Proposal to expand vulnerable groups protected in cyberspace

On the afternoon of October 31, continuing the 10th Session, the National Assembly discussed in groups the Cyber ​​Security Law Project.

Discussing in groups, National Assembly deputies agreed that amending the Law on Cyber ​​Security is necessary and has profound significance in the current period to protect national digital sovereignty , national security and the legitimate interests of the people, when cyberspace has become an inseparable part of human life and society.

Expanding online protection to other vulnerable groups in society

Speaking at the group, delegate Ma Thi Thuy, Deputy Head of the National Assembly Delegation of Tuyen Quang province, expressed her complete agreement with the fact that this draft Law focuses on protecting children because this is a vulnerable group and needs to be prioritized.

However, according to the delegate, if we only stop at children, it is not enough. In the context of increasingly sophisticated cybercrime and high-tech fraud, many other vulnerable groups are also being seriously harmed in the online environment.

In reality, the elderly, people with disabilities, women, ethnic minorities, or people in difficult circumstances with limited digital skills are all vulnerable to exploitation, fraud, or personal data infringement. Behaviors such as impersonation, account hijacking, fraud via social networks, e-wallets, or text messages are very common, causing both material and mental damage.

On that basis, the delegate suggested that the Drafting Committee study and supplement regulations that, in addition to child protection, should expand the scope to other vulnerable groups in society such as the elderly, people with disabilities, women, ethnic minorities, and people in especially difficult circumstances.

In addition, delegates also proposed to add responsibilities to businesses providing social networking platforms, and to have a mechanism to identify, warn and provide timely support to users in vulnerable groups when they are attacked, abused or threatened online.

“Adding this content not only makes the law more comprehensive, humane and practical, but also conforms to the policy of “leaving no one behind” in digital transformation, ensuring safety for all people in cyberspace,” the delegate expressed.

Delegate Sung A Lenh (Lao Cai Delegation) suggested that the Drafting Committee add the principle of protecting network security to "ensure citizens' right to access information and legitimate privacy, ensuring the balance between State management requirements and human rights in cyberspace".

According to the delegate, practice shows that cyber security is not only national security but also must ensure human rights according to the Law on Access to Information 2016 and the Law on Cyber ​​Security 2015. Therefore, adding this principle will help harmonize the task of protecting security and the legitimate interests of citizens.

Establish a mechanism to receive and respond to information from people about cybersecurity violations

Commenting on regulations on preventing and handling cyber security intrusions, delegate Luong Van Hung (Quang Ngai Delegation) agreed with the regulations on preventing and removing false information, distortions, inciting ethnic and religious division, and undermining national unity.

However, delegates proposed to study and clearly stipulate the criteria and procedures for determining the content of "distortion and untruth" in the Law to avoid arbitrary application and ensure the people's right to freedom of speech and social criticism according to the Constitution.

Pointing out that the regulations on the responsibilities of organizations and individuals using cyberspace are still general in nature and do not clearly show the responsibilities of account holders in cases where they are exploited to commit violations, delegate Luong Van Hung proposed clarifying the principle of "only handling when there is an error" and adding the obligation to promptly notify the authorities when violations are detected. Adding the rights of users to access, know, and complain when personal data is illegally collected and processed.

"It is recommended to establish a mechanism to receive and respond to information from people about cybersecurity violations to improve coordination efficiency and transparency in management," the delegate recommended.

Regarding information classification (Article 27), delegate Dang Thi Ngoc Tram (Da Nang City Delegation) said that the review report pointed out that the draft has not clearly defined the type of information to be classified and has not been linked to the legal responsibilities of the relevant entities. I think this is a key issue because "information classification" is the basis for determining the rights, obligations and responsibilities of organizations, individuals and State management agencies in protecting network security.

Delegate analysis: In other legal systems such as the Law on State Secrets Protection, the Law on Data and the Law on Personal Data Protection, there are provisions related to "information classification" and "data classification". Therefore, if the scope is not clearly defined, it will lead to duplication, conflict and difficulty in applying in practice, especially in the fields of finance, health, education or public administrative data.

Accordingly, the female delegate proposed the need to specifically classify information groups in cyberspace: public information, restricted access information, state secret information, personal information and business data information.

In case the scope of independence cannot be determined, consider removing Article 27 and assigning the Government to specify the classification and protection of network information on the basis of the Data Law and the Law on Personal Data Protection.