Vietnam's Draft Data Law

KPMG Vietnam

16th August 2024
This article provides an overview of the Draft Law's key provisions and their potential implications for businesses and individuals. Unlike personal data legislation, this Draft Law's broad coverage encompasses not only personal data but also other organizational and business data.

The Vietnamese government is currently developing a new draft Data Law (“Draft Law”) to establish a comprehensive legal framework for data activities within the country. Open for public consultation, this Draft Law addresses various aspects of data handling and governance, notably introducing regulations for conducting business with data for the first time. This article provides an overview of the Draft Law's key provisions and their potential implications for businesses and individuals. Unlike personal data legislation, this Draft Law's broad coverage encompasses not only personal data but also other organizational and business data.

Regulation of the Data Economy

The draft law introduces regulations for the provision of data-related products and services, a sector that has long been unregulated in Vietnam. This move is crucial in addressing the rampant illegal sale of personal data, a pressing issue in the country. The new regulations cover various aspects of the data economy, including data brokerage, data analysis, and data marketplaces. Data businesses will be required to register with authorities and adhere to specific requirements to ensure data protection and security. This development is expected to create a more secure and transparent data market, making ground for data reliability, fostering innovation and economic growth while safeguarding individuals’ rights and interests in the context of a data-driven society -economy shortly.

Enhanced Definitions and Regulations for Data Processing Activities

A significant improvement in the draft law compared to previous data-related regulations, such as the Law on Cybersecurity and the Personal Data Protection Decree, is the introduction of more precise definitions for various data processing activities. These activities include data sharing, coordination, analysis, verification, authentication, disclosure, access, retrieval, encryption, decryption, copying, transmission, transfer, withdrawal, deletion, and destruction. The Draft Law addresses the lack of clarity in previous regulations, which led to potential ambiguities and inconsistencies in interpretation. By providing specific definitions, the Draft Law aims to ensure greater transparency and consistency in regulating data handling practices.

Stringent Regulations for Cross-Border Data Transfers

Cross-border data transfers are subject to stricter regulations under the draft law, particularly for "core data" and "important data." Core data is defined as data that has a high coverage across sectors, groups, and regions and can directly affect political security if used or shared illegally. This includes data related to important national security areas, the lifeblood of the national economy, the important livelihoods of people, major public interests, and other data specified by national agencies. Important data is defined as data in sectors, groups, or areas that can directly endanger national security, economic activities, social stability, and public health and safety if leaked, falsified, or destroyed. These categories of data will require approval from relevant authorities, such as the Prime Minister's Office or the Ministry of Public Security, following a data security assessment. This measure is designed to mitigate risks to national security and public interests while maintaining the free flow of data across borders.

Clearer Regulation of Government Access to Data

The draft law seeks to clarify the circumstances under which government agencies can access data held by organizations and individuals. Such access will be limited to "special cases," such as public emergencies or when data is crucial for fulfilling specific public tasks. The law also outlines the responsibilities of government agencies in handling such data, including the obligation to use it only for the stated purpose, implement necessary technical and organizational measures, and destroy it when no longer needed. These provisions aim to strike a balance between the government's legitimate need for data and individuals' rights to privacy and data protection in the context of a data-driven society - economy shortly.

Conclusion

Vietnam's Draft Data Law marks a significant milestone in establishing a comprehensive legal framework for data activities. It aims to foster a thriving data-driven economy while ensuring robust data protection and security. The public consultation phase is vital to refining the law, aligning it with global best practices and addressing Vietnam's unique context.

For businesses navigating this evolving landscape, KPMG's legal experts offer invaluable guidance. With their deep understanding of Vietnamese law and extensive experience in data protection and privacy, KPMG can help businesses understand the implications of the draft law, develop comprehensive compliance strategies, and implement measures to ensure data security and privacy and lawful methods to approach reliable data. This proactive approach will enable businesses to not only comply with the new regulations but also leverage the opportunities presented by Vietnam's growing data economy.

Bui Thi Thanh Ngoc, Partner
KPMG Law in Vietnam

Tran Bao Trung, Associate Director
KPMG Law in Vietnam

 

Please Login or Register for Free now to view all updates and articles

 Login  Sign Up

In addition to free-to-view updates and articles, you can also subscribe to the full Legal Centrix Vietnam Service including access to:

  • Overview notes on the law
  • Thousands of high quality translations of legislation covering all key business areas
  • Legal and tax updates
  • Articles on important legal and tax issues
  • Weekly email alerts
  • Sophisticated web platform and search

Legal Centrix is trusted by top law and accounting firms.

KPMG Vietnam

We Set Standard In The Industry

Global network with 197,263 people in 154 countries

 

Click here to view the author's profile

Author

Tags

  • Vietnam
  • Legal Updates
  • Data Protection & Privacy

Related Content

  • No related content

Recent updates

Cookies On
Our Website
We use cookies on our website. To learn more about cookies, how we use them on our site and how to change your cookie settings please click here to view our cookie policy. By continuing to use this site without changing your settings you consent to our use of cookies in accordance with our cookie policy.

 

A leading provider of legal and tax know-how and information for Asia.

Useful Links

Contact Us

Hong Kong, China
Tel: +852 3001 8810
support@legalcentrix.com

Copyright © 1997 - 2024 Legal Centrix. All Rights Reserved Privacy Policy | Terms of Use

Some text to show in popup