The above content was reflected by delegate Nguyen Minh Duc (Ho Chi Minh City Delegation) at the group meeting on the draft Law on Personal Data Protection, this afternoon (May 12).

"No one knows where this information was leaked from, but it clearly caused confusion and fear among people, directly affecting their lives and safety," Mr. Minh Duc said and suggested that there should be clear regulations in the law to prevent the illegal collection, sharing, and trading of personal data.

Mr. Duc cited that in today's online sales, buyers must share personal information with sellers, including full name, phone number, home address, work address, and bank transfer.

This information is then shared with the shipper team. Every day a shipper makes hundreds of deliveries and has hundreds of personal data of buyers. So how to control, regulate the seller, the shipper is also the party that has to manage personal data, or is it a third party, how to control the data?

Mr. Duc also warned of risks from artificial intelligence (AI), especially generative AI technology - which can use sensitive personal data to create fake information, causing serious impacts if exploited for the wrong purposes.

Many recruitment companies receive hundreds of job applications every day, but there are no regulations in place to protect personal data in these applications.

“People are upset with spam calls. Why do these law-breaking scammers know our phone numbers, clearly state that we have not paid our electricity bill, our electricity contract number, and even our citizen identification number. So where did this information leak from?” Delegate Nguyen Minh Duc raised the issue.

According to Mr. Duc, through investigation, the authorities confirmed that the leaks came from many different sources. Among them, organizations and individuals responsible for managing personal data leaked, in some cases accidentally leaked, lacked responsibility or even cases of profiteering.

The scammers know the personal phone number, then call, threaten, and extort property. Therefore, he believes that it is imperative to propose a law to be enacted soon to protect people's data.

Delegate Tran Van Khai, Vice Chairman of the National Assembly's Committee on Science, Technology and Environment, said that Resolution No. 57-NQ/TW determined that it is necessary to exploit the full potential of data, considering data as "a new resource... a new means of production" in the digital economy .

However, this requirement has not been fully institutionalized in the draft law. The current draft focuses on data protection, but does not focus on the mechanism for promoting data value.

He commented that this regulation protects privacy, but lacks flexibility to encourage the exploitation and sharing of data for development. The Party's policy is to "eliminate the mindset of banning if you can't manage it", requiring that instead of an absolute ban, there must be a management method that allows sharing and commercialization of data under reasonable control.

"If the law does not pave the way for safe data exploitation, it will be difficult for us to build a healthy data market. Personal data is still at risk of being bought and sold "illegally" in the underground market, and the State cannot take advantage of this digital resource." he wondered

The draft law still lacks specific provisions to institutionalize the data economy in the spirit of Resolution 57. If the above content is not promptly supplemented, the consequences will be very serious.

Firstly, the national digital transformation process is at risk of slowing down and falling behind.

Second, without a mechanism for the data economy, a transparent data market does not form; data continues to be illegally traded, infringing on people's privacy, and businesses lack data for innovation.

The delegate proposed replacing the absolute prohibition on “buying and selling personal data” with a prohibition on buying and selling data without the consent of the data subject or for illegal purposes. At the same time, it was added that data subjects who voluntarily share their data to receive benefits will not be considered a violation if they comply with data protection principles.

Delegates also proposed to add regulations that the State encourages the sharing and use of anonymized or aggregated data for research and technology development. Thereby, forming an open data ecosystem between the State and businesses, promoting the development of the data economy, and ensuring that personal privacy is not violated.