The National Assembly voted to pass the Law on Personal Data Protection. Photo: quochoi.vn
Presenting the report on the acceptance and explanation, Chairman of the National Defense, Security and Foreign Affairs Committee Le Tan Toi said that the draft Law accepted and revised 5 chapters and 39 articles (reducing 2 chapters and 29 articles compared to the draft Law submitted by the Government ), of which 19 articles were removed, the content of 21 articles was combined into 9 articles and 2 new articles were added. This Law takes effect from January 1, 2026.
One of the contents that many delegates were interested in contributing comments on was the mechanism to ensure the implementation of the requirements of the data subjects, specific data processing activities, cases of data processing without the consent of the data subjects, transferring data abroad, assessing the impact of data processing, and protecting data in some specific fields and activities. The National Assembly Standing Committee directed the study and acceptance of the delegates' opinions.
Chairman of the National Defense, Security and Foreign Affairs Committee Le Tan Toi presented the report. Photo: Quochoi.vn
Mr. Le Tan Toi said that, regarding the assessment of impacts when handling DLCN and when transferring DLCN across borders, it basically inherits the contents submitted by the Government. Accordingly, agencies and organizations only need to prepare this profile once for the entire operation process and update it when there are changes and the competent authority will conduct a check of the profile when deemed necessary.
One of the contents that the public is interested in is the 7 prohibited acts (Article 7) of the draft Law that has just been passed by the National Assembly. Specifically, the prohibited acts include: Handling of DLCN against the Socialist Republic of Vietnam, affecting national defense, national security, social order and safety, rights and legitimate interests of agencies, organizations and individuals; obstructing DLCN protection activities; taking advantage of DLCN protection activities to commit illegal acts.
Along with that is handling DLCN in violation of the law; using DLCN of others, allowing others to use DLCN to commit acts in violation of the law; buying and selling DLCN, except in cases where the law provides otherwise; appropriating, intentionally revealing, or losing DLCN.
The Draft Law also stipulates the handling of violations of the law on the protection of DLCN (Article 8). Specifically, organizations and individuals who violate the provisions of this Law and other provisions of law related to the protection of DLCN, depending on the nature, extent and consequences of the violation, may be subject to administrative sanctions or criminal prosecution; if causing damage, they must compensate according to the provisions of law.
The maximum fine for administrative violations of the act of buying and selling DLCN is 10 times the amount of revenue obtained from the violation; in case there is no revenue from the violation or the fine calculated based on the amount of revenue obtained from the violation is lower than the maximum fine prescribed in Clause 5 of this Article, the fine prescribed in Clause 5 of this Article shall apply.
The National Assembly has voted to pass the Law on Personal Data Protection. Photo: Quochoi.vn
The maximum fine for administrative violations against organizations that violate regulations on cross-border transfer of DLCN is 5% of the organization's revenue of the previous year; in case there is no revenue of the previous year or the fine calculated based on revenue is lower than the maximum fine prescribed in Clause 5 of this Article, the fine prescribed in Clause 5 of this Article shall apply.
The maximum fine for administrative violations in the field of DLCN protection is 3 billion VND. The maximum fine prescribed in Clauses 3, 4 and 5 of this Article shall be applied to organizations; individuals committing the same violation shall be subject to a maximum fine equal to half of the fine for organizations. The Government shall prescribe the method for calculating the revenue earned from violations of the law on DLCN protection.
Disclosure of personal data (Article 16) clearly stipulates that personal data may only be disclosed for specific purposes. The scope of disclosure and the type of data disclosed must be consistent with the purpose of disclosure. Disclosure of personal data must not infringe upon the rights and legitimate interests of the personal data subject.
In particular, agencies, organizations and individuals that publicly disclose personal data must strictly control and supervise the disclosure of personal data to ensure compliance with the purposes, scope and provisions of the law; prevent access, use, disclosure, copying, modification, deletion, destruction or other unauthorized processing of publicly disclosed data within their capabilities and conditions.
Source: https://hanoimoi.vn/du-lieu-ca-nhan-khong-duoc-mua-ban-duoi-moi-hinh-thuc-706834.html
Comment (0)