Social networks do not require users to provide photos of identification documents
With 433/435 delegates in favor, on the morning of June 26, the National Assembly pressed the button to pass the Law on Personal Data Protection.
The Law stipulates the principles of personal data protection for social networking platforms and online communication services (Article 29).
Platforms are not allowed to illegally collect personal data and outside the scope agreed upon with customers; are not required to provide images or videos containing complete content or part of their identification documents as account authentication factors; do not secretly listen, steal or record calls and read text messages without the user's consent.
Platforms must publicize security and transparency policies in data collection and use, provide mechanisms for users to access, edit, delete information and establish privacy.
In case of transferring personal data of Vietnamese citizens abroad, platforms must have appropriate protection measures.
The Law also sets out principles for data protection in the fields of finance, banking and credit information (Article 27).
Accordingly, organizations and individuals operating in the fields of finance, banking, and credit information activities do not use credit information of personal data subjects to score, rating credit, evaluate credit information, and assess the credit rating of personal data subjects without consent.
Credit institutions only collect personal data necessary to serve credit information activities from sources in accordance with regulations and must notify the subjects of personal data in case of disclosure or loss of information about bank accounts, finances, credit, and credit information.
Organizations and individuals carrying out credit information activities shall apply measures to prevent, combat illegal access, use, disclosure and editing of customers' personal data; have solutions to restore customers' personal data in case of loss; security in the process of collecting, providing and processing customers' personal data to serve credit information assessment.
The Law assigns the Government to specify this in detail.
Protecting personal data in advertising service business
The law stipulates that organizations and individuals doing business in advertising services are only allowed to use personal data of customers that are transferred by the personal data controller, the controller and the personal data processed by the agreement or collected through their business activities to do business in advertising services.
The personal data controller or the personal data controller or processing party may only transfer personal data to organizations and individuals doing advertising services in accordance with the provisions of law.
The processing of customers' personal data to do business in advertising services must be done with the consent of customers, on the basis that customers clearly know the content, methods, forms, and frequency of product introduction; provide customers with a method to be able to refuse to receive advertising information.
The use of personal data for advertising must comply with the provisions of law on preventing and combating junk messages, junk e-mails, junk calls and the provisions of law on advertising.
Personal data subjects have the right to request stopping receiving information from advertising services.
