Discussion regulations in the law that require user data and important data related to national security to be stored in the country, and all enterprises doing business in cyberspace related to Vietnam to establish headquarters and representative offices in Vietnam, the officer said they are feasible and in line with domestic law and international practices. The regulations neither run counter to treaties to which Vietnam is a party nor obstruct businesses’ operations.
According to Duc, 18 countries in the world have set forth requirements for storage of important data within their territories. They are the US, Canada, Russia, France, Germany, China, Australia, Indonesia, Greece, Bulgaria, Denmark, Finland, Sweden, Turkey, Venezuela, Colombia, Argentina and Brazil.
Thus, Vietnam is not the first country having this regulation, he noted.
Vietnam’s commitments to WTO agreements such as the General Agreement on Tariffs and Trade 1994 (GATT 1994), the General Agreement on Trade in Services (GATS) and the Agreement on Trade-related Aspects of Intellectual Property Rights (TRIPS), as well as the Comprehensive and Progressive Trans-Pacific Partnership (CPTPP) also have regulations on security exceptions that allow the respect for and protection of national security at the highest level.
Regarding the establishment of representative offices, the police general said several Vietnamese laws, including the 2005 Commercial Law and the 2017 Foreign Trade Management Law and their guiding documents, stipulate that all foreign countries’ trade promotion organisations must open representative offices in Vietnam.
Google has set up some 70 representative offices and Facebook 80 representative offices in countries around the world. In Southeast Asia, they have opened representative offices in Singapore, Malaysia and Indonesia.
“If these businesses’ operations are hindered and affected by the regulation, it is certain that they will not open that many representatives in countries worldwide,” he stressed, adding that the regulation will also help create a fair business environment, as domestic enterprises are subject to many legal regulations from business registration to operation while foreign firms are not.
In addition, the regulation does not require storage of all data related to Vietnam and platform data on cyber space. It only targets certain types of data related to personal secrets in special cases and data related to national security as they are the assets of citizens and the nation that need to be managed and protected, Duc said.
Besides, the regulation is not applied to all agencies and organisations operating on Vietnam’s cyber space but only those providing services that can be used to threaten or affect national security.
In reality, the lack of management of service users’ data and important national data has been affecting national interests and security, the general stated.
At present, hostile forces, reactionary organisations and criminals are increasing the use of cyber space to harm national security, social order and safety while Vietnam’s competent agencies face a lot of difficulties in investigating, verifying, tracing and handling violations because all data are stored overseas.
Furthermore, foreign businesses often show little goodwill and cooperation in providing related information, thus hindering the handling of law violations.
Users’ data is an asset with unlimited usage value and an input of many economic activities that bring in high profits. While foreign agencies and organisations earn thousands of billions of dong each year from Vietnamese users’ data, the country suffers loss of tax revenue.
Therefore, the regulation on data storage and establishment of representative offices will contribute to addressing these problems, he noted.
Regarding the concern that personal information will be leaked due to the stipulation that competent agencies must provide users’ information to the cyber security force of the Ministry of Public Security when receiving a written request, Major General Duc affirmed that users’ information will not be revealed.
Since their establishment, the specialised force of the Ministry of Public Security has managed data of citizens’ residence, identity and migration and many other fields, but no cases of information leakage have been recorded so far.
The absolute guaranteeing of citizens’ personal information is both a responsibility and legal obligation of the force, he said, stressing that if the data is out, they will be strictly punished under the law.
About the current cyber security situation in Vietnam, the general cited a report by the Vietnam Computer Emergency Response Team (VNCERT) under the Ministry of Information and Communications which said in 2017, information systems in the country were hit by 15,000 cyber-attacks, including 3,000 Phishing, 6,500 Malware and 4,500 Deface attacks.
Last year, losses caused by computer viruses to Vietnamese users amounted to a record high of 12.3 trillion VND (540 million USD). In the first five months of this year, 4,035 cyber-attacks were recorded in Vietnam.
With around 637,400 computers controlled by bonnets, Vietnam was ranked fourth among the top 10 worst botnet countries.
“Cyber-attacks can only be prevented effectively if there is a detailed and clear legal system to facilitate the implementation of legal measures and international cooperation,” he concluded.
The Law on Cyber Security was approved by the National Assembly on June 12 with 86.86 percent of votes.
It has seven chapters and 43 articles, regulating activities to protect national security and ensure social order and safety on cyberspace, and responsibilities of agencies, organisations and individuals concerned.