|Illustration photo. Source: freepik.com |
Decree No.72/2013/ND-CP dated 2013 on internet services and online information has been one of the key legal instruments in the realm of cyberspace, with some coining it the “Vietnam Internet decree”. Despite the amendments made to Decree 72 in 2018, it appeared that many notable issues around the internet in recent years were still not addressed.
Government oversight of these services has become inevitable. The growing influence of foreign internet service providers has also certainly played a critical role in pressuring Vietnam’s government to address these issues quickly. In addition, the country’s data centre market is booming and projected to reach $1.64 billion by 2025 due to the general shift of enterprises to cloud platforms and the growing embrace of the Internet of Things, big data, and cloud-based solutions.
Last year the government issued a draft outline of a decree amending Decree 72, and this month the draft decree was published. The draft amendment is now under public consultation with the phase looking to be complete by September 5.
Current legislation requires organisations and individuals involved in cross-border provision of information via digital platforms (for example websites, social networking sites, online applications, and search engines) to do two things.
First is to provide the Ministry of Information and Communications (MIC) with their contact information, including name, address, and local contact point; the second is to collaborate with the MIC to take down or block access to illegal content on their platforms.
These requirements are imposed on those who rent digital information storage facilities in Vietnam, or are used or accessed by at least one million monthly internet users in Vietnam. The draft amendment has proposed to expand the reach of criteria to those who have 100,000 monthly unique visitors and to impose the following additional obligations of cross-border information providers:
- Block access to illegal services (apart from illegal information) per the MIC’s request;
- Enter into a content cooperation agreement with the Vietnamese press when providing information cited from the local media on the basis of copyright regulations;
- Store data and set up a branch or representative office in Vietnam according to the Law on Cybersecurity and its guiding regulations;
- Establish a department dedicated to receiving, processing and responding to requests from competent authorities in accordance with Vietnamese law;
- Handle Vietnamese users’ complaints within 24 hours from receipt of the complaints; temporarily lock or remove the content if the complaint is valid, and notify the uploader of the reasons for the locking/ removal;
- Allow only accounts, community pages, and content channels in Vietnam that have notified contact information to the MIC to livestream and participate in revenue-generating services in any form;
- Publicise policies and procedures to support customers in handling network safety and security issues in a concise, visible, and perceivable manner; and
- Submit an annual report by December 31 or an ad-hoc report on cross-border information provision activities upon request of the MIC’s Department of Radio, Television and Electronic Information.
The content of the above-mentioned annual/ad-hoc report to the MIC is required to cover, among others, the number of user accounts and unique visitors, revenue in Vietnam, user complaints that have been handled, number of illegal contents that have been handled, and contact information upon the time of the report.
Notably, the draft amendment has proposed that upon the MIC’s request, cross-border information providers must establish a mechanism able to take down/restrict content and temporarily lock/remove upon Vietnamese users’ requests in relation to two types of illegal contents. These are information affecting the normal physical and mental development of children; and information infringing upon the intellectual property rights of others.
Inspired by the recent Australian new media law and pressure on social media platforms to share revenue with the traditional press, a new requirement to enter into a content cooperation agreement with the Vietnamese press when providing information cited from the local media has now also been established. The draft amendment also introduced definitions of the data centre services, including dedicated servers, co-location, data storage services, and cloud computing.
The draft amendment requires providers of data centre services to apply for a business license for offering data centre services before the MIC. In addition, the provision of data centre services to clients abroad must also be properly informed to the MIC.
Providers must follow the relevant technical standards in designing, building, and operating the data centre; have software and applications to manage and store customer information; and possess a procedure in place to protect customers’ data.
On the basis of finding their clients conducting illegal activities, providers of data centre services are compelled to report clients to the authorities. Also, the providers cannot transfer their clients’ data abroad and must sufficiently apply measures to protect the data. Records of client information should be kept for at least five years after the services of the data centre for that client ended.
The draft amendment also requires that the contract of data server services is included without limitation to information of prohibited activities, agreed level of services and technical standards, and identifiable information of the customers.
The draft amendment impacts all major players in the tech industry, including cloud service providers, social media platforms, and cross-border information providers. Both local and overseas tech-based internet service providers are recommended to keep a close watch on the developments of the amendment, as relevant changes on internet regulations will call for timely compliance.