In a significant regulatory move, Thailand’s Personal Data Protection Commission (PDPC) has mandated Worldcoin, the digital identity cryptocurrency initiative, to permanently delete all biometric data collected within the country. The directive specifically targets approximately 1.2 million iris scans obtained through Worldcoin’s verification orbs, citing serious violations of Thailand’s Personal Data Protection Act (PDPA).
The PDPC’s investigation revealed multiple compliance failures, including inadequate legal basis for processing sensitive biometric information, insufficient data deletion protocols, and failure to implement proper safeguards for minors. Authorities emphasized that iris scans constitute highly sensitive personal data under Thai law, requiring explicit consent and stringent protection measures that Worldcoin allegedly failed to provide.
Worldcoin has confirmed immediate suspension of its Thai operations and initiated compliance with the deletion order. The project, which offers cryptocurrency in exchange for biometric verification, had expanded rapidly in Thailand since its launch, attracting significant user participation despite ongoing global scrutiny regarding its data collection practices.
This enforcement action represents one of the most substantial regulatory challenges Worldcoin has faced to date and underscores Thailand’s commitment to enforcing its data protection framework. The case may establish important precedents for how biometric data collection projects operate within Southeast Asian jurisdictions and beyond.
