You are using an outdated browser and your browsing experience will not be optimal. Please update to the latest version of Microsoft Edge, Google Chrome or Mozilla Firefox. Install Microsoft Edge

July 1, 2025

Thailand’s Data Privacy Landscape in the First Half of 2025

Now halfway through 2025, Thailand continues to advance in the realm of data privacy, with the ambitious goal of achieving zero data breaches. The Personal Data Protection Committee (PDPC), an independent government body established by the Personal Data Protection Act (PDPA), is taking a more proactive approach, having published several rulings and orders to enhance data protection measures and clarify compliance expectations for businesses.

Here is a look back at Thailand’s data privacy developments in the first half of the year.

Strengthening Law Enforcement and New Guidance for Compliance

Enforcement of existing data protection laws and regulations has taken a step forward this year. Some of the specific initiatives include:

  • Increased enforcement by the PDPC. A key trend to watch from the first half of 2025 is the PDPC’s active enforcement of the PDPA as it intensifies oversight through compliance orders and public warnings against noncompliant organizations while ramping up efforts to prevent and halt the illegal trading of personal data by actively monitoring emerging societal issues.
  • Call center scams and cyber fraud control. Thailand published an amendment to the Emergency Decree on Measures for the Prevention and Suppression of Technological Crimes to strengthen measures against technological crimes, particularly targeting call center scams and cyber fraud.
  • Orders from the Expert Committee. Several orders issued by the Expert Committee under the PDPA were announced in the first half of this year. These include directives for data controllers to take corrective actions to comply with the PDPA, as well as initiatives to raise awareness of data privacy within organizations, reflecting the regulator’s focus on promoting organizational awareness and compliance. A guideline report summarizing the Expert Committee’s decisions and orders was also published to serve as a reference for compliance.
  • Public issue monitoring. The PDPC has been taking a more proactive approach by staying current with high-profile data privacy issues that are top of mind for the public. This has involved actively monitoring and following up on cases such as data breaches or incidents that show early signs or suspicions of potential data breaches.
  • Supporting PDPA compliance through PDPC programs. The PDPC launched several initiatives to support PDPA compliance, including training programs for key roles and executive-level personnel. A particularly noteworthy initiative is the PDPC Regulator Checklist, introduced as part of the PDPC’s advisory and inspection activities, which outlines 10 key areas that organizations should focus on to ensure compliance with the PDPA.

Promoting the Data Economy

Authorities have also been putting infrastructure in place to support data-intensive economic activity, such as:

  • Facilitating cross-border data transfers: Thailand has supported initiatives aimed at simplifying and securing cross-border data flows, such as by hosting workshops to educate businesses on adopting the ASEAN Model Contractual Clauses for Cross Border Data Flows as mechanisms to enable secure cross-border data transfers among ASEAN member states. Beyond the ASEAN level, the PDPC participated in the Global CBPR Workshop 2025, with the key objective of presenting Thailand’s progress toward joining the Global Cross-Border Privacy Rules (CBPR) framework. This certification scheme is to facilitate easier data transfers across member countries.
  • Data-sharing laws: In the first half of the year, Thailand’s Electronic Transactions Development Agency took steps to align with international standards and best practices, such as the EU’s Data Act and Data Governance Act, by releasing draft principles for future legislation on data sharing. These draft principles aim to enhance data sharing practices while ensuring robust data protection standards. These draft principles reflect Thailand’s commitment to harmonizing its data protection framework with international standards.

Advancing Ecosystems and Technology Use

Adoption and implementation of technology, particularly in regard to regulatory compliance, was also a focus, as seen in the following developments:

  • Digital technology for data compliance: The Government Platform for PDPA Compliance was established through a collaboration between the Office of the PDPC and the Office of the National Digital Economy and Society Commission to promote the implementation of the PDPA through digital technology. This initiative has been approved by the cabinet, requiring all government agencies to adopt the platform.
  • AI adoption: The adoption of AI in Thailand’s business sector was actively encouraged in ETDA’s draft AI law, which was also released in the first half of this year. This draft outlines principles for data sandboxes and the reuse of personal data (including personal data obtained for other purposes if proper privacy safeguards are in place) for AI development in the public interest.

This progress that Thailand made in the first half of 2025 reflects the country’s dedication to enhancing data privacy and protection as part of a secure digital economy. As progress continues rapidly, organizations are encouraged to stay engaged, actively maintain PDPA compliance, and regularly update their data privacy practices. We are committed to keeping pace with the evolving privacy landscape in Thailand.

RELATED INSIGHTS​