On the afternoon of March 26, full-time National Assembly deputies discussed the draft Law on Personal Data Protection.
The Ministry of Public Security said that the development of the draft law aims to promptly protect human rights, civil rights, legitimate rights and interests of individuals, and prevent the current widespread violation of personal data.
At the same time, it creates the synchronization of the legal system, serving a breakthrough revolution in the development of science and technology, innovation and national digital transformation in the spirit of Resolution 57 of the Politburo.
Personal data is information in the form of symbols, letters, numbers, images, sounds or similar forms associated with a specific person or helping to identify a specific person, including: basic personal data and sensitive personal data.
In Article 4 on handling violations of regulations on personal data protection, the Ministry of Public Security proposes that agencies, organizations and individuals who violate regulations on personal data protection depending on the level of civil liability, will be subject to disciplinary action, administrative violation handling, and criminal handling according to the provisions of law;
Apply an administrative penalty of 1% to 5% of the previous year's revenue of organizations and enterprises that violate regulations on personal data protection.
The draft law also assigns the Government to specify in detail the fine levels and penalty frameworks for each administrative violation.
Delegate Duong Khac Mai - Deputy Head of the National Assembly Delegation of Dak Nong Province - questioned the consistency of the draft law with the legal system and with the Law on Handling of Administrative Violations, related to handling violations of regulations on personal data protection.
Delegate Mai found that the current handling of administrative violations does not have regulations on administrative sanctions in the field of personal data protection.
Therefore, in order to have a basis for the Government to specify the fine and penalty framework for each violation in this field, while ensuring the consistency of the legal system, it is necessary to supplement in the direction that the maximum fine in the field of personal data protection will be implemented according to the provisions of the corresponding law.
Commenting on prohibited acts (in Article 7), delegate Duong Khac Mai suggested that it is necessary to clarify whether the ban on data trading is a ban on giving or giving.
Data that organizations and businesses collect from personal data subjects is processed data.
Meanwhile, according to the provisions of Clause 8, Article 2 of the draft Law, "Processing personal data is one or more activities affecting personal data, such as: collecting, recording, analyzing, confirming, storing, editing, publicizing, disclosing, combining, accessing, retrieving, recovering, encrypting, decoding, copying, sharing, transferring, transferring, deleting, canceling personal data or other related actions".
"Therefore, at this time, data collected by businesses and organizations is a collection of data of many personal data entities and the costs of businesses and organizations for personal data processing activities. The ban on buying and selling personal data needs to be considered," delegate Duong Khac Mai stated.
Concluding the discussion, Vice Chairman of the National Assembly Tran Quang Phuong suggested that it is necessary to clarify the political basis, legal basis and practical basis directly related to personal data protection.
Strengthen people's personal rights, such as the right to control personal data, limit the transfer of personal data across borders to avoid the risk of data leakage.
