Law No. 60/2024/QH15 dated November 30, 2024 on Data
|
NATIONAL ASSEMBLY OF VIETNAM |
SOCIALIST REPUBLIC OF VIETNAM |
|
Law No. 60/2024/QH15 |
Hanoi, November 30, 2024 |
LAW
DATA
Pursuant to the Constitution of the Socialist Republic of Vietnam;
The National Assembly of Vietnam hereby promulgates the Law on Data.
Chapter I
GENERAL PROVISIONS
Article 1. Scope
This Law provides for digital data; construction, development, protection, administration, processing, and use of digital data; National Data Center; National General Database; products and services concerning digital data; state management of digital data; rights, obligations, and responsibilities of agencies, organizations, and individuals relevant to operations concerning digital data.
Article 2. Regulated entities
1. Vietnamese agencies, organizations, and individuals.
2. Foreign agencies, organizations, and individuals in Vietnam.
3. Foreign agencies, organizations, and individuals participating in or relevant to operations concerning digital data in Vietnam.
Article 3. Interpretation of terms
For the purpose of this Law, the following terms shall be construed as follows:
1. Digital data refers to data on things, phenomena, and events, including one or a combination of audio, images, numbers, letters, and symbols in digital form (hereinafter referred to as “data”).
2. Common data refers to data generally accessed, shared, utilized, and used in agencies of the CPV, the State, the Committee of the Vietnamese Fatherland Front, and socio-political organizations.
3. Private data refers to data accessed, shared, utilized, and used within the internal scope of agencies of the CPV, the State, the Committee of the Vietnamese Fatherland Front, and socio-political organizations.
4. Open data refers to data that can be accessed, shared, utilized, and used by any agency, organization, or individual.
5. Master data refers to data generated during operations of agencies, organizations, and individuals or collected and generated from the digitalization of the original copies of papers, documents, and other physical forms.
6. Important data refers to data that may affect national defense and security, foreign affairs, macroeconomic situations, social stabilization, and community health and safety, included in the list promulgated by the Prime Minister of Vietnam.
7. Core data refers to important data that directly impact national defense and security, foreign affairs, macroeconomic situations, social stabilization, and community health and safety, included in the list promulgated by the Prime Minister of Vietnam.
8. Data processing refers to the process of receiving, converting, and organizing data and other operations concerning data in service of the operations of agencies, organizations, and individuals.
9. Database refers to a combination of data arranged and organized for access, utilization, sharing, management, and update.
10. National General Database is a database containing data collected from national databases, specialized databases, and other databases.
11. Data coordination and sharing platform refers to infrastructures for data connection, integration, sharing, and coordination between the National Data Center and agencies, organizations, and individuals.
12. Data subject matters refer to agencies, organizations, and enterprises reflected by data.
13. Data governing bodies refer to agencies, organizations, and individuals engaging in data construction, management, operation, and utilization under requests from data owners.
14. Data owners refer to agencies, organizations, and individuals with the right to decide on the construction, development, protection, administration, processing, use, and exchange of the value of data under their ownership.
15. Data owners’ rights to data refer to economic rights under the civil law.
16. Data encryption refers to the application of encryption methods and algorithms or technical measures to convert data from a recognizable format to an unrecognizable format.
17. Data decryption refers to the application of encryption methods and algorithms or technical measures to convert data from an unrecognizable format to a recognizable format.
18. Data coordination refers to the mobilization and distribution of data and the management, supervision, and optimization of data streams shared among information systems and databases.
Article 4. Application of the Law on Data
1. Where other laws promulgated before the effective date of the Law on Data stipulate the construction, development, protection, administration, handling, and use of data; products and services concerning data; state management of data and responsibilities of agencies, organizations, and individuals relevant to operations concerning data not contrary to this Law, such laws shall prevail.
2. Where other laws promulgated after the effective date of the Law on Data stipulate regulations different from the Law on Data, it is mandatory to determine the content to be implemented or not to be implemented under the Law on Data and the content to be implemented under such laws.
Article 5. Principles of constructing, developing, protecting, administering, processing, and using data
1. Complying with the Constitution, this Law, and relevant laws; ensuring human rights, citizen rights, and other legitimate rights and benefits of agencies, organizations, and individuals.
2. Ensuring publicity, transparency, and equality in the access, utilization, and use of data according to the law.
3. Collecting, updating, and adjusting data accurately, ensuring data inheritance; ensuring integrity, reliability, security, and safety.
4. Protecting data in synchronization and association with data construction and development.
5. Ensuring effective, simple, and convenient storage, connection, regulation, sharing, utilization, and use of data for agencies, organizations, and individuals regarding the implementation of public services, administrative procedures, and other operations.
Article 6. State policies on data
1. Data is a resource; the State shall have policies to mobilize all sources to enrich data and develop it as property.
2. Prioritization of data construction and development in socio-economic fields serving the national digital transformation and the development of the digital economy in association with the assurance of national defense and security, foreign affairs, and cipher.
3. Investment in the construction and development of the National General Database and the National Data Center meeting the requirements for constructing the digital Government, digital economy, and digital society.
4. Concentration on training and advanced training in the improvement of capacity and qualifications of people engaging in data-related work; adaptation of mechanisms for attracting high-quality personnel to construct and develop national data.
5. Encouragement and facilitation for domestic and overseas agencies, organizations, and individuals to invest, research, and develop technologies, products, services, innovations, and applications concerning data; construction of data storage and processing centers in Vietnam; development of data markets.
6. Operations of national databases, specialized databases, and other databases managed by agencies of the CPV, the State, Committee of the Vietnamese Fatherland Front, and socio-political organizations shall be funded by sources of the State and other legal sources. The State shall encourage domestic and overseas organizations and individuals to provide sponsorships and support for database construction, administration, and operation.
Article 7. International cooperation in data
1. Compliance with Vietnamese law, international treaties to which the Socialist Republic of Vietnam is a signatory, and international agreements on data based on equality, mutual benefits, and respect for independence, sovereignty, and territorial integrity.
2. International cooperation in data includes: personnel training; scientific research and application of science and technology to data construction, development, protection, administration, processing, and use; advanced technology transfer and investment in the construction of data center infrastructures; participation in the development of international principles and standards concerning data and other operations concerning cross-border data exchange.
3. The settlement of requests for data provision from law enforcement agencies or foreign judicial agencies regarding the data of Vietnamese organizations and individuals shall be accessed and decided by competent authorities of Vietnam.
Article 8. State management of data
1. State management of data includes:
a) Development, promulgation, and implementation of the national data strategy; legislative documents on data; technical standards and regulations, technical-economic norms, and quality of data;
b) Dissemination and universalization of data policies and laws; issuance of guidelines on agencies managing databases and information systems in data construction, development, protection, administration, processing, and use;
c) Management and supervision of data construction, development, protection, administration, processing, and use, ensuring data security and safety;
d) Formulation of reports and statistics on data; research and application of science and technology concerning data; products and services concerning data; management, supervision, and development of data markets;
dd) Inspection and settlement of complaints and denunciations and handling of law violations concerning data;
e) Training, compensation, and development of personnel and international cooperation concerning data.
2. State management responsibilities concerning data are regulated as follows:
a) The Government of Vietnam shall agree on the state management of data;
b) The Ministry of Public Security of Vietnam shall assume responsibility before the Government of Vietnam for the state management of data, excluding Point c of this Clause;
c) The Ministry of National Defense of Vietnam shall assume responsibility before the Government of Vietnam for the state management of data under its management.
The Minister of National Defense of Vietnam shall assume responsibility before the Government of Vietnam for the state management of cipher data under the Ministry’s management according to the cipher law;
d) Ministries, ministerial agencies, and governmental agencies shall, within their functions, tasks, and entitlements, construct and develop databases; cooperate with the Ministry of Public Security of Vietnam in the state management of data;
dd) Provincial People’s Committees shall construct and develop databases and implement the local state management of data.
Article 9. Construction and development of data in agencies of CPV, Committee of Vietnamese Fatherland Front, and socio-political organizations
1. The data construction, development, protection, administration, processing, and use in agencies of the CPV, the Committee of the Vietnamese Fatherland Front, and socio-political organizations shall be decided by competent authorities.
2. Centrally affiliated provincial committees and city committees shall construct, develop, protect, administer, process, and use data according to their tasks and entitlements.
Article 10. Prohibited acts
1. Taking advantage of the processing of data, administration of data, and development, business, and circulation of products and services concerning data to infringe on national interests, national defense and security, social order and safety, public benefits, and legitimate rights and benefits of agencies, organizations, and individuals.
2. Illegally obstructing or preventing the processing and administration of data or attacking, appropriating, and sabotaging databases and information systems serving data management, processing, administration, and protection.
3. Forging and intentionally falsifying, removing, or damaging data in databases of agencies of the CPV, the State, the Vietnamese Fatherland Front Committee, and socio-political organizations.
4. Intentionally providing false data or refusing to provide data as prescribed by the law.
Chapter II
CONSTRUCTION, DEVELOPMENT, PROTECTION, ADMINISTRATION, PROCESSING, AND USE OF DATA; NATIONAL DATA DEVELOPMENT FUND
Article 11. Data collection and generation
1. Data shall be collected and generated from specific sources, including the direct generation of data and digitalization of papers, documents, and other physical forms.
Generated master data shall have the same use value as the original copies of the digitalized papers, documents, and other physical forms.
2. The collection and generation of data for agencies of the CPV, the State, the Vietnamese Fatherland Front Committee, and socio-political organizations are regulated as follows:
a) The collection and generation of data shall be implemented for database construction under the law or decisions of competent authorities and the consistent use of the general list code consistent with the master data in national databases;
b) Connected and shared data in databases shall not be re-collected;
c) Data serving the state management, assurance of national defense and security, foreign affairs, and cipher, implementation of administrative procedures, and settlement of public services shall be generated and digitalized according to the law;
d) Data shall be collected from results of the settlement of administrative procedures, digitalization of papers, documents, and other physical forms, via online methods, and directly from organizations and individuals;
dd) The conversion of digitalized papers and documents into data shall comply with the law on archive; it is only permitted to collect data from master copies, original copies, or legal copies of papers and documents in cases where there are no master or original copies; collected and generated data shall ensure the authentication and traceability of the digital copies of papers and documents.
3. The rights and responsibilities of organizations and individuals regarding the collection and generation of data are regulated as follows:
a) Be permitted to collect and generate data to serve their operations in conformity with the law;
b) Receive protection for rights regarding data owners according to this Law, civil laws, and relevant laws;
c) Assume responsibility for data they collected and generated according to the law.
4. Agencies managing national databases and specialized databases shall decide on the roadmap for the generation and digitalization of data in service of digital transformation under the national data strategy promulgated by the Prime Minister of Vietnam.
5. The Ministry of Public Security of Vietnam shall take charge and cooperate with relevant agencies in summarizing and announcing the list of data provision agencies, list of provided data, and general list code for lookup and utilization by agencies, organizations, and individuals.
Article 12. Data quality assurance
1. Data quality assurance means assurance of the accuracy, validity, integrity, adequacy, timely update, and consistency of data.
2. State agencies managing databases shall:
a) Synchronously instruct, implement, and apply the national technical regulations and standards concerning data quality assurance and data quality assurance processes for application to databases under their management;
b) Regularly inspect, supervise, and remedy mistakes; synchronize data within their premises and cooperate with relevant agencies and organizations on regular updates, adjustments, and assurance of data quality in the utilization and use.
Article 13. Data classification
1. State agencies shall classify data based on requirements for data administration, processing, and protection, including:
a) Classification by the data sharing nature, including common data, private data, and open data;
b) Classification by data importance nature, including core data, important data, and other data;
c) Classification by other criteria, meeting the requirements for data administration, processing, and protection decided by data governing bodies.
2. Data owners and data governing bodies not prescribed in Clause 1 of this Article shall classify data following Point b Clause 1 of this Article and may classify data following other criteria.
3. The Government of Vietnam shall stipulate the criteria for determining core and important data.
Article 14. Data storage
1. State agencies shall organize data storage, ensuring safety.
2. Organizations and individuals not prescribed in Clause 1 of this Article that are data owners may decide on the storage of data collected, generated, and owned by them; in case of storing core and important data, ensure compliance with Clause 3 Article 27 of this Law.
3. National databases shall be permitted to store data on the infrastructures of the National Data Center.
4. Specialized databases and other databases of state agencies shall be permitted to store data on the infrastructures of the National Data Center or infrastructures of other agencies or organizations meeting the data center standards. Private data and data concerning national defense and security, foreign affairs, and cipher shall be stored on the National Data Center's infrastructures upon data owners' consent.
Organizations and individuals not prescribed in Clause 1 of this Article that are data owners may agree on the storage of data on the National Data Center’s infrastructures via service provision contracts between such organizations and individuals and providers of services of data utilization and infrastructures at the National Data Center.
5. The Government of Vietnam shall elaborate on this Article.
Article 15. Data management and administration
1. Data administration includes the development of policies, plans, programs, processes, and standards concerning data of data owners and data governing bodies in a continuous and effective manner, ensuring the adequacy, accuracy, integrity, consistency, standardization, safety, confidentiality, and timeliness of data.
2. Data management refers to the implementation of the data administration prescribed in Clause 1 of this Article.
3. Data owners and data governing bodies that are state agencies shall cooperate with the National Data Center in administering and managing data according to Clauses 1 and 2 of this Article.
4. Data owners and data governing bodies that are organizations and individuals not prescribed in Clause 3 of this Article shall, based on the actual conditions, administer and manage data collected, generated, and owned by them.
5. The Government of Vietnam shall elaborate on Clause 3 of this Article.
Article 16. Data access and retrieval
1. Data access and retrieval shall comply with technical regulations and processes concerning data access and retrieval, ensuring security, safety, and proper purposes.
2. State agencies shall provide tools and authorize data access and retrieval to ensure data security, safety, and protection. Other data owners and data governing bodies are encouraged to provide tools for data access and retrieval.
3. The Government of Vietnam shall elaborate on this Article.
Article 17. Data connection, sharing, and coordination
1. Data owners and data governing bodies shall conduct data connection and sharing for data users according to the law or under agreements, either in person or through intermediaries.
2. State agencies shall coordinate data under their management and ensure that data is shared safely, consistently, and effectively in service of socio-economic development and assurance of national defense and security and foreign affairs; be ready to connect, share, and coordinate data for agencies, organizations, and individuals permitted to utilize data under this Law and relevant laws.
3. The Prime Minister of Vietnam shall decide on the sharing of private data under the management of ministries, ministerial agencies, governmental agencies, and provincial People’s Committees in unexpected and urgent cases of preparation and management of natural disasters, epidemics, fire, and explosions or other necessary cases to settle arising issues in reality.
4. The Government of Vietnam shall stipulate support for data owners not prescribed in Clause 2 of this Article when conducting data connection and sharing for state agencies under this Law.
Article 18. Data provision for state agencies
1. Domestic and overseas organizations and individuals are encouraged to provide data under their ownership for state agencies.
2. Organizations and individuals shall provide data for state agencies upon requests from competent authorities without requirements for consent from data subject matters in the following cases:
a) Responses to emergencies;
b) Upon threats to national security but not to the extent of declaring emergencies;
c) Catastrophes;
d) Prevention and combat against riots and terrorism.
3. State agencies receiving data shall:
a) Use data for proper purposes;
b) Ensure data security and safety, data protection, and other legitimate benefits of data subject matters and organizations and individuals providing data according to the law;
c) Destroy data immediately if such data is no longer necessary for the requested purposes and issue notices to data subject matters and organizations and individuals providing data;
d) Issue notices of the storage and use of data upon requests from organizations and individuals providing data, excluding cases of protecting state secrets or work secrets.
4. The Government of Vietnam shall elaborate on this Article.
Article 19. Data analysis and summary
1. State agencies shall analyze and summarize data from their generated data sources or data sources subject to sharing, provision, utilization, and use in service of the leadership, directive, state management, and socio-economic development.
2. Organizations and individuals not prescribed in Clause 1 of this Article may analyze and summarize data from data sources permissible for them to access and use.
3. Data owners and data governing bodies are encouraged to develop features, tools, and applications for analyzing and summarizing data provided for state agencies and other organizations and individuals in service of the socio-economic development and other operations.
Article 20. Data confirmation and authentication
1. Data confirmation shall be carried out by data owners, data governing bodies, or providers of e-authentication services.
Confirmed data is valuable for proving the existence, time, and storage place of data in cyberspace under this Law and relevant laws.
2. Data authentication shall be carried out by data owners, data governing bodies generating the master data, providers of e-authentication services, or the National Data Center. Authenticated data shall have the same value as master data stored in national databases, specialized databases, and other databases within a specific scope and time.
3. The Government of Vietnam shall elaborate on this Article.
Article 21. Data disclosure
1. The disclosure of data shall reflect the correct data from the master data sources, ensuring convenience for organizations and individuals in utilizing, using, and sharing.
2. Whether data is subject to disclosure, conditional disclosure, or is not subject to disclosure shall be based on the information reflected by data under the law on information access.
3. Forms of data disclosure: posting data on data portals, web portals, websites, mass media, and other forms prescribed by the law.
4. State agencies shall disclose the list of open data and organize the disclosure of open data according to this Article for utilization, use, and sharing by organizations and individuals. The time of data disclosure for each field shall comply with the law.
5. The Government of Vietnam shall elaborate on this Article.
Article 22. Data encryption and decryption
1. Data included in the list of state secrets shall be encrypted using cipher codes during storage, transmission, receipt, and sharing on computer networks.
2. Agencies, organizations, and individuals shall use one or more encryption solutions and encryption and decryption processes in conformity with their data administration and management.
3. Data owners and data governing bodies shall decide on the encryption and decryption of data.
4. Competent state agencies may apply measures to decrypt data without the consent of data owners and data governing bodies in the following cases:
a) Emergencies;
b) Upon threats to national security but not to the extent of declaring emergencies;
c) Catastrophes;
d) Prevention and combat against riots and terrorism.
5. The Government of Vietnam shall elaborate on Clauses 2 and 4 of this Article.
Article 23. Cross-border data transfer and processing
1. Agencies, organizations, and individuals may freely transfer data from overseas to Vietnam, process foreign data in Vietnam, and receive the State’s protection for their legitimate rights and benefits according to the law.
2. Cross-border transfer and processing of core and important data include:
a) Transfer of data stored in Vietnam to data storage systems placed outside of the territory of the Socialist Republic of Vietnam;
b) Vietnamese agencies, organizations, and individuals transferring data to foreign organizations and individuals;
c) Vietnamese agencies, organizations, and individuals using platforms outside of the territory of the Socialist Republic of Vietnam for data processing.
3. The transfer and processing of data prescribed in Clauses 1 and 2 of this Article shall ensure national defense and security and protection of national benefits, public benefits, and legitimate rights and benefits of data subject matters and data owners according to the law of Vietnam and international treaties to which the Socialist Republic of Vietnam is a signatory.
4. The Government of Vietnam shall elaborate on this Article.
Article 24. Operations concerning science, technology, and innovation in data construction, development, protection, administration, processing, and use
1. Operations concerning science, technology, and innovation in data construction, development, protection, administration, processing, and use shall conform with the national data development strategy; promote the inner strength in operations concerning science, technology, and innovation; comply with the principles of constructing, developing, protecting, administering, processing, and using data prescribed in this Law.
2. Scientific and technological platforms in data construction, development, protection, administration, processing, and use include: artificial intelligence, cloud computing, blockchain, data communications, Internet of things, big data, and other modern technologies.
3. Concentration of national sources for the development and application of scientific and technological platforms to data construction, development, protection, administration, processing, and use in service of national digital transformation, assurance of national defense and security, and socio-economic development.
4. The Government of Vietnam shall stipulate the management, development, and controlled experiment of research and application of science, technology, and innovation to data construction, development, protection, administration, processing, and use.
Article 25. Determination and management of risks arising during data processing
1. Risks arising during data processing include: risks of private rights, risks of cyber security, risks of identification and access management, and other risks in data processing.
2. State agencies shall determine and establish mechanisms for early warnings of risks arising during data processing and develop measures to protect data.
3. Data governing bodies not prescribed in Clause 2 of this Article shall assess and determine risks and adopt measures to protect data; promptly remedy arising risks and issue notices to data subject matters and relevant agencies, organizations, and individuals.
4. Governing bodies of core and important data shall periodically assess risks of processing such data under regulations and issue notices to units specializing in cyber security and information safety of the Ministry of Public Security of Vietnam, the Ministry of National Defense of Vietnam, and relevant agencies for cooperation with such entities in protecting data safety and security.
5. The Government of Vietnam shall elaborate on this Article.
Article 26. Other operations in data processing
1. Data subject matters may request data owners or data governing bodies to revoke, delete, or destroy their provided data unless otherwise prescribed by law. Data governing bodies shall establish processes and adopt measures and methods for revoking, deleting, or destroying data upon requests from data subject matters.
2. State agencies shall organize regular and continuous data adjustments and updates and decide on the storage of the history of the processes of combining, adjusting, updating, copying, transmitting, transferring, revoking, deleting, and destroying data under their management.
3. Data owners and data governing bodies not prescribed in Clause 2 of this Article shall combine, adjust, update, copy, transmit, and transfer data according to this Law and relevant laws.
4. The Government of Vietnam shall elaborate on this Article.
Article 27. Data protection
1. Measures to protect data applied to the whole process of data processing include:
a) Development and implementation of policies and regulations on data protection;
b) Management of data processing;
c) Development and implementation of technical solutions;
d) Training, advanced training, development, and management of personnel sources;
dd) Other data protection measures according to the law.
2. State agencies shall protect data in sectors and fields under their management and comply with general policies on national defense and security; establish consistent data protection systems for data security risk assessment, supervision, and early warnings.
3. Data owners and data governing bodies managing core and important data shall comply with regulations on data protection.
4. The Government of Vietnam shall elaborate on this Article.
Article 28. Technical standards and regulations on data
1. Technical standards on data include standards applicable to information systems, hardware, software, and systems for management, operation, processing, quality assurance, and protection of data announced, recognized, and applied in Vietnam.
2. Technical regulations on data include technical regulations applicable to information systems, hardware, software, and systems for management, operation, processing, quality assurance, and protection of data developed, promulgated, and applied in Vietnam.
3. The Ministry of Public Security of Vietnam shall take charge and cooperate with relevant agencies on the promulgation of the list of technical standards and regulations on data, excluding lists of technical standards and regulations on data subject to national defense and cipher.
4. Agencies managing national databases and specialized databases shall develop technical standards and regulations on data following the promulgated list prescribed in Clause 3 of this Article.
Article 29. National Data Development Fund
1. The National Data Development Fund is an off-budget state financial fund established at the central level to promote national data development, utilization, application, and administration.
2. The National Data Development Fund shall be established from the following financial sources:
a) Support from the state budget;
b) Voluntary contributions from domestic and overseas organizations and individuals;
c) Other legal financial sources according to the law.
3. The National Data Development Fund shall operate according to the following principles:
a) Non-profit operation;
b) Management and use for proper, legal, timely, and effective purposes, ensuring publicity and transparency;
c) Support for data construction, development, protection, administration, processing, and use;
d) Permission for expenditures on operations when the allocated state budget does not meet the requirements.
4. The Government of Vietnam shall stipulate the establishment, management, and use of the National Data Development Fund.
Chapter III
CONSTRUCTION AND DEVELOPMENT OF NATIONAL DATA CENTER; NATIONAL GENERAL DATABASE
Section 1. CONSTRUCTION AND DEVELOPMENT OF NATIONAL DATA CENTER
Article 30. Infrastructures of National Data Center
1. The infrastructures of the National Data Center shall be designed, constructed, and used in compliance with the following requirements:
a) Assurance of technical standards and regulations on data centers; international technical requirements; conformity with the planning for the infrastructures of information and communications; assurance of protection against bombs, bullets, terrorism, and natural disasters; environmental protection; energy saving;
b) Adoption of measures to ensure security and confidentiality to control, detect, and prevent attacks, infiltrations, and sabotage; assurance of the readiness of systems, ensuring that system designs have reserve levels to be ready in cases of expansion when necessary;
c) Assurance of the main information technology components of the National Data center, including the National General Database; data coordination and sharing platform; National Public Service Portal; technological infrastructures for data processing and resource distribution; data analysis systems for the management and operational directive; systems and software for managing, utilizing, and providing data services, open data portals, and data service portals; platforms, software, and other professional systems decided by the Government and the Prime Minister of Vietnam.
2. National databases shall use the infrastructures of the National Data Center.
Depending on their needs, national databases concerning national defense and security, foreign affairs, and cipher, specialized databases, and other databases shall use the infrastructures of the National Data Center.
3. The Government of Vietnam shall elaborate on this Article.
Article 31. Responsibilities of National Data Center
1. Integrate, synchronize, store, analyze, and utilize the data of state agencies under the law to establish and administer the National General Database.
2. Administer and operate technical infrastructures, information technology infrastructures, and data platforms at the National Data Center; provide technical infrastructures and information technology infrastructures for agencies of the CPV, the State, the Vietnamese Fatherland Front Committee, and socio-political organizations upon requests from such entities.
3. Operate, administer, store, manage, utilize, and coordinate data in the National General Database for agencies of the CPV, the State, the Vietnamese Fatherland Front Committee, and socio-political organizations to carry out their assigned functions and tasks or upon requests from data owners, data governing bodies, and data subject matters in conformity with the law.
4. Supervise data quality assurance and data coordination; develop systems of measurement indexes and performance assessment for data administration.
5. Adopt measures to protect data.
6. Conduct scientific research on data, apply technologies to data processing, and provide technological infrastructures, products, and services concerning data; support organizations and individuals in data processing; develop centers for innovation and innovation support concerning data science; develop innovation operations concerning data science; develop innovative entrepreneurship ecosystems concerning science and technology on data platforms of the National General Database.
7. Implement international cooperation on data.
8. The Government of Vietnam shall elaborate on this Article.
Article 32. Assurance of resources for construction and development of National Data Center
1. The State shall prioritize investment in infrastructures, physical facilities, land, headquarters, works, and technologies, ensuring the budget for the construction and state management of data, data administration, construction, management, and operation of the National Data Center and the National General Database.
2. The operations of the National Data Center shall be covered by the state budget and other legal funding sources.
3. The State shall ensure personnel sources for the National Data Center’s operations and adopt mechanisms for attracting and rewarding high-quality personnel.
4. The National Data Center shall have its resources ensured for upgrading, maintaining, and repairing its invested infrastructures and devices.
Section 2. NATIONAL GENERAL DATABASE
Section 33. Construction of National General Database
The National General Database shall be constructed by the Government of Vietnam, centrally and consistently managed at the National Data Center, and meet the following requirements:
1. Compliance with relevant technical standards and regulations and technical-economic norms concerning data and information technology;
2. Assurance of information safety and security, personal data protection, and convenience for the collection, update, adjustment, utilization, and use;
3. Assurance of stable and continuous operations, connection, and sharing with national databases, specialized databases, and other databases and information systems;
4. Assurance of data utilization rights of agencies, organizations, and individuals according to the law;
5. Assurance of requests for general data integration, synchronization, storage, utilization, sharing, and coordination from databases and implementation of in-depth analysis of data and support for the development of mechanisms and policies and socio-economic development;
6. Assurance of support and development of products and services concerning data.
Section 34. Collection, update, and synchronization of data to National General Database
1. Data collected, updated, and synchronized to the National General Database includes:
a) Open data;
b) Common data of state agencies;
c) Private data of state agencies under decisions of the Prime Minister of Vietnam serving tasks concerning national defense and security, foreign affairs, cipher, socio-economic development, digital transformation, national benefits, and public benefits;
d) Data of agencies of the CPV, the Vietnamese Fatherland Front Committee, and socio-political organizations upon consent from data owners;
dd) Other data provided by organizations and individuals.
2. Sources of data collection, update, and synchronization in the National General Database are:
a) From the implementation of administrative procedures and public services;
b) Updated, shared, and synchronized from other databases;
c) Digitalized, provided, and integrated by organizations and individuals;
d) From other sources according to the law.
3. The National Data Center shall cooperate with relevant agencies, organizations, and individuals in inspecting data during the collection, update, and synchronization to ensure accuracy and consistency. Where data in national databases, specialized databases, and other databases is inconsistent with the data in the National General Database, the National Data Center shall cooperate with relevant agencies in inspecting and comparing data and updating and synchronizing such data in databases.
4. The Prime Minister of Vietnam shall decide on the roadmap for constructing and developing national databases and specialized databases and the roadmap for collecting, updating, and synchronizing data to the National General Database.
Article 35. Utilization and use of National General Database
1. The National General Database shall be constructed for general utilization and use, meeting the operations of agencies of the CPV, the State, the Vietnamese Fatherland Front, and socio-political organizations; in service of the statistical work, policy-making, and development of planning and strategies for socio-economic development, national defense and security, foreign affairs, cipher, prevention and combat against crimes, and handling of law violations; in service of the needs to utilize, use, and apply data of organizations and individuals.
2. The data in the National General Database shall have the same utilization and use value as the master data.
3. Entities entitled to utilize and use data in the National General Database:
a) Agencies of the CPV, the State, the Vietnamese Fatherland Front Committee, and socio-political organizations may utilize and use data in conformity with their functions and tasks;
b) Data subject matters may utilize and use the data reflecting them;
c) Organizations and individuals not prescribed in Points a and b of this Clause may utilize and use data as follows: freely utilize and use open data; utilize and use personal data upon consent from the National Data Center and individuals who are subject matters of the data subject to utilization; utilize and use other data upon consent from the National Data Center.
4. The utilization and use of data shall be carried out through the following methods:
a) Data connection and sharing between national databases, specialized databases, and other databases and information systems and the National General Database;
b) National Data Portal, National Public Service Portal, web portals, and information systems for administrative procedure settlement;
c) Electronic identification and authentication platforms;
d) National identification application;
dd) Devices, equipment, and software provided by the National Data Center;
e) Other methods.
5. The Government of Vietnam shall elaborate on this Article.
Section 36. Connection and sharing of data with National General Database
1. Other national databases, specialized databases, and information systems of agencies of the CPV, the State, the Vietnamese Fatherland Front, and socio-political organizations shall be connected with the National General Database through data coordination and sharing platforms; national data sharing and integration platforms; provincial and ministerial data sharing and integration platforms, Internet, computer networks, and information systems.
2. The data connection and sharing between the National General Database and other databases shall ensure efficiency, safety, and conformity with the functions, tasks, and entitlements of agencies, organizations, and individuals according to the law.
3. The data connection and sharing between the National General Database and other information systems shall be implemented based on written agreements between the Ministry of Public Security of Vietnam and data owners.
4. The Government of Vietnam shall elaborate on this Article.
Section 37. Provision of data for National General Database
1. Agencies managing national databases, specialized databases, and other databases shall provide data for the National General Database under Clause 1 Article 34 of this Law.
2. The State shall ensure the necessary conditions for receiving data from agencies, organizations, and individuals.
3. The Government of Vietnam shall elaborate on this Article.
Article 38. Fees for utilization and use of data in National General Database and other databases managed by state agencies
1. Agencies of the CPV, the State, the Vietnamese Fatherland Front Committee, and socio-political organizations may utilize and use information in the National General Database and other databases under the management of state agencies without paying any fee.
2. Other organizations and individuals may use their data in the National General Database and other databases under the management of state agencies without paying any fee.
3. Organizations and individuals not prescribed in Clauses 1 and 2 of this Article utilizing and using data in the National General Database and other databases under the management of state agencies shall pay fees according to the law on fees and charges.
Chapter IV
DATA PRODUCTS AND SERVICES
Article 39. Data products and services
1. Data products and services in operations concerning data intermediation, data analysis and summary, e-authentication, and data platforms shall comply with this Law and relevant laws.
2. E-authentication services shall carry out the authentication of data in national databases, specialized databases, and e-identification and authentication systems provided by public service providers and state-owned enterprises meeting the conditions for service provision.
3. Organizations providing products and services concerning data intermediation and data analysis and summary shall receive incentives like enterprises operating in fields concerning high technologies, innovation, innovative entrepreneurship, and the digital technology industry.
4. Other data products and services in operations concerning e-transactions, telecommunications, cyber security, cyber information safety, digital technology industry, cipher, national defense and security industry, and industrial mobilization shall comply with relevant laws.
5. The Government of Vietnam shall elaborate on this Article.
Article 40. Data intermediation products and services
1. Data intermediation products and services aim to establish commercial relations between data subject matters and data owners and product and service users through agreements for exchanging, sharing, and accessing data and implementing rights of data subject matters, data owners, and data users.
2. Organizations providing data intermediation products and services shall register their operations and management under the law on investment, excluding cases of internal provision of data intermediation products and services within specific organizations.
3. The Government of Vietnam shall elaborate on this Article.
Article 41. Products and services for data analysis and summary
1. Products for data analysis and summary are the results of the process of analyzing and summarizing data into useful and in-depth information at various levels at the request of product users. Services for data analysis and summary are operations of data analysis and summary at the request of service users.
2. Organizations trading products and services for data analysis and summary that may threaten national defense and security, social order and safety, social ethics, and community health shall register their operations and management under the law on investment.
In case of engagement in connection and sharing with national databases and specialized databases for trading products and services for data analysis and summary, such products and services shall be managed under the law.
3. The Government of Vietnam shall elaborate on this Article.
Article 42. Data platforms
1. Data platforms provide resources concerning data for research, entrepreneurship development, and innovation; provide products and services concerning data for socio-economic development; are the environment for transactions and exchanges of data and products and services concerning data.
2. Organizations providing data platform services are public service providers and state-owned enterprises that meet the conditions for service provision and have establishment licenses according to the law.
3. Data banned from transactions include:
a) Data that endangers national defense and security, foreign affairs, and cipher;
b) Data without the consent of data subject matters unless otherwise prescribed by laws;
c) Other data banned from transactions under the law.
4. The Government of Vietnam shall elaborate on this Article.
Article 43. Responsibilities of organizations providing products and services concerning data intermediation, data analysis and summary, and data platforms
1. Provide services for organizations and individuals based on service provision contracts.
2. Ensure that channels for information receipt and the use of services are thorough and continuous.
3. Manage, inspect, and supervise data safety and confidentiality regularly; prevent, control, and handle data risks; supervise acts that may affect data protection.
4. Comply with the law on cyber information safety, the law on cyber security, the law on e-transactions, and relevant laws.
5. The Government of Vietnam shall elaborate on this Article.
Chapter V
IMPLEMENTATION PROVISIONS
Article 44. Amendments to several articles of relevant laws
1. Amendments to Appendix No. 1 enclosed with the Law on Fees and Charges No. 97/2015/QH13, amended by the Law No. 09/2017/QH14, Law No. 23/2018/QH14, Law No. 72/2020/QH14, Law No. 16/2023/QH15, Law No. 20/2023/QH15, Law No. 24/2023/QH15, Law No. 33/2024/QH15, and Law No. 35/2024/QH15 are as follows:
a) No. 6 is added, after No. 5, to Section IV Part A as follows:
|
6 |
Fees for utilization and use of information in the National General Database |
Ministry of Finance of Vietnam |
a) No. 5 is added, after No. 4.2, to Section XIII Part A as follows:
|
5 |
Fees for utilization and use of information in national databases and specialized databases |
Ministry of Finance of Vietnam |
2. Amendments and annulment of several points, clauses, and articles of the Law on E-Transactions No. 20/2023/QH15:
a) Amendments to Point a Clause 4 Article 42 are as follows:
“a) Connection and sharing through intermediation systems, including the data coordination and sharing platform of the National Data Center; national data sharing and integration platforms; ministerial and provincial data sharing and connection infrastructures within the national enterprise architecture framework for digital transformation;”;
b) Clause 8 Article 3 and Article 41 are annulled.
Article 45. Entry into force
This Law comes into force as of July 1, 2025.
Article 46. Transitional provisions
1. Agencies managing national databases that have invested in the construction or hired services of data infrastructures before the effective date of this Law may continue to use their invested systems and devices or hired services until the National Data Center is eligible for receiving and providing infrastructures for national databases according to this Law.
2. The Prime Minister of Vietnam shall stipulate the roadmap for receiving, converting, and using the National Data Center’s infrastructures for national databases prescribed in Clause 1 of this Article.
This Law is approved by the 15th National Assembly of the Socialist Republic of Vietnam at its 8th meeting on November 30, 2024.
|
|
PRESIDENT OF THE NATIONAL ASSEMBLY |
Ý kiến bạn đọc
