HANOI (Reuters) – Vietnam on Friday released a long-waited draft decree on guidelines to implement a cyber security law that global technology companies and rights groups have said could undermine development and stifle innovation.
The draft required firms providing a range of services, including email or social media, to set up offices in Vietnam if they collect or analyze data, let their users conduct anti-state actions or cyber attack, and if they fail to remove content deemed anti-state, fake, slandering or inciting violence.
Facebook and Google, both of which are widely used in Vietnam and serve as the main platforms for dissidents, do not have local offices or local data storage facilities and have pushed back on the localization requirements.
Legislators approved the law in June, overriding strong objections from tech companies, rights groups and Western governments including the United States.
Despite economic reforms and increasing openness to social change, Vietnam’s Communist Party retains tight media censorship and does not tolerate dissent.
The technology companies had hoped the draft decree would soften provisions they find most objectionable, including the requirements to set up local offices and store data locally.
The data required to be stored ranged from job titles to contact details, credit card information, biometric data and medical records, according to the draft decree.
The type of data required seemed to have shortened from an earlier version of the draft decree seen by Reuters last month, which also included information on peoples’ ethnicity and political views.
Company officials have privately expressed concerns that the new law would make it easier for the authorities to seize customer data and expose local employees to arrest.
The draft decree is open for public consultation for two months.
“We applaud the Government of Vietnam for launching a public consultation, and hope to work with them to reach an outcome which benefits all stakeholders in Vietnam,” said Alex Botting, director of the US Chamber of Commerce’s Center for Global Regulatory Cooperation.
“The text of Vietnam’s Law on Cyber Security included some of the most draconian data localisation provisions seen anywhere in the world,” Botting said.
A recent US Chamber survey found that 61% of companies surveyed, including non-US companies, will be less likely to invest in Vietnam if the text is implemented as written in the law, he said.
Last week, the security ministry said the cybersecurity law would protect the country from threats of tens of thousands of cyber attacks that directly cause serious economic losses and threaten security and social order.
People’s information would not be disclosed and firms would only be asked to provide user information for investigations or law enforcement under strict procedures, the ministry said.
(Reporting by Mai Nguyen; Editing by Angus MacSwan)