This is one of the draft laws drafted by the Ministry of Public Security and submitted to the National Assembly at this session.
Deputy Prime Minister Le Thanh Long, authorized by the Prime Minister, presented the proposal. According to statistics from the Ministry of Public Security, there are currently 69 legal documents directly related to personal data protection in Vietnam, but these documents are not unified in terms of the concept and content of "personal data" and "protecting personal data". Only Decree No. 13 dated April 17, 2024 of the Government on personal data protection provides a specific definition of these concepts.
Meanwhile, personal data is an issue closely related to human rights, civil rights, safety, network security, information security, data security, information technology, the Fourth Industrial Revolution, e-government, digital government, digital economy.
The development of the law aims to ensure harmony with international practices and regulations in the field of personal data protection, when more than 140 countries have issued separate legal documents on this content. Many documents also have cross-border adjustment scope, applicable to Vietnamese organizations and individuals.
At the same time, the draft law is expected to create a legal foundation for the use of personal data to serve socio-economic development. Personal data is increasingly considered one of the main production documents for digital transformation, digital economic development, and building a digital society - a field that creates high added value in the national economy.
The draft Law on Personal Data Protection consists of 7 chapters and 68 articles, regulating the responsibility to protect personal data of relevant agencies, organizations and individuals.
Presenting a report of the draft Law, Chairman of the National Defense, Security and Foreign Affairs Committee (QPAND) Le Tan to say that the construction and promulgation of this Law is in accordance with the Party's guidelines, guidelines and guidelines on national digital transformation, digital economic development, digital society building; Meeting the requirements of international integration, contributing to creating momentum to bring the country into the "era of the nation's rise".
Regarding the handling of violations of regulations on personal data protection (Article 4), the National Defense Law Committee proposes to consider the provisions in Clause 2: " applying an administrative penalty of 1% to 5% of the previous year's revenue of organizations and enterprises that violate regulations on personal data protection".
Some opinions say that the above penalty level is too heavy and not feasible for businesses. Other opinions said that this regulation is not in line with the current view of handling administrative violations, which requires "to be based on the nature, level, consequences of the violation, the violator and mitigating circumstances, aggravating circumstances".
In particular, applying the penalty level based on the previous consecutive year's revenue is considered inappropriate for newly established organizations and enterprises, or cases with revenue but no profit. Some opinions suggest classifying violations to stipulate more appropriate penalties.
Regarding prohibited acts (Article 7), the National Defense Committee proposes to study, review and fully supplement prohibited acts for each activity group and each type of personal data protection subject.
Regarding Clause 5 of the regulation prohibiting the "buy and sell of personal data", some opinions suggested that there should be a clear explanation of the term "buy and sell personal data" to avoid misunderstanding. Some delegates said that if the purchase and sale of data is completely banned, it could affect the production and business activities of organizations and enterprises. Therefore, it is necessary to have more open regulations to both unlock resources and encourage innovation, not hindering the development of the data market.
