Thailand

Summary

Thailand presents a moderate crawling risk. The Computer Crime Act B.E. 2550 (2007, amended B.E. 2560/2017) criminalises unauthorised access to computer systems (s.5) and computer data (s.7); the operative threshold is a "specific access prevention measure" — publicly accessible pages without such a measure do not trigger s.5/s.7, so routine public-page crawling carries low CCA exposure. The Personal Data Protection Act B.E. 2562 (PDPA, 2019, fully in force 1 June 2022) applies to all collection, use, and disclosure of personal data; enforcement intensified sharply in 2024-2025, with the PDPC issuing eight administrative fines across five cases by August 2025 (total penalties exceeding THB 21 million, ~$576,000). An Emergency Decree on Technology Crimes (B.E. 2568, effective 13 April 2025) added criminal penalties for personal-data misuse (up to 1 year / THB 100,000 fine). No TDM copyright exception exists in current law — the Copyright Act B.E. 2537 (1994) has no fair-use clause and no TDM carve-out; a draft AI Act proposing an EU-style TDM framework was still in post-consultation revision as of mid-2025 and had not been enacted as of the as_of_date. No database right. Overall — tolerable for non-personal public-page crawling; personal data requires a PDPA lawful basis; AI training on crawled content is legally exposed without explicit rights clearance.