The Vietnamese government has insisted that regulations requiring foreign service providers such as Facebook and Google to establish branches or representative offices in Vietnam is justified and in line with international standards.


{keywords}

Luong Tam Quang, head of the Office of the Ministry of Public Security (MoPS), last week told the media that despite barracking from some foreign firms, “It is necessary to confirm that foreign service providers will have to establish their branches or representative offices in Vietnam under the Law on Cybersecurity recently adopted by the National Assembly (NA).”

According to Quang, currently around 18 nations across the globe have ordered foreign firms to store all personal information of users in their territories.

These nations include the US, Canada, Russia, Germany, China, Indonesia, Greece, Bulgaria, Denmark, Finland, Sweden, Turkey, Venezuela, Colombia, Argentine, and Brazil.

On May 25, 2018, the EU’s regulation on protecting personal information took effect, allowing EU citizens better control over their personal information on social forums and networks by allowing them to search, change, and remove information.

Also, service providers must openly let users know that they are using their information, and they have to commit not to transfer information to third parties. Violations can draw a fine of US$22.75 million or up to 4% of their global sales revenue.

“The new regulation in the law is suitable to the capacity of firms, because Google has about 70 and Facebook has about 80 representative offices overseas,” Quang said. “In Southeast Asia, Google and Facebook have opened representative offices in Singapore, Malaysia, and Indonesia.”

According to the MoPS, this new regulation also fits Vietnam’s legal system, including the Law on Commerce 2005 and the Law on Foreign Trade Management 2017 as well as their guiding documents, which stipulate that foreign trade promotion organisations shall have to establish representative offices in Vietnam.

Thus, firms providing cross-border services like Facebook and Google are subject to these laws and documents. Moreover, in the draft amendments to the Law on Tax Management, the Ministry of Finance also proposed that firms like Google and Facebook open official representative offices in Vietnam.

Furthermore, the regulation also does not go against Vietnam’s international commitments, including the related provisions of the World Trade Organisation (WTO) or the Comprehensive and Progressive Agreement for Trans-Pacific Partnership (CPTPP), the General Agreement on Tariffs and Trade (GATT), and the Agreement on Trade-Related Aspects of Intellectual Property Rights.

All these agreements have provisions about security-related exceptions, allowing member states to prioritise national cybersecurity and sovereignty. Thus, Vietnam does not violate any of its international commitments by enacting the new regulation.

“These are the reasons that allow us to affirm that the regulations in the Law on Cyber Security are quite grounded,” Quang said, adding that a draft decree on guiding the implementation of the law has been published on the MoPS portal to gather feedback and ideas from the public and enterprises.

Earlier in June 2018, in a bid to battle cyberattacks and protect national security, the NA adopted the Law on Cybersecurity, which is scheduled to take effect on January 1, 2019.

The law stipulated “national security protection activities and the fundamental principles, tasks, and measures for assuring social order and safety on cyberspace, and the responsibilities of related agencies, organisations, and individuals.”

The NA Standing Committee explained that the law is extremely necessary amid growing complications and uncertainties in the cyberspace, and it also provides a legal framework for the law enforcement in tackling violations.

One of the most outstanding points in the law is Article 26(d), which states that when a Vietnamese or foreign agency provides services in the cyberspace or possesses an information system in Vietnam, it “shall have to store in Vietnam all personal information of service users in Vietnam and important data relevant to national security, and have to establish branches or representative offices in Vietnam.”

The government will provide guidance about the types of information that have to be stored in Vietnam and provide a list of the agencies and organisations that will have to set up branches or representative offices in the country.

The most well-known foreign firms that will be subject to this regulation are Facebook and Google, whose services are now used by tens of millions of users in Vietnam.

Like many NA deputies, Nguyen Minh Duc representing Ho Chi Minh City said that the law is extremely necessary, especially in the context of the frequency of cyberattacks targeting Vietnam.

“Many said that Articlel 26(d) will cause difficulties for foreign firms like Google or Facebook, but I think that this provision is quite feasible and is line with Vietnamese laws and international practices, and it does not go against Vietnam’s international treaty-based commitments. It will not also harm enterprises’ operations,” Duc said.

Also, according to the NA Committee for Defence and Security, Article 26(d) does not violate any agreements inked between Vietnam and its partners.

“Article 21 of the GATT, Article 14 of the WTO’s General Agreement on Trade Services, and Article 29 of the CPTPP all provide for security-related exceptions. Thus, Vietnam will not violate any of its international commitments,” said the committee’s chairman Vo Trong Viet.

However, Adam Sitkoff, executive director of the American Chamber of Commerce in Hanoi, told VIR that not only Article 26, but the whole law will have a negative impact on companies.

“Our members have serious concerns about local office requirements and rules regarding data users and the local storage of data, and other unneccessary and costly burdens that hurt businesses but will not help improve Vietnam’s cybersecurity posture,” Sitkoff said.

“Our companies want to help Vietnam develop an enabling regulatory environment for the digital economy, which includes the principles of free flow of data across borders, a pro-growth, ‘light touch’ approach to fledgling technologies, and a level playing field among market participants,” he added.

VIR