return icon

Illegal trading of personal data difficult to control

Minh Hoang, a businessman in Hanoi, is tired of spam calls and messages that come both day and night.

The spam calls and texts include ads for real estate projects, life insurance products, offers for credit cards, bank loans, bonds, fake degrees and certificates, online gambling, and recently cryptocurrencies.

Hoang called the mobile service operator's switchboard to report the spam calls and messages, but after that he received even more spam messages and calls.

“The network operator lets their customers deal with spam messages and calls themselves. They said that they use AI technology to control and block spam, but in fact subscribers receive dozens of spam calls and messages each day," said Hoang.

Hoang's case is common. He and many others have to download apps from Google Play or Apple app store to block spam and messages.

Buôn bán dữ liệu cá nhân, có luật mà không ai sợ-1


According to statistics from the Department of Information Security of the Ministry of Information and Communications, the total number of subscribers who made spam calls and who were blocked from July 2020 to March 2021 was 128,970. In March 2021, 17,276 subscribers were blocked for this reason.

The act of buying and selling personal data in Vietnam is in two forms. Businesses that provide services that collect personal data of customers allow third parties to access the data, and the third parties transfer and trade the data. Or, businesses actively collect personal information of customers to have personal data to sell.

Personal data is offered for sale online on many sites such as databox, databoxviet, laydata, laydata, khodata, databox, fff, cokhach, and vltoolkit. The data packages for sale relate to many areas, with details about account balance, financial capacity or position and income.

The price is also surprisingly cheap, ranging from VND600,000-VND800,000/information of 1,000 people, or VND500,000-VND1 million for 1,000 phone numbers. In addition, there is a form of automatic fee collection from VND5,000-VND15,000 per download of personal data files.

After a preliminary check, the Ministry of Public Security discovered more than 60 organizations and individuals involved in illegal trading and use of personal information and data in cyberspace, including companies providing technology solutions, real estate brokers, banking officers, government agencies, and people who have access to e-government systems in education, healthcare, securities, hospitals.

In addition, some service companies sell software to collect personal information, which is hidden in sales websites. When users visit these websites, businesses will collect in-depth personal information.

It is dangerous that criminals conduct unauthorized collection of personal information by using malicious code, and software with spying features to steal personal data.

Some cases have been reported: files containing the data of 163,666,400 Zing ID accounts of VNG Company; more than 5 million emails and tens of thousands of payment card information such as visas, credit cards... allegedly belonging to The Gioi Di Dong and Dien May Xanh... were posted online.

Most recently, on May 13, 2021, a hacker offered to sell the personal information authentication (KYC) data of nearly 10,000 Vietnamese people.

On May 18, 2021, the police broke up a large-scale data collection, appropriation, and trading ring with data illegally collected, appropriated, traded and used of nearly 1,300 GB, containing billions of data about individuals and organizations nationwide.

This shows the lack of responsibility and loose management of some organizations with personal information and data about customers.

New policies needed to protect online personal data


Buôn bán dữ liệu cá nhân, có luật mà không ai sợ-2


In Vietnam, sellers and buyers of personal data are often not afraid of the law as they think that in the online environment such transactions are difficult to detect, especially when they are done in closed groups and on websites with servers based abroad, or via social networks.

The Constitution and the 2015 Civil Code both have provisions on protection, secrecy and inviolability for "private life, personal secrets, family secrets" and "letters, telephones, telegrams and other forms of personal electronic information".

According to the Penal Code, violators can be imprisoned for up to 7 years for "illegally releasing or using information on computer and telecommunications networks". In addition, depending on the severity of the violation, the violator will be fined VND40 million to VND70 million.

The draft Decree on Personal Data Protection compiled by the Ministry of Public Security has yet to be issued. Notably, Article 22 of the draft decree stipulates administrative penalties for violations of regulations on the handling of personal data, ranging from fines of VND50 million to VND80 million.

However, there should be additional penalties for individuals, businesses and organizations that commit violations in the management, security, and use of personal data.

Violators should be banned from working in specialized areas for a certain period of time, or their professional license should be revoked, because the profit from selling data is often higher than the fine.

The National Cyber Security Center (NCSC) recommends that each individual, in order not to be taken advantage of by criminals or become a victim of phishing attacks, should be equipped with knowledge to avoid fraudulent situations.

NCSC also recommends that users should ensure the safety of online accounts such as bank accounts, e-wallets, email, and Facebook, especially accounts with online payments.

According to cybersecurity experts, the protection of user data is a matter that requires coordination from many sides, and preventing data leakage requires efforts from the affected users themselves. Citizens must know how to react when personal information is stolen which will help users prevent cybercriminals from exploiting information in the future.

As soon as suspicious access to the account is detected, users should immediately contact the service provider to waive responsibility when something goes wrong. In this case, when personal data unexpectedly becomes publicly available, users can avoid long-term consequences after personal information is stolen by monitoring their financial activities because this is still an area of interest for cybercriminals.

Protecting personal data as well as strictly dealing with violations of organizations and individuals infringing on privacy rights or illegally buying and selling personal information pose urgent legal issues. It is a must to improve the legal system immediately as Vietnam's regulations on personal data trading are not keeping up with developments in the world. The social and technological landscape is changing rapidly.

Organizations and businesses that manage personal data must constantly upgrade their technology and security systems as well as comply with the State's regulations related to personal data protection.

Lawyer Le Minh Toan (Le Minh Law Company)

Personal data of 10,000 Vietnamese offered for sale online

Personal data of 10,000 Vietnamese offered for sale online

Personal information such as identity cards, selfie images and others of 9,667 people are being posted and offered for sale on the Internet for $9,000.

Vietnam suggests US$3,475 penalty for personal data breach

Vietnam suggests US$3,475 penalty for personal data breach

The move by Vietnam's Ministry of Public Security is essential as it is the personal information protection that shows respect for the right of each person.


Aviation ground services to go-green to meet compliance

The Civil Aviation Authority of Vietnam (CAAV) is collecting comments on a draft circular stipulating that all businesses in the sector must have a plan to convert ground vehicles from fossil fuels to electric.

President visits, offers condolences to widow of late PM Abe Shinzo

President Nguyen Xuan Phuc visited and offered condolences to Abe Akie, the widow of late Japanese Prime Minister Abe Shinzo, at her home on September 28.


US firm pours capital in cross-border e-commerce project in Binh Duong


PM requests prompt measures to overcome Typhoon Noru’s consequences

Dim outlook for domestic auto component industry

Vietnamese automotive component industry has a dim outlook for growth as it lags behind those in many other regional countries, according to the Ministry of Industry and Trade (MoIT).

Animated series seeks to change stereotypes on Vietnamese products

Wolfoo, a YouTube children’s animated web series, which has reached more than 2 billion views a month, has changed the world’s stereotypes on Vietnamese products.

VN banking prospects from now to the end of the year

Under the circular, the State Bank of Vietnam told banks to reschedule debt repayments to help customers affected by the COVID-19 pandemic until June 30 this year.

JPMorgan: 65% of AirPods production to be located in Vietnam in 2025

JPMorgan analyst expects 20 percent of iPad, 5 percent of MacBook, 20 percent of Apple Watch and 65 percent of AirPods production to be located in Vietnam in 2025.

US$2.3 billion withdrawn from stock market, investors begin to worry

Concerns are increasing in the stock market after the State Bank of Vietnam (SBV) raised regulating interest rates and withdrew VND56 trillion (over US$2.3 billion) last week.

Teacher Nguyen Ngoc Ky writing with feet passes away

This morning, 75-year-old teacher Nguyen Ngoc K, who inspired many generations of students with his determination to rise up in life, passed away at his home in Thu Duc City.

Typhoon Noru passes through central Vietnam

Super typhoon Noru swept through central Vietnam on September 27 night and early September 28, bringing strong winds and torrential rains.

Discovering craft villages in Buddhist centre in Quang Ninh

Coming to Yen Tu relic site in Quang Ninh province – Vietnam’s major Buddhist centre, tourists can also experience traditional crafts such as making hats, bamboo handicrafts, and wood carvings.

Ministry drafts mechanism to adjust average retail power price

The Ministry of Industry and Trade (MoIT) is drafting a Prime Minister's Decision on the mechanism for adjusting the average retail electricity price.

Foreign investment disbursement hits record high in nine months

Disbursement of foreign direct investment (FDI) in the first nine months of this year reached 15.4 billion USD, up 16.2 % year-on-year and marking a record high, a report from the Foreign Investment Department (FIA) has shown.

Foreign Minister Bui Thanh Son pays visit to Germany

Minister of Foreign Affairs Bui Thanh Son paid an official visit to Germany from September 26-27 at the invitation of his German counterpart Annalena Baerbock.