Notable points under the Draft Law on Personal Data Protection (Draft PDPL)

On 24 September 2024, the Ministry of Public Securities (MPS) published the draft law on personal data protection (Draft PDPL). Compared to Decree 13/2023, the Draft PDPL introduces several significant points related to personal data protection. This blog will explore the key highlights and implications of these new provisions.

1)         Expanded scope of application

As compared to Decree 13/2023, the Draft PDPL broadens its scope to cover additional entities, being “agencies, organizations, and individuals collecting and processing personal data of foreigners within Vietnamese territories.” (Article 1.2(dd). This provision appears to enhance the protection of personal data belonging to foreign nationals. However, it remains unclear whether the provision applies solely to foreigners present in Vietnam or also to those residing abroad. The ambiguity lies in the interpretation of the phrase “within Vietnamese territories”. If it extends to foreigners outside Vietnam, it could impose significant compliance burdens on Vietnamese enterprises processing personal data of foreign nationals.

Furthermore, it is confusing that the Draft PDPL does not address the existing ambiguity in the scope of application under Decree 13/2023. Instead, it introduces another type of applicable entity that could potentially create even greater uncertainty.

2)         Definition of personal data associated to “citizen”

Unlike Decree 13/2023, the Draft PDPL defines both basic personal data and, seemingly, sensitive personal data as being specifically associated to “citizens”. It is unclear why Draft PDPL limits its personal data protection to citizens rather than to all individuals, regardless of nationality or status. This approach is not in line with the term “personal data” in GDPR (which refers to that of a natural person). Furthermore, limiting protections to citizens could also infringe on the rights of non-citizens and stateless people, potentially conflicting with Article 21 of the 2013 Constitution, which guarantees privacy rights to "everyone," not just citizens.

Additionally, the term “citizen” is ambiguous, as it is unclear whether it refers to Vietnamese citizens only or also encompasses foreign citizens. If the former interpretation is adopted, this would be inconsistent with the broader scope outlined in Article 1.2(dd) of the Draft PDPL, which governs the personal data of foreigners. If the latter interpretation is adopted, it would not be reasonable for the Draft PDPL and Vietnamese authorities to govern personal data of foreign citizens (especially those who are not in Vietnam).

Read MoreInfo
Comment
Written by Nguyen Quang Vu On In

E-signatures of individuals under the Law on E-Transaction 2023

On 22 June 2023, the National Assembly passed a new Law on E-transactions, set to be effect from 1 July 2024 (LET 2023). The LET 2023 introduces significant changes regarding the use of e-signatures by individuals as outlined below:

1)         Restriction on individuals’ right to create and use of their own e-signature

The LET 2023 categorizes e-signatures into three types as below, none of which encompass e-signatures self-generated by individuals:

  • specialized e-signatures (chữ ký điện tử chuyên dùng), which are created and used by organizations for their “own private operations” in accordance with their function and tasks;

  • public digital signature (chữ ký số công cộng), which are used for “public activities” and are secured by an e-certificate confirming the public digital signature issued by a qualified service provider; and

  • specialized digital signature for official use (chữ ký số chuyên dùng công vụ), which are digital signatures used for official activities and are secured by an e-certificate confirming the specialized digital signature for official use issued by a qualified service provider

Unlike the broader definition of e-signatures under the LET 2005, which may cover signatures self-created by individuals, this classification significantly limits individuals' ability to create and use their own e-signatures. Under the LET 2023, individuals may be required to use a public digital signature issued by a third-party service provider in normal e-transactions.

Read MoreInfo
Comment
Written by Nguyen Quang Vu On In ,

Difficulties In Dealing with the Administrative Procedures under Personal Data Protection Decree

Decree 13/2023 on Personal Data Protection (PDPD) has stirred a lot of excitement among legal professionals in Vietnam. Recently, such excitement met with the cold hard realities of the difficulties in fulfilling even the basic administrative procedures under PDPD. In particular, in July 2023, the Ministry of Public Security (MPS)  published the required contents of the file for assessment of the impact of personal data processing and the file for assessment of the impact of offshore transferring personal data. The levels of details and analysis required to prepare these files are very demanding. For example, the MPS require these files to include the following information and documents:

Read MoreInfo
Comment
Written by Nguyen Quang Vu On In ,

Significant Amendments To Law On E-Transactions In Vietnam

1)         Introduction

On 22 June 2023, the National Assembly issued a new Law on E-transactions, which will take effect from 1 July 2024 (LET 2023). The LET 2023 has the following notable points:

  • Unless otherwise clearly excluded, the LET 2023 applies to e-transactions in all areas whether by companies, individuals or Government agencies.

  • A data message converted from paper document or vice versa must have clear marking that it has been converted from paper document and information of the converter.

  • A natural person may not be able to create and use his/her own e-signature and may have to use digital signature for his/her e-transactions.

  • For the first time, trust services are introduced. The service provider must be licensed by the Ministry of Information and Communication (MIC).

We discuss below each of these new points and some more. This post is written by Nguyen Quang Vu, Hoang Thi Thanh Thuy, Trinh Phuong Thao and Phan Thi Phuong Mai.

Read MoreInfo
Comment
Written by Nguyen Quang Vu On In ,