Personal information sold on OTT platforms

One just needs to type the keywords ‘chung minh nhan dan’, ‘can cuoc cong dan’ (identity cards) or ‘ban thong tin’ (information for sale) on Telegram and Facebook Messenger’s search boxes to see a high number of ads showing addresses for illegal trading of users’ personal information.

According to the Authority of Information Security (AIS), the trade of personal information remains very complicated. 

After the agency carried out a series of campaigns on scanning and handling websites that advertise the purchase or sell personal information, there were still groups of subjects operating on cross-border OTT platforms.

AIS said that the purchase or sale of personal information is not only conducted between individuals, but also with the organized participation of enterprises. 

Some enterprises and service companies collect clients’ personal information and allow third parties to access the information. The trading of personal information and data is organized methodically, and even with warranties.

Experts have cited a number of reasons behind the problem, including low awareness about personal information protection; carelessness of people who provide information arbitrarily, especially on social networks; the lack of measures to protect data by agencies, organizations and enterprises that collect information; the illegal share of information to third parties; and the leakage of information from data management officers.

In addition, information systems collect, process and store personal information but don’t ensure cybersecurity, which results in being attacked. Meanwhile, online phishing to collect personal information has increased sharply recently.

Comprehensive measures

In its report to the National Assembly recently, MIC said the ministry has released 10 legal documents related to the protection of personal information, requesting agencies, organizations and enterprises in the country to check and observe regulations on ensuring personal information safety.

MIC advised the government to promulgate Decree 14 released in 2022 that amends and supplements some articles of Decree 15 in 2020 on administrative sanctions for violations in the fields of post, telecommunications, radio frequency, IT, and electronic transactions, and Decree 119 in 2020 on the punishment in publication activities. 

The newly released decree includes regulations on punishments related to personal information collection and processing.

In the fourth quarter of 2023, MIC organized and sent staff to 11 inter-ministerial delegations of inspectors to give assessments about the work of ensuring safety and cybersecurity.


Van Anh