The National Cybersecurity Association (NCA) held a seminar on “Comments on the Draft Personal Data Protection Law” on April 23 in Hanoi. 

The seminar aimed to collect opinions from agencies, organizations, businesses, and citizens to refine the draft law before it is submitted to the National Assembly for approval at May 2025 session.

Comprising seven chapters and 69 articles, the draft regulates data processing principles, rights and obligations of data subjects and related parties, cross-border data transfers, data impact assessments, data protection trust ratings, violation handling, and inspection mechanisms. 

It also covers foreign organizations and individuals collecting and processing Vietnamese citizens’ data.

The draft law builds on the Government’s Decree 13 of 2023 on personal data protection but at a higher and more foundational level.

Nguyen Minh Chinh, Director of the Cybersecurity and High-Tech Crime Prevention Department (A05, Ministry of Public Security) and NCA’s Standing Vice Chair, said that data security and personal data protection are closely tied to human security, national security, and national data sovereignty. 

They must be integral, inseparable requirements in the scientific, technological and digital transformation revolution, as well as the development of the data industry.

As IT increasingly permeates human life, users share more personal data online and with service providers, from basic details to biometric, psychological, and behavioral information. The prevalence of personal data online is proportional to the consequences when it is not adequately or properly protected.

But awareness of personal data protection remains limited. Biometric data, personal profiles, relationships, and health and financial details are publicly posted, becoming important sources of information for automated data collection programs.

Data breaches, theft, and trading of personal information online occur frequently. More and more entities collect, analyze, and process personal data for various purposes without notifying customers or engaging in violations of data protection.

“Many new online services involve collecting, exploiting, and analyzing personal data without user data management mechanisms, raising issues related to national security, social order, and violations of individuals’ and organizations’ legitimate rights,” Chinh said.

Noting these challenges, he noted that finalizing the Personal Data Protection Law is an urgent need to institutionalize constitutional and legal provisions on privacy rights, human rights, citizen rights, and cybersecurity.

The law will ensure consistency within the legal system, align with international norms on personal data protection, foster socio-economic development, provide a legal foundation for data-related businesses, reduce widespread data trading and leaks, address unpunished violations, and raise awareness about data protection.

Globally, over 140 countries have enacted personal data protection laws, including India, Thailand, and Malaysia. And Vietnam must not lag behind.

Van Anh