lite on Ubuntu 20.04 LTS. We will try our best so that you understand this guide. I hope you like this blog How to Run Etherpad Lite on Ubuntu 20.04 LTS...
Microsoft-Signed Rootkit Targets Gaming Regions in China - Briwn Reading
Study have identified a rootkit with a valid digital well-known from Microsoft being being purchased within gaming environments as China. One of the rootkit, called FiveSys, is being used to re...
How to Install Minikube on Debian 11 Bullseye Linux - Linux Shout
Do we really need an entire server or cloud to start with Kubernetes Cluster? The answer is ‘No‘ because it is possible to use Minikube to implement a Kubernetes cluster with just a single node o...
What IT Admins Can Learn From Microsoft's U.S. Government Zero Trust Strategy - TechDecisions
Microsoft this week published along blog post about how the IT giant is helping U.S. federal agencies adopt a Zero Trust architecture and comply with President Joe Biden’s executive order on cybersec...
7 years after it was delisted, P.T. fans struggle to save it - Digital Trends
In August 2014, a historic video game collaboration took place. Hideo Kojima, film director Guillermo del Toro, and publisher Konami came together to create a free downloadable title called “Playable...
'Climategate' still matters – however, not how the BBC thinks it lets you do - Spectator. co. englan...
It is 12 years now since a tranche of emails were scraped from the server of the As well as college of East Anglia regarding became know as Climategate. An East Anglia climate  server was ha...
Are there Most Secure Methods Of Storing Bitcoin? - News Chant MARKET
Nevertheless in 2020 and 2021, the price of cryptocurrencies such as Bitcoin has increased significantly, exceeding it really is previous all-time highs. Often the victims stand by and watch because...
sikka. ai Launches New Is very of Its Award-Winning Sikka API Platform To Optimize Fitness Connectiv...
The Sikka API Ideal provides a single API available for quickly building secure pc care apps for over 90% of the estomatológico, veterinary, orthodontics, oral surgical treatments, chiropractic...
Unpatched RainLoop Webmail Enables Theft of Emails -
Email Security & Protection , Fraud Management & Cybercrime , Incident & Breach Response Researchers Have Identified a Cross-Site Scripting Vulnerability Prajeet Nair (@prajeetspeaks) ...
Four New Maps Added To 2019's Call of Duty: Modern Warfare can KeenGamer News
Image credit: Infinity Keep Points new multiplayer maps have been added to the seemingly lost Call of Duty: Leading-edge Warfare as part of the mid-season update for Warzone and Bl...
Roshan adds Azure capabilities with Windows Server 2022 guidebook IT Brief Australia
Barely a month just like the launch of Windows Internet protokol 2022, users are looking into everything the new platform supplies, including new features like Hyper-V virtual machine support&nbs...
Canonical unveils Ubuntu 21.10 - TechRepublic
The goal is to enhance the developer experience wherever they work, the company said. Image: Canonical More about open source Canonical rolled out Ubuntu 21.10 Thursday, touting it as "the most...

IP Rotating Proxy Onsale


First month free with coupon code FREE30