Significant Amendments To Law On E-Transactions In Vietnam

1)         Introduction

On 22 June 2023, the National Assembly issued a new Law on E-transactions, which will take effect from 1 July 2024 (LET 2023). The LET 2023 has the following notable points:

  • Unless otherwise clearly excluded, the LET 2023 applies to e-transactions in all areas whether by companies, individuals or Government agencies.

  • A data message converted from paper document or vice versa must have clear marking that it has been converted from paper document and information of the converter.

  • A natural person may not be able to create and use his/her own e-signature and may have to use digital signature for his/her e-transactions.

  • For the first time, trust services are introduced. The service provider must be licensed by the Ministry of Information and Communication (MIC).

We discuss below each of these new points and some more. This post is written by Nguyen Quang Vu, Hoang Thi Thanh Thuy, Trinh Phuong Thao and Phan Thi Phuong Mai.

Read MoreInfo
Comment
Share
Written by Nguyen Quang Vu On In ,

Comments on Draft Decree on Cybersecurity Administrative Sanctions

On 31 May 2023, the Ministry of Public Security (MPS) released the 3rd draft of the Decree on Cybersecurity Administrative Sanctions (3rd Draft Decree). The 3rd Draft Decree provides administrative penalties on violations of cybersecurity laws (i.e., Law on Cybersecurity 2018, Decree 53/2022 detailing the Law on Cybersecurity 2018) and personal data regulations (i.e., Decree 13/2023 on personal data protection). In this post, we provide comments and respective recommendations of several provisions under the 3rd Draft Decree. This post is written by Trinh Phuong Thao and edited by Nguyen Quang Vu.

Read MoreInfo
Comment
Share
Written by Nguyen Quang Vu On In

Comments on Draft Law on Telecom in Vietnam

In this post, we provide our comments to the draft Law on Telecom provided to us recently. The comments are prepared by Nguyen Quang Vu and Trinh Phuong Thao.

1.        Data center services and cloud computing services should be excluded from Law on Telecom

Position under the draft Law on Telecom

The draft Law on Telecom:

  • considers data center services and cloud computing services to be telecommunication services;

  • requires onshore providers of data center services and cloud computing services to obtain a telecom license; and

  • requires offshore providers of cross-border data center services and cloud computing services to sign a contract with a Vietnamese telecommunication service provider or to set up a representative office in Vietnam.

If adopted as currently drafted, immediately when the amended Law on Telecom becomes effective:

  • all onshore providers of server leasing service will need to obtain a telecom license;

  • all onshore software providers who deliver software over the internet (e.g. Google App Store or Apple App Store) will need to obtain a telecom license;

  • all onshore e-commerce apps or software which operate in the model of client-server will need to obtain a telecom license; and

  • all offshore service providers of cross-border software, software as a services (SaaS), infrastructure as a service (IaaS) and platform as a service (PaaS) or e-commerce services will need to sign a commercial contract with a Vietnamese telecommunication service provider or establish a representative office in Vietnam.

Read MoreInfo
Comment
Share
Written by Nguyen Quang Vu On In ,

New Decree on Protection of Personal Data in Vietnam and Comparison with GDPR

Please click here to download the pdf version.

On 17 April 2023, the Government issued Decree 13 on personal data protection (Decree 13/2023). Decree 13/2023 marks a significant milestone as the first comprehensive legal document that governs the protection of personal data in Vietnam. As compared to the draft decree on personal data protection (Draft Decree), Decree 13/2023 has been significantly improved to incorporate key aspects necessary to protect personal data to align with the General Data Protection Regulation (GDPR). In this post, we will discuss key issues under Decree 13/2023 while comparing it to the Draft Decree and GDPR. This post is written by Trinh Phuong Thao and edited by Nguyen Quang Vu.

1.         Things to be done by 1 July 2023

Ideally, before 1 July 2023, both onshore and offshore entities involving in collecting and/or processing personal data of Vietnamese individuals or foreign individual residing Vietnam should do the following:

  • having proper consents from the relevant data subject (see 7);

  • if it is a data controller, having a contract with the relevant data processor (see 4);

  • determining whether it deals with basic personal data or sensitive personal data;

  • preparing and submitting an assessment of the impact of personal data processing to the Ministry of Public Security (MPS) (see 10);

  • preparing and submitting an assessment of the impact of offshore transferring personal data to the MPS (see 11);

  • setting up system to protect the safety and confidentiality of the personal data which it collects or processes; and

  • setting up a personal data protection department and a data compliance officer if it deals with sensitive personal data.

Decree 13/2023 only exempts small and medium enterprises or start ups from complying with certain requirements until 1 July 2025.

One key missing ingredient though is the potential penalty which may apply in case of non-compliance. Accordingly, currently, Decree 13/2023 has no teeth in enforcing the above requirements. Unlike Decree 13/2023, the GDPR has clear penalties and fines applicable to violations of the GDPR.

Read MoreInfo
Comment
Share
Written by Nguyen Quang Vu On In ,