Vietnam: Three New Important Regulations on Data Protection in The Making

It’s becoming urgent that Vietnam has proper regulations to protect data, especially personal data as its digital economy is growing fast, one of the highest in SEA.  Up to 53 percent of the Vietnamese population has access to the internet. Revenue from e-commerce grows at 25 percent annually and is expected to reach US$ 10 billion in 2020. 

Vietnam’s legal framework on data protection is still in its inception, with personal data protection rules scattered across many laws and regulations and dated around 20 years ago.  The current framework is unclear and inadequate for implementation and has become an obstacle to the growth of the digital economy. 

In a recent national workshop named “The Fourth Industrial Revolution and Legal Issues in Building and Improvement of Vietnam’s Legal Framework” hosted by the Ministry of Justice on 24 June 2019 in Hanoi, the Government Office’s representative announced that three new regulations will be drafted shortly, namely:

  • Decree on Management, Connection and Sharing of Digital Data,
  • Decree on Electronic Identification and Authentication, and
  • Decree on Personal Data Protection

The Ministry of Information and Communications (“MOIT”) and Ministry of Public Security (“MPS”) are responsible for drafting the decrees and the drafts will be submitted to the Government for review by October 2019. 

Also on 24 June, the Government issued Resolution No. 44/NQ-CP on Approval of the MOIT’s Proposal on Drafting of Decree on Electronic Identification and Authentication, assigning the MOIT to work on the draft decree and submit for the Government’s review by September 2019.  This decree is aimed at guaranteeing information security in electronic transactions, improving operation of public service portals and administrative one-stop shop mechanisms, and promoting development of e-Government.

The plan to build a Decree on Personal Data Protection is in line with the MPS’ initiative in building up a unified regulation on personal data protection in Vietnam.  According to MPS’s initiative, the regulation covers the following main issues: 

  • Definitions related to protection of personal data
  • Way to determine data ownership
  • Principles for personal data protection
  • Responsibitities of competent authorities, entities and individuals to guarantee of the right to personal data protection
  • Measures to preclude the misuse of personal data
  • Rights and obligations of citizens to personal information and data
  • Obligations of entities processing personal data
  • Rules for processing of personal data
  • Rules for collection and use of personal information and data
  • Obligations of entities that process personal data to provide user data to competent authorities
  • Other issues including information registration; a national authority specialised in personal data protection; obligations of some specialised entities such as the press and media agencies; procedures for processing data in some special sectors such as health, IT and education; transfer of personal data to a third party and cross-border transfer of data.

The MPS’s initiative has received wide support from stake holders across Government and business, including Ministry of Foreign Affairs, State Bank of Vietnam, Asia Internet Coalition, US-ASEAN Business Council, and global technology giants in Vietnam including Facebook, Google and Amazon.