On the afternoon of May 12, the National Assembly discussed in groups the draft Law on Personal Data Protection.
Delegate Pham Phu Binh (Nghe An Delegation) expressed concern and concern at seeing children in Vietnam accessing the Internet and accessing social networks too early.
Although social networks all stipulate that a certain age must be reached to create an account, most of them declare their age incorrectly, easily creating an account on social networks, even using other people's images to create an account on social networks and post their personal information and photos.
Considering this a point that can cause many very bad consequences, the delegate pointed out the current situation in recent times, there have been many cases where children have been lured by bad guys to leave their homes while still in great need of family protection.
Therefore, the delegate suggested that there should be stricter regulations and the law should provide stronger measures in protecting personal data and protecting children in general.
In addition, the delegate also commented on the regulation on storing and deleting personal data. He pointed out that, through synthesis, the draft law requires data storage within 72 hours after a data subject's request for all personal data.
However, businesses think that requirement is too urgent and businesses do not have enough time to implement, not to mention, there is a lot of complicated data related to many transactions.
Through research, the delegate said that the regulation in the draft law is to delete all personal data. However, in reality, many cases only need to delete certain data that people find sensitive and do not want to save on that database.
For example, a few years ago, some units provided customers with card collection services and re-arseted credit card information after making those transactions with the hope of making it more convenient for future transactions.
However, after a certain period of time, customers noticed a situation of leaked credit card data.
In many cases, including my personal life, I have lost money due to the illegal use of my credit card information. Therefore, through personal experience, after the payment is completed, I choose not to save card data on the supplier's websites or if I have stored it, I will request to delete it," the delegate said, pointing out that the draft law does not have regulations on partial Deletion of data.
Proposing to add this regulation, the delegate said that this would receive consensus from both sides from data owners and service providers.
Commenting on the ban, delegate Vu Huy Khanh (Binh Duong Delegation) said that Decree 13/2023/ND-CP has banned the purchase and sale of personal data in any form.
According to him, there are also opinions that such an absolute ban is too strict? Or how to regulate it to both protect the rights of individuals to data and their information but not "excessively" limit economic development activities and serve digital transformation.
"There should be an breadth to determine that in addition to strictly prohibiting, there should still be a mechanism for data flow to a level of de-personalization, which must be used and exchanged at a certain level to serve digital transformation," said the delegate.
