Yes, web scraping in Thailand operates within a gray zone, where legality hinges on compliance with data protection, copyright, and computer crime laws. While no statute explicitly bans scraping, unauthorized extraction of personal or proprietary data may violate the Personal Data Protection Act (PDPA) 2019—effective in full by 2026—or the Copyright Act B.E. 2537 (1994). The Thailand Computer Crime Act (CCA) B.E. 2560 (2017) further criminalizes unauthorized access to computer systems, posing risks if scraping bypasses technical protections.
Key Regulations for Web Scraping in Thailand
- Personal Data Protection Act (PDPA) 2019: Requires explicit consent for scraping personal data (e.g., names, emails) unless an exemption applies. Non-compliance risks fines up to THB 5 million (≈USD 140,000) post-2026 enforcement.
- Copyright Act B.E. 2537 (1994): Prohibits scraping copyrighted content (e.g., articles, images) without permission. Exceptions exist for “fair use,” but courts interpret this narrowly.
- Computer Crime Act (CCA) B.E. 2560 (2017): Criminalizes scraping if it involves bypassing access controls (e.g., CAPTCHAs, login walls). Penalties include up to 5 years imprisonment and fines up to THB 100,000 (≈USD 2,800).
Practical Compliance Notes:
- Publicly available ≠ freely usable: Data on public websites may still be protected under copyright or PDPA if it reveals personal identifiers.
- Terms of Service (ToS): Violating ToS (e.g., automated scraping) may trigger civil liability under the Civil and Commercial Code.
- Sector-specific rules: Financial or healthcare data scraping faces stricter scrutiny under Bank of Thailand (BOT) guidelines or Ministry of Public Health regulations.
Recommendation: Conduct a Data Protection Impact Assessment (DPIA) under PDPA and obtain legal counsel to assess scraping scope, especially for commercial use.