Section 21. If a relevant competent official found that any computer data contains
undesirable sets of instructions, a relevant competent official with the authority to prohibit the
sale or dissemination of such, may instruct the person who owns or possesses the computer
data to suspend the use of, destroy or correct the computer data therein, or to impose a
condition with respect to the use, possession or dissemination of the undesirable sets of
The undesirable sets of instructions under paragraph one shall mean to include sets of
instructions that cause computer data, a computer system or other instruction sets to be damaged,
destroyed, corrected, changed, added, interrupted or, fail to perform according to pre-determined
instructions or otherwise as required by a relevant Ministerial Rule, with the exception of sets of
instructions aimed at preventing or correcting the foregoing sets of instructions as required by a
Minister and published in the Government Gazette.
Section 22. A relevant competent official shall not disclose or deliver computer data,
computer traffic data or service users’ data acquired under Section 18 to any person.
The provisions under paragraph one shall not apply to any actions performed for the
benefit of lodging a lawsuit against a person who has committed an offence under this Act or
for the benefit of lodging a lawsuit against a relevant competent official on the grounds of
their abuse of authority or for action taken according to a court’s instruction or permission.
Any competent official who violates paragraph one must be subject to imprisonment
for no longer than three years or a fine of not more than sixty thousand baht, or both.
Section 23. Any competent official who commits an act of negligence that causes a
third party to know of computer data, computer traffic data or a service user’s data acquired
under Section 18 must be subject to imprisonment for no more than one year or a fine of not
more than twenty thousand baht, or both.
Section 24. Any person knowing of computer data, computer traffic data or a service
user’s data acquired by a relevant competent official under Section 18 and disclosing it to any
person shall be subject to imprisonment for no longer than two years or a fine of not more
than forty thousand baht, or both.
Section 25. Data, computer data or computer traffic data that the competent official
acquired under this Act shall be admissible as evidence under the provision of the Criminal Procedure Code or other relevant law related to the investigation, however, it must not be in
the way of influencing, promising, deceiving or other wrongful ways.
Section 26. A service provider must store computer traffic data for at least ninety days
from the date on which the data is input into a computer system. However, if necessary, a
relevant competent official may instruct a service provider to store data for a period of longer
than ninety days but not exceeding one year on a special case by case basis or on a temporary
The service provider must keep the necessary information of the service user in
order to be able to identify the service user from the beginning of the service provision, and
such information must be kept for a further period not exceeding ninety days after the service
agreement has been terminated.
The types of service provider to whom the provisions under paragraph one shall
apply and the timing of this application shall be established by a Minister and published in the
A service provider who fails to comply with this Section must be subject to a fine of
not more than five hundred thousand baht.
Section 27. If any person fails to comply with the instructions of court or relevant
competent official under Section 18 or Section 20 or fails to comply with the court’s
instruction under Section 21 shall be subject to a fine of not more than two hundred thousand
baht and a further daily fine of not more than five thousand baht until the relevant corrective
action has been taken.
Section 28. Regarding the appointment of a competent official under this Act, the
Minister shall appoint persons with knowledge of, and expertise in, computer systems and
having the qualifications as required by the Minister.
Section 29. In performance of the duties under this Act, the competent official
appointed by the Minister shall be an administrative officer or a senior police officer under the
Criminal Procedure Code competent to receive a petition or accusation and be authorized to
investigate only on an offence under this Act.
In arresting, controlling, searching, investigating, and filing a lawsuit against a
person who commits an offence under this Act, and for what is within the authority of an
administrative officer or a senior police officer, such competent officer shall coordinate with
the relevant investigating officer in charge to take action within their authorized duties.
The Prime Minister is in charge of the Royal Thai Police Headquarters and with a
Minister shall have a joint authority to establish a regulation with respect to the means and
action-related procedures under paragraph two.
Section 30. In the performance of duties, a relevant competent official must produce
an identity card to a relevant person.
The identity card shall be as per the form required by a Minister and published in the
General Surayud Chulanont
  
Vol.124 Section 27 Kor Government Gazette 118 June 2007.