Thailand Orders Worldcoin to Delete Over 1.2 Million Iris Scans and Halt Operations

Thailand Orders Worldcoin to Delete Over 1.2 Million Iris Scans and Halt Operations

Thailand’s data protection authority has issued a sweeping order against World (formerly Worldcoin), the cryptocurrency project backed by OpenAI CEO Sam Altman, demanding the deletion of more than 1.2 million iris scan records collected in the country and the immediate suspension of all operations.

The directive from Thailand’s Personal Data Protection Committee (PDPC) marks one of the most significant regulatory actions against the controversial biometric identification project, which has faced scrutiny in multiple countries over its data collection practices.

Why Xubuntu Migrated from WordPress to Hugo: A Security Wake-Up Call

Violations of Data Protection Law

The PDPC’s expert panel ruled that World’s practice of collecting biometric data—specifically iris scans—in exchange for cryptocurrency tokens violates Thailand’s Personal Data Protection Act (PDPA). The regulatory body determined that the company’s data collection methods failed to meet the country’s standards for handling sensitive personal information.Biometric data—particularly iris scans—is classified as highly sensitive personal information under data protection laws worldwide. Thailand’s action follows similar regulatory setbacks in Kenya, where a 2025 court order halted Worldcoin’s operations over data protection violations, and numerous other jurisdictions including Spain, Portugal, Germany, and several Asian countries.

The PDPC’s ruling also highlighted concerns about the nature of consent obtained from participants. Regulators found that offering cryptocurrency tokens in exchange for iris scans creates a coercive dynamic that may invalidate meaningful consent, particularly in economically vulnerable communities.

Lessons from the Jaguar Land Rover Ransomware Attack

Cross-Border Data Transfer Concerns

A critical element of Thailand’s order centers on data security and the risk of unauthorized international transfers. The regulatory body expressed alarm that sensitive biometric information collected from Thai citizens could be improperly transferred abroad, potentially exposing users to surveillance risks or data breaches beyond the reach of Thai law.

Similar concerns have emerged in other jurisdictions, with Hong Kong’s privacy regulator finding that Worldcoin failed to adequately inform participants about possible risks regarding the disclosure of biometric data.

The IoT Time Bomb: Lessons from Microsoft’s Battle with Aisuru’s Botnet

Part of a Global Regulatory Pattern

Thailand’s action is the latest in a cascading series of regulatory challenges facing Worldcoin across multiple continents:

Spain and Portugal ordered Worldcoin to halt biometric data collection for 90 days in March 2024, with Portugal acting after approximately 300,000 individuals had been enrolled
South Korea fined the Worldcoin Foundation and Tools for Humanity a combined total of over $790,000 in September 2024 for collecting iris data without proper consent
Indonesia suspended Worldcoin’s operating permit in May 2025 over alleged violations of electronic system regulations
Germany ordered Worldcoin to establish GDPR-compliant data deletion processes and delete previously collected data lacking sufficient legal basis

World’s First Self-Destructing SSD: T-CREATE EXPERT P35S Enables One-Button Data Destruction

Company Response and Ongoing Expansion

Following receipt of Thailand’s directive, World has complied by suspending its operations in the country. The company has consistently maintained that its technology protects user privacy through encryption and zero-knowledge proofs that prevent personal identification.

Despite regulatory setbacks, Worldcoin secured $135 million in private funding and continues expanding in Asia and the United States, with Singapore reporting 100,000 World ID users.

The project’s stated goal is to create a decentralized digital identity system that can distinguish humans from AI-generated bots online—a mission its founders argue is increasingly urgent as artificial intelligence advances. However, critics contend that collecting and centralizing biometric data fundamentally contradicts principles of decentralization and user sovereignty.

Why You Need DNS over HTTPS or DNS over TLS to Protect Your Privacy?

Privacy Advocates Raise Alarms

Privacy experts have warned that reliance on iris scans could deepen global inequality by creating a two-tiered society where those willing to share biometric data gain access while others are excluded. Additional concerns center on the potential for such systems to become surveillance tools, particularly in jurisdictions with weak data protection frameworks.

The controversy extends beyond operational practices to fundamental questions about consent, with investigators noting that participants often receive insufficient information to make truly informed decisions about surrendering their biometric data.

How to Prevent Ransomware Infection Risks

What’s Next?

Thailand’s order requiring deletion of 1.2 million iris scans represents one of the most significant data protection enforcement actions against Worldcoin to date. The decision underscores growing global consensus that biometric identification systems must meet stringent privacy standards, particularly when deployed in vulnerable populations or regions with developing regulatory frameworks.

As Worldcoin continues its expansion in markets with more permissive regulatory environments, the Thai action serves as a clear signal that authorities worldwide are scrutinizing business models built on biometric data collection—and are willing to take decisive action when privacy protections fall short.

The case highlights an ongoing tension in the digital age: balancing innovation in identity verification with fundamental rights to privacy and bodily autonomy. For now, Thailand has firmly sided with protecting its citizens’ sensitive biometric information over facilitating experimental cryptocurrency ventures.

Thailand Orders Worldcoin to Delete Over 1.2 Million Iris Scans and Halt Operations.