Legislators seek to reinforce protection of personal data

The National Assembly’s (NA) Science, Technology, and Environment Committee last week recommended adding several regulations to protect the private information of consumers in the amended Law on Consumer Protection.

Legislators seek to reinforce protection of personal data, Suorce: freepik.com

While the problems of fraud and harassing consumers are a major issue, NA deputy of Dak Nong province Duong Khac Mai suggested the draft law adds supplementary regulations prohibiting the act of providing and sharing consumer information to third parties without the consent of the owner. “This would work if businesses and individuals transfer collected information in accordance with this law and relevant laws to a third party for storage, or analysis in order for the transferor’s business activities,” Mai said. “This should be agreed in writing by all parties, and the third party is responsible for protecting consumer information in accordance with this law.”

Mai also asked the drafting agency to clarify the authorities that businesses and individuals or information storage parties must report to, if the information system is hacked or the private information of consumers is lost.

“The Law on Cybersecurity also raised requirements on notification obligations of data managers or owners of data systems, when an incident or data breach occurs,” he added.

Bac Kan province deputy Nguyen Thi Thuy said one of the biggest problems currently troubling consumers was that their personal information is exposed, leaked, and publicly sold on social networking platforms.

“People are suspicious that their private information is being exchanged and traded by businesses or organisations to gain profit,” Thuy said. “The current law has stipulated a number of prohibited acts such as collecting, storing, and using information. However, these do not fully cover common acts occurring recently and are not fully compatible with relevant laws, such as Article 38 of the Civil Code or Article 7 of the Law on Cybersecurity.”

Thuy proposed to study and add certain prohibited acts, like illegally providing, sharing, delivering, buying, selling, and exchanging information about consumers.

At present, severe telephone scams and spam have been occurring much more, all caused by exposing personal information. Buying, selling, and exchanging customer data is deemed too easy thanks to simply searching web browsers.

Several major cases have affected the private data of customers such as VNG disclosing 163 million customer accounts; TheGioiDiDong and Dien May Xanh exposing well over five million emails and tens of thousands of payment card details of customers; the server system of Vietnam Airlines being hacked and revealing 411,000 member customer accounts; and the disclosing of customer information for Vietnamese taxi service brokers to solicit customers via text message.

According to the Ministry of Public Security (MoPS), data on two-thirds of Vietnam’s population is being collected, stored, and uploaded on the internet at a capacity of about 1,300GB. “This is caused by the user’s lack of awareness of protecting their personal data, publicly posting or disclosing it in the process of transferring, storing or exchanging for business activities,” said a ministry spokesperson.

Vu Ngoc Son, chief technology officer at Vietnam National Cyber Security Technology Corporation, said that in a scam, criminals collect information about the target group, then send messages or make calls.

“Thus, the customer list and their information are the most important factor in any scam. Therefore, in addition to the tightening of poor SIM management, managing personal information more closely and strictly is necessary by adding some provisions in relevant laws, along with severe sanctions,” said Son.

While the Ministry of Industry and Trade is the focal point for amending the Law on Consumer Protection, the MoPS will draft the decree on personal data protection, which is expected to satisfy requirements on protecting personal data rights, and more besides.

Ensuring protection of children’s personal data Over the years, protecting children’s informational privacy has become a controversial issue. From a legal perspective, there are two questions: to what extent does it depend upon parental control and consent, and how is this factor incorporated into the law seeking to protect children’s informational privacy?

Data privacy regulations must be immune from exploitation The fast-paced development of technology and science in recent times has resulted in various legal issues regarding personal data privacy in Vietnam.

Decree on Personal Data Protection promulgated The Government on April 17 issued Decree on Personal Data Protection which specifies measures and conditions to ensure the work.