A newly enacted cybercrime law in Thailand aims to curb digital crime by focusing on the root cause: the misuse of personal data. The Royal Decree on Measures for the Prevention and Suppression of Cybercrime 2025, now published in the Royal Gazette, introduces strict penalties for those who share or trade personal data without consent.
The decree, which took effect on April 13, is a significant step forward in Thailand’s efforts to combat cybercrime. Police Colonel Surapong Plengkham, Secretary General of the Personal Data Protection Committee (PDPC), announced the law’s publication on April 21, stressing its role in closing legal gaps exploited by online scammers and call centre gangs.
Under the new law, individuals who share personal data without permission could face up to one year in prison and a fine of up to 100,000 baht. Those found guilty of buying or selling such data may receive up to five years in prison, a fine of 500,000 baht, or both. The legislation also extends to the use of data belonging to deceased individuals, making it illegal to use or allow its use for any criminal or technological offence.
Colonel Surapong explained that this decree builds upon the existing Personal Data Protection Act (PDPA), aiming to create a stronger legal framework to prevent the malicious use of personal information.
He urged the public to avoid disclosing sensitive data and to report any signs of misuse. “This law is not just punitive. It is preventive,” he said.
As part of enforcement measures, the PDPC has launched the PDPC Eagle Eye Centre. This initiative works in tandem with the Cyber Police’s Cyber Eye Centre to monitor and respond to data breaches across digital platforms.
In a related development, the National Cyber Security Agency (NCSA) issued a warning to logistics companies after a recent cyberattack exposed a major security flaw in one delivery operator’s system. The PDPC has since launched an investigation into the breach.
Air Vice Marshal Amorn Chomchoey, Secretary General of the NCSA, highlighted the risk of leaked delivery information. He noted that addresses and delivery records pose an immediate threat to consumers, particularly in the fast-growing e-commerce and app-based logistics sectors.
Authorities hope the new law will serve as a strong deterrent and mark a new phase in the country’s digital security strategy.