Thailand has made its draft Platform Economy Act (the “Draft PEA”) available to relevant entities in certain industries. The Draft PEA aims to regulate and standardize digital platform service business operations and protect consumers and other stakeholders.
Once the Draft PEA becomes law, the Royal Decree on the Operation of Digital Platform Service Businesses that are subject to Prior Notification B.E. 2565 (2022) and the relevant provisions under the Electronic Transactions Act B.E. 2544 (2001), as amended, will cease to have effect.
The key provisions of the Draft PEA are summarized below.
The definitions of the key terms under the Draft PEA are substantially similar to the definitions of the key terms under the royal decree mentioned above. According to the Draft PEA, “digital platform services” refers to the provision of electronic intermediary services that manage data to facilitate connection, through computer networks, between business users, consumers, or users, regardless of whether remuneration is charged.
The Draft PEA does not apply to digital platform services (DPSs) that are regulated by specific laws and have rules guaranteeing transparency and fairness, or that follow operational standards no less stringent than those required in the Draft PEA. Nonetheless, the Electronic Transactions Development Agency (ETDA) can request or link data relating to exempted DPSs from the relevant supervisory authorities.
Offshore DPSs with certain characteristics are also subject to the obligations under the Draft PEA and will have to appoint a coordinating person in Thailand. However, offshore DPSs will not have to establish a business in Thailand.
General Responsibilities and Obligations
The Draft PEA sets out the following requirements:
- DPSs with (1) at least THB 100 million (approx. USD 2.8 million) in annual revenue from providing the DPSs in Thailand before deducting expenses, or (2) more than 10,000 monthly users in Thailand (calculated from the average monthly usage pursuant to the rules of the ETDA) must report their operations to the ETDA within 30 days of becoming aware that they fall within either of the criteria.
- Upon any changes in the name, type, channel, or other details of a DPS provider or the DPSs, or in the details of the local coordinator, the ETDA must be notified of the relevant information within 30 days from the date of the change. Any changes must also be included in an annual report due 60 days from the end of each calendar year for individuals or from the end of each fiscal year for legal entities.
- DPS providers are responsible for the lawfulness of their users’ data and any other data transmitted through the DPS, unless it can be proved or evidence can be shown in court that the DPS acts only as an intermediary for the transmission of the data and does not store it, or that the DPS does not have access to the data.
- DPSs that do not only act as intermediaries for the transmission of data, or for which the provider can access users’ data or other transmitted data, must implement a system, mechanism, or procedure enabling other persons to report illegal acts or noncompliance. Upon receiving such a report, the DPS must delete or block the illegal data. If the DPS determines that there is no illegal data or noncompliance, the finding must be promptly reported to the ETDA.
- Measures for the alleviation of injuries, compensation, and remediation must be in place.
Additional Obligations for Certain DPSs
Additional obligations are imposed on two categories of DPSs that have specific characteristics.
A “specific type of DPS” is one that provides all of the following services:
- Sending and receiving data of users and other persons;
- Storing data of users and other persons; and
- Matching different categories of users to facilitate electronic transactions or for the benefit of selling and purchasing goods or services through the DPS.
These specific types of DPSs are obligated to notify users of the laws relating to the purchasing of goods or services and the associated risks; implement a notification system for products that are required by law to have an expiry date; monitor and ensure that the DPS will not be used for illegal activities and immediately report any suspicious activities to the ETDA; implement an identity verification system; and submit an annual report to the ETDA on the DPSs’ transparency, among other obligations.
A “large DPS” is one that:
- Has over THB 1 billion in annual revenue, before deducting expenses, from the provision of a DPS in Thailand;
- Has over 100,000 monthly users in Thailand; or
- Poses a high risk to Thailand’s economy and social stability, or a high risk of potential damage to the public.
Large DPSs are obligated to engage external experts to assess risks at least once a year; arrange for IT audits; appoint a chief compliance officer to liaise with the ETDA and other competent authorities; disclose factors and methods used for processing data to offer goods or services as well as the ranking of those goods or services; and implement channels to enable users to exercise the right not to receive advertisements, among other obligations.
In cases of DPS cessation, notification of the cessation must be made to the ETDA at least 60 days prior to the date of cessation. For large DPSs, the cessation notification must be submitted at least 120 days in advance, along with a plan and measures for taking care of users after the cessation. A DPS only ceases once a receipt of notification for the cessation has been issued by the competent official.
Blockage of the Transmission of Data
If there is a transmission of illegal data through a DPS, the ETDA may order that the transmission of data by or to a user be blocked. If the order is not complied with, the ETDA may file a petition with the court requesting an order to block the transmission of data on the DPS.
Whistleblowers and Trusted Flaggers
The ETDA has the duty to recruit, examine, and certify whistleblowers or trusted flaggers and announce the list of certified whistleblowers on its electronic channel. Providers of specific types of DPSs or large DPSs must collaborate with the whistleblowers on certain aspects, such as by having a channel for whistleblowers to register their accounts and so on.
Agreements between DPSs and Users
Operators must clearly declare terms and conditions to users before and during service usage, addressing certain required items such as terms of service, suspension or termination of services, and service fees.
The ETDA and the Office of Trade Competition Commission (OTCC) will collaboratively establish criteria for determining the list of gatekeeping platforms and will publish it within six months of the criteria coming into effect.
The ETDA and the OTCC may issue regulations on behaviors, service conditions, and any other activities that are deemed to be an unfair exercise of gatekeeping platforms’ business power (ex-ante regulations).
The Draft PEA will be disclosed for a hearing involving relevant stakeholders and the public before the first draft is finalized.
For more details on digital platform services in Thailand, or on other aspects of the country’s technology-related laws, please contact Athistha (Nop) Chitranukroh at [email protected], Gvavalin Mahakunkitchareon at [email protected], Pornpan Wichawut at [email protected], Thammapas Chanpanich at [email protected], or Rada Lamsam at [email protected].