Connect with us

Internet Freedom

9 Takeaways From Vietnam’s Draft Decree On Personal Data Protection

Published

on

Photo courtesy: Emotiv.com.

This article was written in Vietnamese by Trinh Huu Long and previously published in Luat Khoa Magazine on February 18, 2021. The translation was done by the author.


It’s been almost three years since Vietnam’s National Assembly passed the highly controversial Cybersecurity Law. No guidance on the law’s implementation has been given as the central government usually does in the case of decrees, circulars, and decisions.

A draft decree was made available to the public for comments back at the end of 2018, but it quickly disappeared after receiving huge backlash from domestic and international actors.

Earlier this month, the Ministry of Public Security’s website announced another draft decree which was to address personal data protection.

You can find the full text of this document in Vietnamese here (Google Drive link). The draft decree is available for public consultation from February 9 to April 9.

We have taken a look at the text and below are nine takeaways.

1. Two types of personal data

The draft decree categorizes personal data as two types: basic and sensitive.

Basic personal data includes information about personal identification, such as name, date of birth, place of birth, address, nationality, ethnicity, marital status, and ID number. One thing, however, is unclear: “data containing online activities and history.”

Sensitive personal data includes political and religious opinions; health, genes, sex, biometrics; finances; sexual life; residence; social networking; and others.

2. Individual right to personal data

Individuals have a wide range of rights regarding their personal data as follows:

  • To consent or refuse data processing by others of one’s own personal data;
  • To be informed of personal data being processed by others;
  • To demand an end of data processing; to file complaints about violations;
  • To demand compensation in cases of data abuse;
  • Sensitive personal data should not be released. Plus, no release of basic personal data is allowed should it negatively affect its owner. The draft decree doesn’t specify the term “to release personal data” and whom the data is released to besides the public, but based on the wording of Article 6, the draft seems to be only addressing releases to the public.

3. Circumstances in which personal data is being processed without consent

According to Article 10, all personal data, regardless of being basic or sensitive, is subject to being processed (collection, storing, and use) without consent in the following circumstances:

  • Matters relating to national security, public security, and public order;
  • Emergencies where the freedoms, or the health and life of the owner’s personal data or of the community’s are being involved;
  • Investigations and convictions of legal violations;
  • Conducting research and gathering statistics (after de-identifying the data);
  • Other circumstances according to the law and international treaties.

The last circumstance, “other circumstances according to the law,” is a loophole that is widely used in the legal system of Vietnam to give the government’s executive branch, especially ministries, an almost unlimited ability to interpret laws and regulations using circulars and executive decisions.

4. Personal data being processed without informing its owner

According to the draft decree, the owners of personal data are normally informed should their data be processed by government agencies or other legal actors.

However, there are three exceptions to the rule, and the most concerning is the second one (Item b, Section 3, Article 11): “In case the processing of personal data is constituted by the law, international agreements, and international treaties.”

This is another loophole in an important matter relating to the transparency of personal data processing.

5. The establishment of the Committee on Personal Data Protection

A new government agency called the Committee on Personal Data Protection is going to be established. It will be set up under the central administration.

The Ministry of Public Security (MPS) can appoint no more than six members to the Committee upon the cabinet’s approval.

The Committee is closely tied to the MPS Department of Cybersecurity and Hi-Tech Crimes Prevention as it is headquartered at the department and chaired by the department’s head officer.

6. Permit required for processing sensitive personal data

Article 20 requires that parties who want to process sensitive personal data must register with the Committee on Personal Data Protection. 

However, the Article excludes activities by government agencies relating to law enforcement, judicial procedures, heath, social security, and scientific research. That means these agencies don’t need to register. Also, the Article leaves another loophole for other authorities to exploit by attaching a clause saying “other activities according to the law.”

What remains after excluding the above-mentioned government agencies? Enterprises and non-governmental organizations, both domestic and international ones. Services such as social media, banking, and healthcare must register with the Committee.

7. Permit required for conducting cross-border transfer of personal data 

This is directly related to foreign services operating in Vietnam or domestic services operating in other countries, especially technology companies.

Article 21 states that four conditions must be met before a party can make a cross-border transfer of personal data:

  • Data owner’s consent;
  • Storing the original copy of the data in Vietnam;
  • Providing documents that prove the data receiving countries have personal data protection regulations at the same or higher level than that of this decree;
  • Obtaining a written approval from the Committee.

The second and third conditions can be waived should the data processing party provide statements regarding their commitment on protecting the data.

The data processing party must archive records of data transferring within three years, and stop transmitting data should data leaks or abuses occur, or should they no longer have sufficient capacity to protect the data, or the data owner is incapable/ having difficulties  protecting his/her rights and interests.

The Committee on Personal Data Protection will routinely inspect data transmitting parties once a year.

The requirement of storing data’s original copy in Vietnam will likely make it a bit more difficult for foreign social networks, email services, and e-commerce activities to operate in Vietnam. According to Google expert Duong Ngoc Thai, Facebook is unlikely to store users’ personal data in Vietnam but rather just cache data to make access to its services faster.

8. Administrative fines can be up to 5 percent of the total revenue of a company in the Vietnam market

Those who violate the regulations on personal data protection are subject to fines of 50 million dong or 5 percent of their total revenue in  the Vietnam market.

Simultaneously, violators can also be banned from processing personal data for 1 to 3 months and may have their data processing licenses revoked.

If not allowed to collect, store and use users’ personal data, online services will probably not be able to function the way they do currently.

The decree doesn’t specify how the government can prohibit online services from processing personal data, but the Cybersecurity Law provides the government  with the authority to order the telecommunications companies to block services and sources of information that are deemed to be harmful to society.

9. Effectivity

The draft decree is expected to take effect on December 1, 2021, as stated in the document.

Internet Freedom

Vietnam: The New Code Of Conduct On Social Media Is Not Legally Binding

Published

on

Decision 847 from the MIC. Photo: Luat Vietnam, The Independent. Graphic: Luat Khoa Magazine.

On June 17, 2021, Reuters reported that Vietnam announced a national code of conduct for social media. This new code would be the national guidelines on social media behavior in Vietnam, where users are encouraged to post positive content about the country. There are certain prohibitions for social media users and companies, requiring that social media providers in Vietnam follow Vietnamese law when “requested by authorities to remove content from their platforms.” 

This national code of conduct is Decision 847/QĐ-BTTTT (Decision 847), and it was issued by the Ministry of Information and Communications (MIC).

There are specific prohibitions throughout this decision, and it also lists the individuals and entities that are subject to the regulations. Yet, at the same time, the extent to which it is a legally binding document and how the government will enforce it is still ambiguous. 

Nevertheless, we can safely conclude that right now, under Vietnamese law, Decision 847 is NOT a legally binding document.

Why is it not legally binding?

This so-called national code of conduct on social media was issued as a decision from the minister of the MIC. These kinds of decisions in Vietnam are not legally binding documents under the Law on Promulgation of Legislative Documents 2015

Under its Article 3.1, the Law on Promulgation of Legislative Documents 2015 requires that legally binding documents should be “general rules of conduct, commonly binding, and applied repeatedly to agencies, organizations and individuals nationwide or within a certain administrative division, promulgated by the regulatory agencies and competent persons in this Law, the implementation of which is ensured by the State.” 

A minister of any ministry is deemed incompetent to promulgate legal documents if he or she issues only a decision, such as this Decision 847. Only a circular or a joint circular issued by a minister will be deemed legally binding documents. Therefore, Decision 847 cannot be treated as a legally binding document under Vietnamese law. 

Decision 847 cannot regulate social media users and providers.

Technically, only binding legal documents can regulate its subjects, but Decision 847 is quite ambiguous. 

Article 2 of Decision 847 clearly defines the subjects that are being regulated, including official departments, state employees and officials who use social media. It also states that organizations and individuals who use social media and social media providers are all subjected to its regulations.

Yet, under Article 8, which sets the implementation of Decision 847, it states, “the social users and companies are encouraged to fully execute the content of this decision and propagandize it to other organizations and individuals who are also on social media.” 

If Decision 847 only encourages its subjects to follow and propagandize it, it completely defeats the purpose of regulating users and companies on social media in Vietnam. Moreover, the vagueness and ambiguity of this decision reaffirm that it should not be a legally binding government document.

Does the MIC want to regulate all the people, companies, and other governmental agencies in Vietnam with Decision 847? 

Typically, a decision from a minister would only affect his or her ministry. However, in developing this national code of conduct on social media, is it the intent of the minister of MIC to instruct and direct how citizens and other government departments should act on social media according to his standards of positivity and morality? Is it his or the government’s duty to coach citizens on behaving in our everyday life? 

Who will regulate the ethical and cultural values for the entire Vietnam? This country already lacks an independent court system, and this decision does not have any judicial oversight. So who will get to decide what ethics and culture are if Decision 847 is enforced? Is it the government’s decision to dictate good ethics, and what is a positive culture for Vietnam on social media? What will be the meaning of our freedom of expression if we actually behave and live like this?

Continue Reading

Internet Freedom

Vietnamese Activists React to Facebook Taking Down “Anti-state” Posts

Published

on

Photo Credits: asiasentinel.com

In mid-April, Reuters broke the news that Facebook agreed to censor so-called “anti-state” posts after the Vietnamese government put pressure on the social networking site and took local servers offline, slowing down traffic. Since the news broke, the activist and politically-engaged community in Vietnam has been determined to jump over another hurdle in its struggle for freedom of expression. 

Thao Dinh, an activist in Hanoi who formerly worked as director of communications for VOICE, a Vietnamese human rights NGO, said she has used Facebook much less since learning about the content restrictions and has switched to other platforms. 

“Diversity is important,” Dinh said. “The worst scenario is one platform becoming a monopoly. So I would recommend people use as many services as they want depending on their needs, such as Twitter, YouTube, Facebook, Blogs, LinkedIn, Reddit, Quora, Telegram, except the platforms spying on us for the government.”

Additionally, Vietnamese activists are urging their fellow countrymen, if they choose to use Facebook, to be wary about sharing sensitive and personal information on the platform. Hoang Dung advised his network on Facebook to adjust their settings and clear their  “Off-Facebook Activity” which is a summary of activity that businesses and organizations share about your interactions, such as visiting their apps or websites. 

Vi Yen Nguyen, the training manager at VOICE, shared on her profile three other alternatives to Facebook: Signal, Telegram, and Wire. 

Vi Yen wrote, “Facebook was faced with pressure by the Vietnamese government and gave up. It is no longer a reliable platform. Although admittedly, in this censorship case, Facebook is only a victim.” 

(Vi Yen Nguyen’s quote was in Vietnamese: “Facebook đã chào thua trước áp lực của chính quyền Việt Nam. Nó không còn là một nơi đáng tin cậy. Dù phải thừa nhận rằng, trong vụ kiểm duyệt này, Facebook cũng chỉ là một nạn nhân.”)

Human Rights Watch said that Facebook should have resisted. 

“Facebook has set a terrible precedent by caving to the government of Vietnam’s extortion,” said John Sifton, Asia advocacy director at Human Rights Watch. “Now other countries know how to get what they want from the company, to make them complicit in violating the right to free speech. The government of Vietnam shouldn’t have throttled the platform’s traffic in the first place, but Facebook shouldn’t have agreed to its demands.”

In a statement, a Facebook spokesperson said that the Vietnamese government “has instructed us to restrict access to content which it has deemed to be illegal in Vietnam. We believe freedom of expression is a fundamental human right, and work hard to protect and defend this important civil liberty around the world. However, we have taken this action to ensure our services remain available and usable for millions of people in Vietnam, who rely on them every day.”

The UN’s Guiding Principles on Business and Human Rights require businesses such as Facebook to “respect human rights,” including avoiding infringements and addressing adverse impacts in which they are involved. As a member of the Global Network Initiative, Facebook has pledged that it will protect the human rights of users when they are confronted with government demands inconsistent with international human rights standards.

“It’s hard to see how Facebook can live up to its human rights obligations when it’s helping Vietnam censor free speech,” Sifton said.

The pressure on Facebook coincides with a new decree by the Vietnamese government implementing monetary fines for people and internet companies for posting or publishing a sweeping range of items with “forbidden contents”, materials that promote “reactionary ideas”, “have not been allowed for circulation, have been prohibited for circulation or have been confiscated.” 

The United States and other countries should have better utilized their diplomatic leverage to support Facebook in their stance against pressure from the government of Vietnam, Human Rights Watch said. Other businesses and business groups should have stood more publicly with the company to prevent the government’s strong-arm tactics.

The reluctance of Vietnamese activists to continue using Facebook has created new market opportunities for other social networks. Dinh recently got her Twitter profile officially verified.

“Since #Facebook is lowering its standards to protect human rights in #Vietnam, Twitter and other platforms are having a great opportunity for growing in [the] Vietnam market,” she tweeted

Continue Reading

Freedom of expression

In Prolific Day, Vietnam Sentences Six Dissidents to Prison for “Anti-state” Activities

Published

on

Nguyen Chi Vung (top), Pham Van Diep (middle), Vo Thuong Trung, Doan Viet Hoan, Ngo Xuan Thanh, and Nguyen Dinh Khue (bottom, left to right) . Photo sources: Kien Thuc, Binh An, and Nguoi Lao Dong newspaper, respectively. Composite photo created by Will Nguyen.


In a particularly damaging day for Vietnamese dissidents, six individuals were sentenced to a total of 26 years in prison for opposing the Vietnamese Communist Party (VCP) and the Socialist Republic of Vietnam (SRV). The convictions on November 26, 2019 bookend an active month for Vietnamese security forces, who have arrested and convicted numerous individuals for their on- and offline “anti-state” activities. 

Nguyen Chi Vung, 38, was sentenced to six years in prison by a court in the southern Mekong Delta province of Bac Lieu. Vung was convicted under Article 117 of the 2015 Penal Code for “Making, storing, distributing or disseminating information, documents and articles against the SRV”. According to Reuters, Vung had “held 33 livestream sessions on Facebook ‘to share distorted information’ and ‘encourage people to participate in protests during national holidays’”.

Pham Van Diep, 54, was convicted under the same article, with a north-central Vietnamese court in Thanh Hoa sentencing him to nine years in prison and five years probation. His indictment stated that he had a nine-year history of expressing online dissent and that he made frequent Facebook posts criticizing the VCP leadership and SRV policies. According to Tuoi Tre newspaper, he had previously printed and distributed anti-SRV flyers in the Lao capital city of Vientiane. On June 28, 2016, Diep was arrested by Laotian authorities, tried in February of 2018, and sentenced to 21 months in prison for “using the territory of the Lao People’s Democratic Republic to oppose neighboring countries”. Lao authorities took him to the Vietnamese border one month after his trial, where he was allowed to re-enter Vietnam.

In Dong Nai, a province bordering the southern hub of Ho Chi Minh City, four individuals were convicted under Article 118 for “Disruption of security”. According to Vietnamese Human Rights Defenders, “[t]he four convicted were arrested on April 25, 2019, for their intention to participate in a peaceful demonstration scheduled on April 30 to mark the 34th anniversary of the fall of the US-backed Saigon regime”. Vo Thuong Trung, 42, and Doan Viet Hoan, 35, were each sentenced to three years in prison, while Ngo Xuan Thanh, 49, and Nguyen Dinh Khue, 41, each received 28 months.

The convictions of these six individuals in one day comes a little over a week after 43-year-old music teacher Nguyen Nang Tinh was sentenced to 11 years in prison and five years house arrest for violating Article 117. According to his lawyers, a Facebook account making anti-SRV posts used the same name as their client. However, they said the account did not, in fact, belong to him. Tinh was arrested May 29, 2019 and convicted on November 16 in the north-central province of Nghe An.

Last week also saw the high-profile arrest of Pham Chi Dung, a journalist with a doctorate in economics, and a founding chairman of the Independent Journalists Association of Vietnam. Dung, 53, is a former VCP member and is known for his incisive political and economic critiques of both the VCP and SRV. He has written for Voice of America, BBC, Radio Free Asia, NBC News, Nguoi Viet, and Asian Nikkei Review.

Dung’s arrest has been noted by the European Union and condemned by Reporters Without Borders, who hailed him as “an outspoken Vietnamese journalist and leading press freedom defender who for years has been trying to help create an open and informed civil society in Vietnam that is not controlled by its Communist Party.” He is currently being held at the Phan Dang Luu Detention Center in Ho Chi Minh City, one of two centers in the city where political dissidents are usually held while they are being investigated (the other being Chi Hoa Prison). He faces up to 12 years behind bars.

Although freedom of speech, press, and assembly are all guaranteed by Article 25 of the 2013 Vietnamese Constitution, the SRV is a one-party, authoritarian state that does not tolerate challenges to its power. It routinely arrests and convicts activists under Articles 117 and 118 of the penal code, as well as Article 331, which cites  “Abusing democratic freedoms to infringe upon the interests of the State”. Such broadly defined articles are regularly used as a catch-all to target citizens who criticize the VCP or demand political reform. The SRV has long claimed that it does not jail prisoners of conscience, only individuals who violate the law. Human rights groups say the two are not mutually exclusive.

Addendum: On November 28, 2019, two more individuals in Dong Nai were convicted under Article 117. Huynh Minh Tam, 41, and his sister Huynh Thi To Nga, 36, were sentenced to nine and five years of prison, respectively, for making Facebook posts critical of the SRV.


Continue Reading

Trending