Vietnam to impose heavy sanctions to protect personal data

Personal sensitive data are a valuable resource in the development of a national digital economy. Therefore, the protection of such data, especially when databases are now integrated and shared more frequently, is a top priority task of any government, including the Vietnamese one.

Prime Minister Pham Minh Chinh and delegates are listening to the introduction of the National Population Database on its formal launch day on July 1, 2021.


In a meeting of the Government task force for the project ‘Developing Data Applications related to Population, Electronic Identification and Authentication to Serve the National Digital Transformation Process from 2022-2025, with a Vision to 2030’ (Project 06), hosted by the Public Security Ministry, the matter of ensuring information security when the National Population Database and specialized databases are shared has been seriously stressed.

Project 06 aims at using the National Population Database, the electronic identification and authentication system, chip-based citizen ID cards in the national digital transformation flexibly and innovatively to serve the five main tasks of online public services and administrative procedures; socio-economic development; digital citizen development; completion of an ecosystem for connecting and exploiting, enriching the population databases; administration of the localities at all levels.

Since the National Population Database as well as specialized databases is extremely valuable and important to the country, Deputy Minister of Public Security Nguyen Duy Ngoc affirmed that necessary tasks like information and transmission security checking should be done to protect these databases from criminals.

Also, related legal documents should be finished soon to submit to the Government for the timely issuance of a decree regarding personal data protection. This decree is expected to regulate procedures of electronic identification and authentication. An additional circular as to information exchange among population and specialized databases should be introduced as well.

In the past few years, the issue of personal information leaks in popular fields of telecoms, banking and finance, e-commerce is not at all new to the community. Adding to that are cyber-attacks to steal and then sell confidential information.

Vietnam has introduced a basic legal framework to protect personal data. In particular, the 2013 Constitution of the Socialist Republic of Vietnam has become an essential foundation to ensure the rights to personal data. Moreover, sanctions to punish administrative violations related to this issue can be found in many legal documents.

For example, Decree No.15/2020/ND-CP regulates administrative fines of VND2-70 million (US$88-3,065) for many acts of infringement of personal information and privacy. Violators of personal information privacy, depending on the seriousness of the case, may be handled according to the provisions of Article 288 in the 2015 Penal Code.

However, compared to the General Data Protection Regulation (GDPR) issued by the EU, which could impose a fine of up to €20 million for a violation case, Vice Chairwoman of the Institute of Legal Science (under the Justice Ministry) Chu Thi Hoa said that the fines in the Vietnamese laws are rather mild, while the consequences of such illegal activities could be truly serious and cause damage to the honor, dignity, safety, and even life of many victims.

Therefore, she proposed to consider additional regulations on criminal liability for law breaking activities related to personal data privacy, such as illegally collecting, using, or selling personal data, in the Penal Code. Along with that is the necessity to increase the effectiveness of the mechanism to protect personal data via civil lawsuits.

Other news