Cybersecurity law is needed to protect the country's interests

12/6/18


The National Assembly on Tuesday morning passed the Law on Cybersecurity, with majority voting yes to the controversial bill. Four hundred and twenty-three deputies voted to approve the bill, accounting for 86.86 per cent of the those present at the assembly hall, while only 15 voted against it. Twenty-eight deputies abstained. The law will go into effect on January 1, 2019.
However the law contains some new provisions which raise public concerns. A report on the draft cyber security law submitted by the Government reads that the law is to ensure cyber security in protecting natural security, social order and safety, as well as preventing cyber security threats, and addressing any shortcomings in cyber security protection. It also aims to institutionalise the Party’s guidelines and policies on cyber security in a full and timely manner, while keeping in line with the 2013 Constitution’s regulations on human rights and citizens’ basic rights.
The law requires all internet-related service providers, regardless of whether they are foreign or domestic companies, to open a representative office and maintain a customer database in servers based in Việt Nam in exchange for authorisation to operate legally in the country.
The Ministry of Public Security, which drafted the law, will have the jurisdiction to examine the information network of any organisation or company when a breach of national security or a threat to social order is detected. A senior lawmaker says the law could curb personal rights, but is necessary for a bigger cause.
The cyber security situation in the world and Vietnam is undergoing complicated developments. There are tens of thousands of cyber-attacks that target Vietnam’s information system happening every year. Fake news, fabrication, calumniation, aspersion, outrage, and incitation of violence have become rampant in the cyberspace, particularly in social networks. Cyberspace has somehow turned into an “asylum” for crimes and violations. Cybercrime, particularly such organized ones as gambling, organization of gambling, swindling to appropriate property, and trading in fake or banned goods, has developed complicatedly. This situation is attributable to the lack of a legal framework in the field of cyber security.
The formulation and promulgation of the Law on Cyber Security aims to meet the urgent requirements arising from the country’s cyber security situation and the need to protect the national security, the State’s secrets, social order, and lawful rights and interests of organizations and individuals. The Law will also help address existing shortcomings and limitations in the state management of cyber and information security and further promote the role of line ministries and functional agencies in assurance of cyber and information security. Additionally, the enactment of the Law can also be regarded as a complete and timely institutionalization of the Party’s policies on cyber security, while ensuring compliance with the 2013 Constitution’s provisions on human rights, fundamental rights of citizens and safeguard of the Fatherland. The Law’s provisions conform to international practice as a matter of fact that many countries in the world have issued their own cyber security laws.
As we all know, many countries have set forth requirements for domestic storage of important data, for example, the United States, Canada, Russia, Germany, China, Indonesia, Greek, Bulgaria, Denmark, Finland, Sweden, Turkey,  Venezuela, Columbia, Argentina, and Brazil. On May 25, the European Union’s General Data Protection Regulation officially came into force, empowering EU citizens to look up, change or delete their personal information, thus they can control their personal data when joining forums and social networks. The EU also requires service providers to inform service users of how their personal information will be used and commit to not providing such information to third parties. Violating companies may be fined up to EUR 20 million or 40 percent of their worldwide turnover. Looking at these examples, we can see that the draft Law’s provisions are appropriate and progressive.
It can be confirmed that the draft Law on Cyber Security neither forces all organizations and individuals to comply with these provisions nor requires storage of all data. Based on the requirements for ensuring and safeguarding national security, social order and fine cultural and ethical values and traditions of Vietnam, the Government will specify which types of organizations and agencies and which kinds of data will be governed by these regulations.
When elaborating these regulations, the Drafting Board carefully reviewed Vietnam’s commitments as well as treaties which the country has acceded to, including the WTO’s commitments and the Comprehensive and Progressive Agreement for Trans-Pacific Partnership (CPTPP). Hence, I can affirm that the draft Law’s provisions on data storage are not contrary to or violate the country’s commitments. They also do not prevent Vietnam from fulfilling its international commitments.
As we know, all bilateral and multilateral commitments have exceptions serving security, public order, culture, and community well-being. This means that interests of member states to international commitments are always upheld and respected for. There is no commitment that forces us to give up these interests. In fact, some member states of the WTO have enacted similar regulations and, therefore, set precedents for Vietnam without violating WTO commitments.
As for the opinion that these regulations will block cross-border data flows, I can confirm that nothing is hindered here by this draft Law. Cloud computing technology enables data access from everywhere, regardless of whether such data is stored in Vietnam or the US. The draft Law only requires the storage of some kinds of data in Vietnam but not restrict access to such data.
Recently, some persons cited statistics of the European Center for International Political Economy (ECIPE), saying that data localization may reduce Vietnam’s GDP by 1.7 percent and foreign investment by 3.1 percent. However, they seemed to “forget” that such statistics came from a report titled “The costs of data localization: Friendly fire on economic recovery” released by the ECIPE four years ago (March 2014). The report, which was prepared based on the most negative scenarios, also put forth similar forecasts for the EU, China, India, the Republic of Korea, Indonesia, and Brazil. However, reality has proven the opposite. In 2015, one year after the ECIPE gave its evaluations, Vietnam attained the highest GDP growth rate in the 2010-2015 period and has managed to maintain an impressive growth until now. The EU and other countries mentioned in the report are now managing personal data in a more and more stringent manner. So, we can see that these predictions are wrong and the quotation of such statistics without complete context is intended for unclear purposes.
The draft Law itself is aimed at protecting the lawful rights and interests of organizations and individuals, including foreign enterprises. Therefore, the draft Law’s provisions are not intended to cause difficulties to enterprises as well as will not oblige all enterprises to set up their representative offices in Vietnam.
However, Vietnamese laws, including the 2005 Commercial Law and the 2017 Foreign Trade Management Law and their implementing regulations, stipulate that all foreign countries’ trade promotion organizations must open representative offices in Vietnam. We all see the fact that enterprises providing cross-border services like Google and Facebook are doing profitable business in Vietnam. 
As far as now, Google has set up some 70 representative offices and Facebook 80 representative offices in countries around the world. In the Southeast Asia, Google and Facebook have opened representative offices in Singapore, Malaysia and Indonesia. Why they have to do so if not because the establishment of representative offices facilitates their operation.
The reality is that Vietnamese domestic organizations and businesses are subjected to many legal regulations when operating electronic newspapers, websites, social networks, etc. They are also responsible for our security, public order, culture, social morality, fine customs and habits. However, providers of cross-border services into Vietnam are almost free of any constraints and such obligations. Therefore, the registration of legal entities by foreign enterprises in Vietnam will help us create a fair and responsible business environment.
However, due to our international commitments, the draft Law does not mandate all enterprises to open representative offices but it will be based on national security and social order and safety requirements, and the Government will issue detailed regulations.
By the way, thank to the contributions of the public, business community and international friends who have helped us complete the draft Law through nearly 30 times of revisions. The country would like to continue to receive comments and hope that people, organizations and businesses in the country and abroad to endeavor together with the authorities of Vietnam to protect cyber security, contributing to building a safe and healthy cyberspace, contributing significantly to the socio-economic development of every nation and the world./.


Chia sẻ bài viết ^^
Other post

All comments [ 6 ]


Roger Brown 12/6/18 21:43

The bill is necessary to protect the country's security and national interests in front of cyber attacks.

Gentle Moon 12/6/18 21:45

It would allow authorities to easily oversee the business activities of those companies and to more effectively handle any breaches to cybersecurity.

Duncan 12/6/18 22:06

Internet service providers, including Facebook and YouTube, will be required to remove ‘anti-state,’ ‘offensive’ or ‘inciting’ contents from their platforms within 24 hours of receiving a request from the authority.

LawrenceSamuels 12/6/18 22:08

The law will not obstruct the flow of data or affect the regular operations of organizations and companies, including startups

Kevin Evans 12/6/18 22:09

I support this law to protect the national security from hostile forces' activities.

Enda Thompson 12/6/18 22:11

From now on, the physical presence of foreign providers in the country would help improve services for Vietnamese customers and ensure the efficient resolution of any disruption to their services.

Your comments