The Ministry of Public Security has revealed that there are currently no regulations in place for penalties related to personal data protection linked to the rights of data subjects. This alarming gap highlights a significant vulnerability in the legal framework governing the buying and selling of personal data, as there are no criminal sanctions for violations in this area.
According to a report by Báo Đại biểu Nhân dân, most cases of personal data trading are being prosecuted under Articles 159 and 288 of the Criminal Code, which can result in a maximum prison sentence of seven years. However, the lack of specific regulations detailing the elements constituting such acts, particularly those involving intermediaries, complicates the prosecution of these crimes.
Moreover, there are currently no civil or administrative sanctions that uniformly regulate personal data protection, further complicating the enforcement of data rights. In light of these issues, the draft Law on Personal Data Protection, which is set to be presented to the National Assembly during its upcoming Ninth Session, aims to establish a robust legal framework to protect personal data.
This draft law, discussed at a recent National Assembly delegate conference, outlines seven principles for personal data protection and specifies prohibited actions. Organizations and individuals found in violation of these regulations could face civil liability, disciplinary measures, administrative penalties, or even criminal prosecution, depending on the severity of the offense.
Administrative fines for violations could range from 1% to 5% of the previous year’s revenue for offending organizations or businesses. Many delegates and voters are advocating for stronger and more stringent sanctions to effectively combat personal data violations.
In terms of administrative sanctions, numerous opinions suggest that penalties for violations should be increased, additional penalties should be implemented, and mechanisms for regular monitoring and inspection should be established to promptly detect and address violations.
For criminal sanctions, there is a pressing need to include specific offenses related to personal data infringement. The draft law outlines various forms of buying and selling personal data that should be prohibited. These include businesses lacking strict agreements with partners, collecting and processing personal data for commercial purposes, and selling large quantities of data with guarantees. Furthermore, it addresses the illegal collection of data through unauthorized means and the hacking of information systems to steal personal data.
Regarding compensation for damages, the draft law emphasizes the necessity of creating mechanisms that allow individuals whose data has been compromised to sue for damages. It also aims to establish effective dispute resolution mechanisms for personal data violations.
Many voices in the National Assembly are calling for the establishment of a specialized supervisory agency, similar to data protection agencies in European countries. This agency would be responsible for overseeing the implementation of personal data protection laws.
In today’s digital economy, personal data has become a critical resource. Therefore, the provisions of the draft Law on Personal Data Protection must strike a balance between safeguarding individual privacy and fostering economic and social development. Effective and enforceable penalties will not only protect citizens but also create a transparent legal environment that promotes sustainable economic growth.
In a related development, experts have raised alarms about the Government Efficiency Department (DOGE), which is intensifying efforts to collect sensitive government information. Recently, DOGE gained access to the federal payroll system, raising concerns about its long-term objectives in reforming the U.S. administrative apparatus.
As reported by Fortune, the consulting group led by Elon Musk now has access to employment information of 276,000 federal employees, including Social Security numbers. This unprecedented access allows for easier recruitment and dismissal of personnel.
The Federal Personnel Payroll System, which DOGE now oversees, is under the jurisdiction of the Department of the Interior, responsible for managing salaries for various federal agencies, including the Air Force and Customs and Border Protection. Sources warn that DOGE's access could pose a threat to the cybersecurity of sensitive data.
In response to internal dissent, senior IT staff members who opposed DOGE’s access were placed on administrative leave and are under investigation for alleged workplace misconduct. A spokesperson for the Department of the Interior stated that they are following the President's directive to reduce costs and enhance government efficiency.
Musk has defended DOGE’s access, arguing that it is essential for identifying and eliminating fraud and waste. “These databases are not linked,” he stated in a recent interview with Fox News. “That’s the biggest loophole for fraud. We need to unify the data, which is a difficult but necessary task that will significantly improve government efficiency.”
However, experts in policy and transparency warn that DOGE's control over large amounts of personal data could lead to unforeseen consequences. In the past few months, DOGE has also accessed data from the IRS, which includes bank account information and transaction histories, as well as data from the Social Security Administration concerning lifetime wages and disability status.
While one of DOGE’s short-term goals appears to be leveraging artificial intelligence to automate administrative tasks, the long-term objectives remain unclear. Cary Coglianese, a professor of administrative law at the University of Pennsylvania, emphasized the lack of clarity regarding DOGE's long-term plans for data management.
Furthermore, DOGE's strategy mirrors policies from the Trump administration, which promoted data sharing among federal agencies. Last month, Trump signed an executive order aimed at removing barriers to information sharing, allowing federal officials rapid access to unclassified records and data.
Legal disputes have arisen over the expansion of access to personal data, with over a dozen lawsuits alleging that DOGE has violated the Privacy Act of 1974, which was enacted to limit the sharing of personal information among government agencies without citizen consent.
Even if cybersecurity and legal concerns are resolved, experts like Elizabeth Laird stress that DOGE's control over federal data could lead to unpredictable consequences regarding the government's use of AI and the impact of large-scale personnel reductions.
As the debate over personal data protection continues, it is clear that the establishment of a robust legal framework is crucial for safeguarding individual rights while promoting efficiency within government operations.
