Vietnam’s draft data law aims to enhance data protection and national security but may unintentionally restrict growth for foreign tech firms
US technology firms, including industry giants Google, Meta, and the Information Technology Industry Council (ITI), have voiced concerns over Vietnam’s proposed data protection law. Set for a parliamentary vote by the end of November 2024, this draft legislation seeks to restrict cross-border data transfers and mandates that sensitive data be stored domestically. Tech companies argue that these regulations may hinder growth and raise operational costs, potentially discouraging future investments in Vietnam’s burgeoning digital economy.
Key Provisions in Vietnam’s Draft Data Law
1. Domestic Data Storage Requirements
The draft mandates that “core” and “important” data—including data pertinent to national security and key economic activities—must be stored within Vietnam. This mirrors data laws in countries like China, requiring multinational firms to establish local storage solutions to comply. Such stipulations could significantly impact social media companies and cloud service providers reliant on centralized data centers outside Vietnam.
2. Restrictions on Cross-Border Data Transfers
Under the new proposal, companies must receive government authorization to transfer specified categories of data outside the country. For example, sensitive data, including user information on social media platforms, would undergo a security assessment by Vietnamese authorities. The framework for these approvals remains unclear, leading to concerns about the potential for delayed processes and the associated costs. This restriction could obstruct the smooth functioning of social media and other online services, impacting user experience and corporate agility.
3. Broad Data Access for Government Agencies
The draft law grants Vietnamese authorities the right to access data stored within the country under certain conditions, such as public emergencies or national security concerns. Critics argue this provision may be too broad, raising potential privacy issues and posing compliance challenges for foreign companies that need to adhere to international data privacy standards, like GDPR in the European Union.
Potential Impact on Foreign Investment and Economic Growth
1. Compliance and Operational Costs
Foreign tech firms would face substantial costs associated with building local data storage facilities and modifying their infrastructure to meet new regulations. In particular, social media platforms and data center operators are concerned about the burden of compliance, as they may need to implement new technologies for secure data transfer and verification. Additionally, the draft law’s broad definitions for “core” and “important” data categories create uncertainties, potentially leading to over-compliance or fines.
2. Innovation and Service Quality Concerns
By limiting data transfers and requiring local storage, Vietnam risks impeding the flow of information critical for innovation in the digital sector. Services that rely on real-time data analysis across borders could face latency issues, affecting user experience. Such restrictions could stall growth in Vietnam’s tech sector, as foreign firms may be discouraged from launching new services or expanding operations.
3. Chilling Effect on Foreign Investment
Vietnam has positioned itself as a significant destination for foreign investment in Southeast Asia, particularly in the tech industry. However, the added operational costs and uncertainties introduced by the proposed data law may make Vietnam a less attractive market for tech companies seeking to establish data centers or social media platforms. Jason Oxman, head of the ITI, highlighted the potential deterrent effect of the law on investments, urging Vietnamese authorities to reconsider the scope and pace of its implementation.