Amid Vietnam’s promotion of digital government development and administrative procedure reform, the Ministry of Public Security (MPS) released the Draft Data Law for public consultation. The Draft Data Law, set to take effect on 1 January 2026, consists of 66 articles across 7 chapters. While this draft aims to create uniform, coherent, and effective use of data for state management, there are implications for the private sector worth monitoring.

The National Comprehensive Database and the National Data Center

The Draft Law mandates the establishment of a National Comprehensive Database, which will be housed within the National Data Center under the Government’s management. With an aim of streamlining data collection and sharing among state agencies, organizations, and individuals, the National Comprehensive Database is accessible to stakeholders in both public and private sectors under specific conditions such as the National Data Center’s approval and/or data subjects’ consent. Official fees are proposed to apply for access by private stakeholders that are not data subjects.

The National Comprehensive Database is not only sourced from state agencies and other national databases, but also from data provided by the private sector upon state agencies’ requests. To this end, there are limited cases under which government agencies meeting specific requirements can access data held by organizations and individuals, e.g. public emergencies or necessity for fulfilling specific public tasks. Businesses should therefore prepare for data sharing requirements by developing clear data sharing policies and using interoperable systems to facilitate smooth data exchange while protecting their data privacy.

Cross-border Data Transfer Requirements

The Draft Data Law proposes to require approval from authorities and a security assessment for offshore transfers of:

• “Critical data” – data pertaining to sectors or areas where leaks or tampering can threaten national security, the economy, social stability, and public health; and
• “Core data” – critical data that can affect political security if misused, including national security, key economic sectors, essential public services, and major public interests.

The requirements aim to mitigate risks to national security and public interests while allowing data to flow freely across borders.

Vietnam’s Draft Data Law is a regulatory framework designed to unify, synchronise and effectively use data for administration and social economic development, for digital government development and for administrative procedure reform. Nonetheless, the Draft Law is still in its preliminary stages, serving more as a framework with many policy-like provisions and introductory concepts that lack detailed elaboration. The public consultation period, open until 1 September 2024, is expected to help improve the law so that it better fits into Vietnam’s context while remaining in line with global standards.

Authors: Yen Vu, Khanh Nguyen, Ly Nguyen, Uyen Doan, Thuy Duong Bui

TAGS

• Vietnam
• Cross Border Data
• data