On April 23, the National Cyber Security Association organized a seminar titled "Contributing Opinions on the Draft Law on Personal Data Protection." This significant event attracted over 200 delegates, including representatives from various ministries, central departments, organizations, businesses, and individuals who are members of the Association, alongside journalists and reporters from central and local press and television agencies.
The seminar aimed to gather extensive feedback from agencies, organizations, businesses, and individuals while contributing to the enhancement of knowledge and raising social awareness about personal data protection. It also focused on ensuring information security, network security, and privacy in the digital age. This event plays a crucial role in finalizing the draft law before it is submitted to the National Assembly for approval in May 2025, with the law expected to take effect from January 2026.
During the opening speech, Major General Nguyen Minh Chinh, the Standing Vice President of the Association and Director of the Department of Cyber Security and High-Tech Crime Prevention at the Ministry of Public Security, emphasized that the Law on Personal Data Protection represents a significant step in institutionalizing human rights and civil rights. He noted that this aligns with the orientation of "putting people at the center, goal, and motivation" outlined in Resolution No. 27-NQ/TW of the Central Government.
Major General Chinh stated, "The level of popularity of personal data on the online environment is proportional to the consequences that occur when personal data is not protected appropriately and correctly." He highlighted the increasing amount of personal information users are providing to online platforms and service providers, which raises concerns about the security and privacy of that data.
He pointed out that awareness of personal data protection is still limited, with many individuals publicly sharing sensitive information such as biometric data, personal history, health status, and financial details. This data often becomes a source for automated information gathering programs. The ongoing issues of data leaks, theft, and trade in personal information on the internet are also prevalent.
Many new online services are engaging in activities that involve collecting, exploiting, and analyzing personal information without proper user data management mechanisms. This situation raises numerous issues related to national security, social order, and the infringement of legitimate rights and interests of individuals and organizations.
These challenges underscore the urgent need to establish and refine the Law on Personal Data Protection to formalize the provisions of the Constitution and laws regarding the right to protect personal privacy, human rights, civil rights, and network security. The law aims to align with international practices and regulations on personal data protection, creating a legal framework for business activities related to personal data, and addressing the rampant issues of data trading, leaks, and loss.
Major General Chinh added, "The Draft Law on Personal Data Protection has been built by the Ministry of Public Security in a highly demanding spirit, carefully studying international experience; widely consulting agencies, organizations, and individuals at home and abroad; conducting surveys of a number of agencies and businesses in important fields with large-scale personal data processing activities; organized an international conference to learn from experience in building personal data protection policies with the participation of more than 700 agencies, organizations, and individuals in the country and internationally."
At the seminar, Lieutenant Colonel Dao Duc Trieu, a representative of the Drafting Board and Deputy Secretary General of the Association, presented the key contents of the Draft Law on Personal Data Protection. The draft includes the scope of regulation, principles of personal data processing, rights and obligations of data subjects, responsibilities for data protection, mechanisms for handling violations, and ensuring privacy in the digital environment.
The presentation clarified the direction of building the law in line with Decree No. 13/2023/ND-CP, but at a higher, more synchronized, and fundamental level. Delegates also listened to in-depth presentations from representatives of various organizations and businesses. For instance, the Institute of Policy Administration and Development Strategy provided recommendations on enhancing personal data protection laws from a research and international comparison perspective. Representatives of Viettel Group shared their challenges and proposed policy support for telecommunications businesses as they implement the law, while Vietnam Data Security Joint Stock Company (VNDS) presented practical experiences in complying with personal data protection requirements at technology companies.
The open discussion session received many insightful questions surrounding critical issues such as the definition and classification of personal data, mechanisms for protecting sensitive data, transferring data abroad, ranking data protection ratings, the implementation capacity of small and medium-sized businesses, and the supervisory role of state agencies after the law takes effect.
All delegates agreed that personal data is intrinsically linked to human rights and civil rights, significantly impacting network security, national security, and the entire digital ecosystem. However, the current legal system concerning data protection remains fragmented and inconsistent. Currently, there are 69 legal documents that reference personal data, but only Decree 13/2023/ND-CP provides a relatively comprehensive definition and principles of data protection.
As Vietnam accelerates its digital transformation, the establishment of a specialized law on personal data protection is deemed essential. The Draft Law includes seven chapters and 69 articles, covering comprehensive aspects such as principles of data processing, rights and obligations of data subjects and related parties, transferring data abroad, assessing data impact, ranking data protection ratings, handling violations, and mechanisms for inspection and supervision. The law also regulates foreign organizations and individuals collecting and processing data of Vietnamese citizens.
In terms of political foundations, the law specifies the contents of the 2013 Constitution and Resolution No. 27-NQ/TW dated November 9, 2022, which identifies "putting people at the center, subject and goal of development," linking personal data protection with human rights protection in the digital age. Legally, the law aims to create uniformity in the national legal system while aligning with international commitments to which Vietnam is a party. The overarching goal is to establish a unified legal corridor, enhance the capacity to protect personal data domestically, promote digital economic development, and ensure security and order while safeguarding national data sovereignty.
Promoting its role as a social-professional organization in the field of cyber security and digital transformation, the National Cyber Security Association has chaired the organization of seminars to create a two-way policy exchange forum between management agencies and organizations, businesses, and the public. The Association will continue to collect all opinions expressed at the event, send them to the Drafting Board, and implement activities to support members, businesses, and relevant parties in enhancing compliance capacity and readiness to implement the law once it is enacted.
