The Ministry of Public Security has issued a draft Law on Personal Data Protection with a number of important proposals. The draft Law on Personal Data Protection will be submitted to the National Assembly for comments at the 9th Session (May).
According to the Ministry of Public Security, the development of the Law on Personal Data Protection aims to perfect the legal system on personal data protection in our country, create a legal corridor for personal data protection, improve the capacity to protect personal data for domestic organizations and individuals to access international and regional standards. At the same time, promote the use of personal data in accordance with the law to serve economic and social development.
Article 31 of the draft law stipulates the protection of personal data against social networks, communication services provided directly to viewers via cyberspace.
Accordingly, organizations and individuals providing social networking services and communication services via cyberspace (OTT) are responsible for protecting the personal data of Vietnamese citizens when operating in the Vietnamese market, or appearing on a mobile application warehouse provided to the Vietnamese market.
At the same time, it is necessary to clearly announce the content of personal data collected when the data subject installs and uses social networks and OTT services. Do not illegally collect personal data and beyond the scope agreed upon with customers.
Notably, organizations and individuals providing social networking services and communication services via cyberspace are not required to ask users to take photos of their citizen identification cards and ID cards as an account authentication factor.
In addition, the draft law also requires social networking service platforms to provide options for users to refuse to collect and share cookies.
These organizations are responsible for providing a "no tracking" option, or are only allowed to monitor social networking and OTT service activities with the user's consent.
In addition, it is necessary to specifically and clearly notify in writing about sharing personal data as well as apply security measures when conducting advertising and marketing activities based on customers' personal data.
Notably, the bill states that the act of "illegally listening, listening or recording calls and reading text messages without the consent of the data subject is a violation of the law".
" individual data registered for social network accounts and OTT services is not public data and cannot be processed without the consent of the data subject," the draft law emphasizes.
