Currently Vietnam does not have a unified law regulating data privacy. Instead, it is governed by different laws and decrees including the Civil Code, the Law on E-Transactions, the Law on Information Technology, the Law on Protection of Consumer Rights, Decree 52/2013/NĐ-CP on E-Commerce and Decree 72/2013/NĐ-CP on Management, Provision and Use of Internet Services and Online Information. It does not yet have privacy regulations that specifically address blockchain.

In the latest effort to strengthen the legal framework of information security, Vietnam enacted the Law on Cyber Information Security (“the CIS Law”) on 19 November 2015. The CIS Law came into effect on 1 July 2016 in the hope of regulating activities of information security in cyberspace, responsibilities of individuals, organisations for ensuring information security, civil cryptographic products, standards of information safety in cyberspace, business of information safety in cyberspace and the government’s role in implementing this law.

In respect of data privacy, the law provides, amongst other things, the definition of personal information and a set of articles presenting principles of data privacy protection, regulations on the collection, use, revision, removal of private information along with responsibilities of the government to protect private data. Consistent with the other legal instruments mentioned above, the CIS Law expressly requires consent from the owner of the personal information before processing (which includes collecting, editing, utilising, storing, providing, sharing or spreading) of personal information. Furthermore, the processor of personal information shall be responsible for the security of the said information and should publish the policy of use and protection for the processed information (Articles 3.17, 16.3, 17.1 & 17.2 of the CIS Law).

Sources

• New Law on Cyber Information Security and Its Impact on Data Privacy in Vietnam