🛑 Thailand Halts Nationwide Iris-Scan Crypto Program — 1.2M Records Ordered Deleted

Regulators warn: innovation is welcome, but biometric data abuse is not.

Thailand’s Digital Economy and Society Ministry (DES) and the Personal Data Protection Committee (PDPC) have suspended a nationwide iris-scan program that rewarded users with crypto tokens — declaring the system in violation of Thailand’s Personal Data Protection Act (PDPA) and posing major security risks. Authorities have also ordered the deletion of 1.2 million biometric records to prevent unlawful transfer, misuse, or exploitation.

⚠️ Coerced Consent & Security Risks Trigger Shutdown

The PDPC investigation found that participation in the iris-scan program was not truly voluntary. Crypto-token rewards were deemed a form of coerced consent, directly violating the PDPA’s requirement for freely given, informed, and explicit permission.

Officials also raised concerns that the system prevented users from rescanning their irises — suggesting the biometric data may have been used beyond the stated purpose of human verification.

DES Minister Chaichanok Chidchob emphasized that Thailand supports AI innovation but that biometric collection must be transparent, optional, and legally compliant.

📜 Two Binding Orders Issued

The PDPC delivered two immediate directives to the project operator:

• 1. Suspend all iris-data collection and file a compliance report within seven days.
• 2. Delete 1.2 million stored iris records to prevent unlawful usage or cross-border transfer.

Regulators noted that similar restrictions have been adopted in Germany, Spain, South Korea, Indonesia, and Brazil, reflecting growing global concern over biometric data abuse.

🕵️ Fraud Rings & Unlicensed Exchanges Detected

A joint investigation by the PDPC, DES, and Thailand’s Department of Special Investigation (DSI) uncovered alarming trends:

• Organized groups were reportedly paid to undergo iris scans so others could claim crypto rewards.
• Several unlicensed digital-asset exchangers involved with the program have already been arrested.
• Investigators suspect the system’s loopholes could enable data misuse, financial fraud, and identity exploitation.

PDPC Secretary-General Suraphong Plengkham stated that the priority is to protect citizens’ biometric data and maintain trust in Thailand’s regulatory framework. “Our objective is not to block innovation — only to ensure it is safe, legal, and responsible,” he said.

🏢 Company Responds: “We Complied With All Rules”

The firm behind the iris-scan system insists it has adhered to all Thai regulations and provided full transparency to authorities. However, it warns that the suspension may disrupt millions of users who rely on biometric verification to protect themselves from fraud and AI-driven cyber threats.

The company says it is actively working with DES and PDPC to establish a fully compliant framework that balances innovation with user safety.

🌐 Bigger Picture: Innovation vs. Privacy

Thailand’s decisive action underscores the growing global tension between:

• 🚀 The push for next-generation biometric and AI-powered services
• 🛡️ The need to protect sensitive citizen data

Biometric projects promise safer identification and fraud prevention. But without proper consent, privacy protections, and oversight, they risk becoming high-stakes data liabilities.

Thailand’s suspension of the iris-scan program sends a clear message: Innovation is welcome — but not at the cost of public trust.

⚠️ TL;DR

Thailand has suspended a national iris-scan crypto program and ordered the deletion of 1.2M biometric records over unlawful consent practices and major security risks. Investigators uncovered coerced participation, data-use concerns, and organized fraud rings exploiting the system. Authorities say AI and biometric innovation can continue — but only with full transparency, voluntary consent, and strict PDPA compliance.