Hoang Phuoc Thuan, Director General of the General Department of Network Security, under the Ministry of Public Security, speaks to the Viet Nam News Agency about the draft Network Security Law.
Will you please explain why Viet Nam wants to have its own Network Security Law?
As we all know, the network security in both Việt Nam and other countries has experienced quite a lot of challenges, particularly cyber attacks, in recent years. In our country, the information network has experienced tens of thousands of cyber attacks each year, with social networks being a common target.
Nowadays, cyber space has become a “safe heaven” for criminals, particularly for organised criminal groups. One of the reasons leading to this situation is that we lack a proper legal corridor.
This is a key reason for us to develop our Law on Network Security, to protect our national security, the State secrete, social law and order and the rights and interests of our citizens and organisations.
Furthermore, the development of the law is in line with our 2013 Constitution on Human Rights and Vietnamese Citizens’ Basic Rights, as well as to protect our national security and integrity. The development of the law is totally in line with international norms and practices.
Will the draft law contain any provision regarding the requirement to archive data of users and the country’s important data?
Archiving important information has become compulsory in the laws of many countries, including the USA, Canada, Russia, China and others
To my knowledge, on May 25, the European Union Law on protecting individual data came into effect. Under the law all European citizens have the right to control their own data when they join any forum or social network, as well as track and make changes to their personal.
Under such a provision, any service company seeking to use their clients’ information must first ask permission from the clients themselves. If any encroachment is detected, the fine may be up to 20 million Euros.
However, here I just want to reiterate that our Law on Network Security is optional for any offices or organisations to apply and the Law does not require that all the data must be archived. The Government will issue a list of offices/organisations or the type of data they have to archive.
Some people have said that the Government’s decision has run against the country’s international agreements. How do you respond to these comments?
During the construction of such a regulation, the compiling board reviewed thoroughly all documents and treaties in which Viet Nam is a signatory, including the WTO and the CPTPP. That’s why I can say that Viet Nam’s requirements on archiving types of data as written in the Law on Cyber Information Security do not run counter to the country’s commitment towards international treaties and agreements.
Furthermore, cloud computing technology has allowed us to retrieve data we want from anywhere at any time, regardless of where the data is archived. Our daft Network Security Law only requires certain types of data must be archived on Vietnamese territory, not to prevent access to the data.
The European Centre for International Political Economy (ECIPE) recently claimed that such “localised data” has made Viet Nam’s GDP slide down 1.7 per cent, and reduced its FDI by 3.1 percent.
But the source of this data was from ECIPE in March 2014 under the title “The costs of data localisation: Friendly fire on economic recovery”. However, in reality, by 2015, Viet Nam showed the highest growth rate in the five years, and even now the country has still maintained an impressive economic growth rate.
Some people have argued that the regulation on cloud computing will not be workable as the enterprises have already used cloud computing and virtual master machines to archive their data. How do you respond to their argument?
As we all know cloud computing has allowed us to retrieve or archive our data any where. That’s why our Network Security Law does not cause any problems with data flow. This has already been applied in many countries around the world.
To our knowledge, Google and Facebook have both installed almost 2,000 of their master machines in our territory for the betterment of their services.
What we have done is for the betterment of our public service, and not to cause difficulties to enterprises.
Under the Vietnamese law, any foreign enterprises doing virtual business in Viet Nam must have their offices in Viet Nam. Such a requirement has caused financial costs and time constraints for those enterprises. How do you respond to their complaints?
I think their anxiety is reasonable. One of the objectives of our draft Law on Network Security is to protect the rights and legal interests of all organisations or individuals of both Vietnamese and foreign businesses. Furthermore, as I have mentioned before, the law is not designed to cause difficulties or challenges to enterprises.
To my knowledge, Google and Facebook have around 70 and 80 offices around the world, respectively. In Southeast Asia alone, Google and Facebook already have their offices in Singapore, Malaysia and Indonesia. Don’t you think that having their offices in these countries has made their business operate more successfully?
As I have mentioned already, our draft Law on Network Security does not require all enterprises must have a representative office in Viet Nam. For the sake of national security and social law and order, the Government will give detailed instructions on this particular issue once the law is in place. _VNS