Discussing the draft Law on Personal Data Protection, on the afternoon of May 12, National Assembly deputies agreed that personal data is considered one of the main means of production for digital transformation, digital economic development, building digital citizens and digital society.
However, it is necessary to clarify the meaning of "sensitive personal data"; propose to re-study the content of applying administrative penalties for organizations and enterprises that violate regulations on personal data protection; propose to promote the development of the data economy, ensuring that personal privacy is not violated.
Clarifying the meaning of "sensitive personal data"
Speaking at the group, delegate Nguyen Thi Thu Nguyet ( Dak Lak ) pointed out the fact that a lot of personal information and data have been leaked and attacked on cyberspace. A lot of information is used for illegal or unlawful purposes for personal gain. Therefore, the promulgation of laws is very necessary to protect the legal and legitimate rights of organizations and individuals, especially in the current context of using personal data to serve socio-economic development.
In addition to clarifying the meaning of "sensitive personal data" and "basic personal data" to be able to solve practical problems, delegate Nguyen Thi Thu Nguyet expressed interest in the regulations on handling violations of personal data protection regulations.
The draft Law stipulates an administrative penalty of 1-5% of the previous year's revenue of organizations and enterprises that violate regulations on personal data protection.
However, "this regulation is difficult to implement in practice and should be reconsidered," because in the business process, the previous year's revenue had many legitimate and legal sources, in addition to revenue from personal data.
"Should we conduct research in the direction that handling violations should be based on the unfavorable revenue from personal data business? The drafting committee needs to conduct further research to make practical and appropriate regulations. If there is a violation of personal data protection issues, businesses should be willing to pay fines," delegate Nguyen Thi Nguyet Thu suggested.
Delegations of National Assembly deputies from Thai Binh, Dak Nong and Phu Yen provinces discuss in groups. (Photo: Phuong Hoa/VNA)
Sharing the same view, delegate Tran Quoc Tuan (Tra Vinh) said that personal data is considered one of the main means of production to carry out digital transformation, develop the digital economy, build digital citizens and digital society.
However, personal data is a very sensitive issue, has great influence, can damage the reputation, honor, and even negatively affect the career of the organization or individual involved if it is leaked and used for bad purposes.
Currently, the problem of personal data leakage is one of the issues that authorities and the whole society are very concerned about. The authorities have tried very hard but the problem of personal data leakage continues to increase rapidly and is very alarming in our country.
Proposing that the law needs to clearly explain the concept of "sensitive personal data," delegate Tran Quoc Tuan said that the meaning of this phrase is unclear and is still qualitative because personal data, according to one person, is sensitive but to another person it may not be sensitive.
Proposing to review the content of applying administrative fines of 1-5% of the previous year's revenue of organizations and enterprises that violate regulations on personal data protection, delegate Tran Quoc Tuan said that this regulation is difficult to implement, especially for newly established enterprises at the beginning of the year but "cannot be fined" if they violate regulations at the end of the year; or there are also cases where enterprises violate and are dissolved before being discovered. There are even cases where enterprises have generated revenue in the previous year but the profit margin is low, if fined, they will suffer heavy losses.
There should be a separate set of internal rules on data protection.
Concerned about the consent of data subjects, delegate Tran Thi Van (Bac Ninh) said that the draft Law stipulates that most data processing activities must have the consent of data subjects.
For electronic transactions, the consent of the data subject is expressed through digital actions such as: OTP code confirmation, digital signature, account login authentication... Therefore, delegate Tran Thi Van proposed to consider adding regulations that the above forms are recognized as the consent of the data subject.
National Assembly delegate of Bac Ninh province Nguyen Anh Tuan speaks. (Photo: Phuong Hoa/VNA)
Regarding the protection of personal data in marketing and advertising services, delegate Tran Thi Van said that the regulation prohibiting the hiring of third parties is not feasible and not suitable for practice because the marketing and advertising industry depends on the digital ecosystem, where platforms such as Google Ads, Facebook Ads, and TikTok Ads play a central role.
Small companies (agencies, startups) do not have the ability to build their own mass email/SMS tools or run behavioral advertising, but often outsource. If third-party outsourcing is banned, it will limit the competition of small businesses because if small companies do not rely on advertising platforms from third companies, advertising costs are very high, causing difficulties for these companies, which can lead to illegal data purchases to save costs.
Regarding the protection of personal data in big data processing, according to delegate Tran Thi Van, the draft Law stipulates protection measures for relevant agencies, organizations and individuals when processing big data, but does not fully mention the scale of specific databases of state agencies such as tax, customs, social insurance, etc.
Delegates proposed to add regulations that state agencies processing big data need to have their own internal rules on data protection, periodic assessment, access encryption, and data recovery in case of incidents.
Promoting the development of data economy
Discussing the draft Law in the group, delegate Quan Minh Cuong (Cao Bang) emphasized that personal data protection is a very "pressing and hot" issue because personal data is leaked, personal data is violated and exploited; meanwhile, the issue of protecting personal data in cyberspace is currently "extremely difficult."
Citing examples of personal information being leaked when going to the supermarket or just landing on a plane and someone calling to invite you to book a taxi home, or just touching the home purchase advertisement information and receiving 40-50 phone calls introducing the project, delegate Quan Minh Cuong said that we are living in a digital environment, protecting personal data related to privacy, economics, finance... is very important.
Ho Chi Minh City National Assembly delegation discusses in groups. (Photo: Phuong Hoa/VNA)
Delegates suggested that after legalization, authorities need to take measures to ensure people's personal data; it is necessary to clarify measures to handle when personal information is disclosed, exploited and used for the wrong purpose.
While the draft Law has initially established a legal framework for personal data protection, delegate Tran Van Khai (Ha Nam) said that a core content proposed by Resolution 57-NQ/TW - the requirement to "make data the main means of production" to develop the data economy - has not been fully institutionalized in the draft law.
Delegate Tran Van Khai proposed to amend "prohibited acts" by replacing the provision "absolutely prohibiting the buying and selling of personal data" with "prohibiting the buying and selling of data without the consent of the data subject or for illegal purposes"; adding that data subjects who voluntarily share their data to receive benefits will not be considered a violation if they comply with data protection principles.
In addition, delegate Tran Van Khai also proposed adding regulations that the State encourages the sharing and use of anonymized or aggregated data for research and technology development; thereby forming an open data ecosystem between the State and enterprises, promoting the development of the data economy, and ensuring that personal privacy is not violated.
"The above proposals aim to ensure that the Law on Personal Data Protection both strictly protects privacy rights and creates an open corridor for data to become a strong and comprehensive driving force for development," delegate Tran Van Khai suggested./.
(Vietnam+)
Source: https://www.vietnamplus.vn/thuc-day-kinh-te-du-lieu-phat-trien-bao-dam-khong-xam-pham-doi-tu-ca-nhan-post1038090.vnp
![[Photo] Ready for the top competitions of Vietnamese table tennis](https://vphoto.vietnam.vn/thumb/1200x675/vietnam/resource/IMAGE/2025/5/18/9c547c497c5a4ade8f98c8e7d44f5a41)
![[Photo] Many young people patiently lined up under the hot sun to receive a special supplement from Nhan Dan Newspaper.](https://vphoto.vietnam.vn/thumb/1200x675/vietnam/resource/IMAGE/2025/5/18/6f19d322f9364f0ebb6fbfe9377842d3)
![[Photo] General Secretary To Lam visits exhibition of achievements in private economic development](https://vphoto.vietnam.vn/thumb/1200x675/vietnam/resource/IMAGE/2025/5/18/1809dc545f214a86911fe2d2d0fde2e8)
Comment (0)