India Insights with Suparna Goswami

Governance & Risk Management , Legislation & Litigation , Privacy

Vietnam's 'Cybersecurity' Law Says Little on Security

Law Focuses More on Fighting Anti-Government Speech
Vietnam's 'Cybersecurity' Law Says Little on Security

On Wednesday, just days after a new "cybersecurity" law took effect, Vietnam alleged that Facebook has violated the law by allowing users to post anti-government comments on the platform, according to news reports.

See Also: Live Webinar | Navigating Identity Threats: Detection & Response Strategies for Modern Security Challenges

The so-called cybersecurity law actually speaks little about IT security measures and instead focuses on various prohibited acts, such as spreading information that opposes the government of the Socialist Republic of Vietnam.

The law is expected to give sweeping power to the government to take down any content it deems misfit to its thought process.

It appears to cover all enterprises that provide services on telecommunication networks and the internet in Vietnam. It requires these companies to authenticate users upon registration and keep their information confidential, according to a report by Baker Mckenzie, a multinational law firm.

Under the new law, companies also must grant the government access to their information systems when there is "a serious breach of law or action causing serious loss to the public order and safety," the report says.

Other Requirements

Vietnam already has two regulations that place similar obligations on companies.

Decree 72, issued in 2013 to regulate internet businesses, imposes similar prohibitions and obligations on internet service providers, according to a report by the law firm Duane Morris.

In addition, Circular 38, issued in 2016 by the Ministry of Information and Communications, sets out a process by which offshore internet-based service providers must cooperate with the government to combat "bad" and 'toxic" content on the internet, the law firm explains.

According to a Google transparency report, since 2009, Google has received 67 requests from the Vietnam government for removal of material from Google's platforms and a number of requests for providing user data to the government. Google reports that it has accepted some requests and declined others.

The new law is expected to lead to government actions designed to force companies to comply with its requests. But the terms of the law lack details on what sort of action could be taken.

Another provision of the new law is a data localization requirement. It states that companies that collect, exploit, analyze or process personal information, information created by users in Vietnam and data on the relationship of the users must store all data locally for a period of time. But the law does not spell out whether companies need to have their own local servers.

The Right Steps

Cleary, Vietnam's new law compromises privacy and free speech in the name of national security.

Governments worldwide are struggling to balance privacy vs. security. But no government is justified in ignoring internet freedom and clamping down on all content that it finds objectionable.

On the other hand, social media companies and others do have a role to play in protecting against cyber threats and terrorism.

Vietnam and other nations need cybersecurity laws that actually focus on cybersecurity best practices, spelling out standards that companies need to meet. Cracking down on what the government labels as "propaganda" accomplishes nothing.



About the Author

Suparna Goswami

Suparna Goswami

Associate Editor, ISMG

Goswami has more than 10 years of experience in the field of journalism. She has covered a variety of beats including global macro economy, fintech, startups and other business trends. Before joining ISMG, she contributed for Forbes Asia, where she wrote about the Indian startup ecosystem. She has also worked with UK-based International Finance Magazine and leading Indian newspapers, such as DNA and Times of India.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing databreachtoday.co.uk, you agree to our use of cookies.