To implement Decree No. 53/2022/ND-CP detailing a number of articles of the Law on Cybersecurity and Decree No. 13/2023/ND-CP on protection of personal data, the current urgent need is to draft a legal document detailing the administrative sanctions, even criminal handling of acts of violating cybersecurity, infringing on personal data and privacy rights in Vietnam.
The fact that Decree No. 13 on the protection of personal data was issued on April 17, 2023, and will officially take effect from July 1, 2023 is an important milestone for Vietnam in its goal of internationalisation and wide integration when this is considered the first official legal document regulating the content of personal data and privacy rights protection.
In order to achieve development goals, Vietnam first needs to focus on the most basic factor for each country – the people. In particular, personal information of people is considered one of the most basic rights. Once the protection of the right to personal information and personal data is established, that country has room to continue to develop other factors around people such as economy, politics, culture, etc.
However, although Decree No. 13 was issued, but considering the content, experts pointed out that this Decree does not have specific regulations on the form of sanction if the personal data, privacy rights violation actions took place, thereby lacking deterrence and enforcement.
Sanctions for administrative violations of personal data infringement in Vietnam
In order to supplement strict penalties for violations, the Ministry of Public Security is collecting people’s opinions in developing a draft of the Cybersecurity Administrative Sanctions Decree (CASD).
It is known that the first version of the draft Decree was released for public comment in September 2021, a long time before Decree No. 53 and Decree No. 13 were issued in 2022 and 2023, respectively.
Last year, the Ministry of Public Security also held a workshop in Hanoi to collect people’s opinions on a draft version of the Decree on administrative sanctions on cyber security, where repeat violators could be fined up to 5% of the violator’s annual turnover for the financial year.
On May 31, 2023, the Ministry of Public Security officially issued an updated version of the draft decree for public consultation and public comments.
Expectedly, the effective date of the draft is December 1, 2023 and the deadline for sending comments to the Ministry of Public Security on the draft is June 20, 2023.
The draft Decree can be viewed in detail here.
Method of submission of comments: send to Vietnam Bank Association at email address: email@example.com to summarize and send to the Ministry of Public Security.