Advertisement
| 10 October, 2018

Vietnam cyber law set for tough enforcement despite Google, Facebook pleas

New law requires tech firms to set up local offices, store data locally

Image used for illustrative purpose.
WhatsApp and Facebook messenger icons are seen on an iPhone in Manchester , Britain March 27, 2017.

Image used for illustrative purpose. WhatsApp and Facebook messenger icons are seen on an iPhone in Manchester , Britain March 27, 2017.

REUTERS/Phil Noble

HANOI - Vietnam is preparing to strictly enforce a new cybersecurity law requiring global technology companies to set up local offices and store data locally despite pleas from Facebook, Google and other firms, a government document showed.

Vietnamese lawmakers approved the new law in June overriding strong objections from the business community, rights groups and Western governments including the United States, who said the measure would undermine economic development, digital innovation and further stifle political dissent.

Alphabet Inc's Google, Facebook and other big technology companies had hoped a draft decree on how the law would be implemented would soften provisions they find most objectionable.

Advertisement

But the document seen by Reuters indicates those hopes are unlikely to materialise, potentially setting up a showdown over whether the companies will ultimately comply with the law or pull out of the country.

Vietnam's foreign ministry, which handles foreign media requests for comments from the government, did not immediately reply to a request for comment. Facebook declined to comment. A Google spokesman had no immediate comment.

Despite sweeping economic reforms and increasing openness to social change, Vietnam's ruling Communist Party retains tight media censorship and does not tolerate political dissent.

The new draft decree requires companies providing a range of services, including email, social media, video, messaging, banking and e-commerce, to set up offices in Vietnam if they collect, analyse or process personal user data.

The companies would also be required to store a wide range of user data, ranging from financial records and biometric data to information on peoples' ethnicity and political views, or strengths and interests inside Vietnam's border.

Facebook and Google, both of which are widely used in the country, do not have local offices or local data storage facilities and have pushed back on the localisation requirements.

The companies have been more muted on other parts of the law that bolster the government's online policing powers, though company officials have privately expressed concerns that the new law would make it easier for the authorities to seize customer data and expose local employees to arrest

CASE STUDY

A number of other countries in Asia and elsewhere are also pursuing data localization laws as they seek greater control over the internet.

Vietnam offers a case study in the conflicting pressures the likes of Facebook and Google confront when operating in countries with repressive governments. It also shows how authoritarian regimes try to walk a line in controlling online information and suppressing political activism without crippling the digital economy.

Critics fear the new law will both dampen the burgeoning internet economy and intensify a crackdown on online dissent. Vietnam has been increasingly aggressive in prosecuting dissidents for anti-government Facebook posts, and activists have called on the company to do more to resist the government's censorship.

The draft decree also gives the Vietnamese police's cybersecurity and high-tech crime unit authority to request data for investigation or to handle law violations on cyberspace or for national security protection.

The head of the National Assembly's defence and security committee, Vo Trong Viet, said in June that storing data inside Vietnam was feasible, crucial to fighting cyber crime and in line with international rules.

He has said placing data centres in Vietnam, which the companies say would increase costs and weaken security, is necessary to meet the cybersecurity needs of the country.

The draft decree is expected to be published within days to seek public opinion. Once it is approved by Prime Minister Nguyen Xuan Phuc, the law will go into effect on January 1 next year, though the provisions on local offices and data localisation would not go into effect for another year.

(Reporting by Mai Nguyen; Additional reporting by Jonathan Weber in Singapore; Editing by Muralikumar Anantharaman) ((mai.nguyen@thomsonreuters.com; +8424 3825 9623; Reuters Messaging: mai.nguyen.thomsonreuters.com@reuters.net))