POTENTIAL CONFLICTS IN PERSONAL DATA PROTECTION UNDER CURRENT LEGISLATION IN VIETNAM COMPARED WITH EUROPEAN GENERAL DATA PROTECTION REGULATION

Abstract

Background: Transatlantic data transfers are a critical component of the global digital economy, facilitating commerce and communication among countries worldwide. However, these transfers have been fraught with legal and regulatory challenges, particularly concerning protecting personal data due to the lack of a comprehensive global privacy law. Methods: This comparative, descriptive study exploits secondary resources by comparing and contrasting the principles of the European General Data Protection Regulation and the new Decree on personal data protection in Vietnam to provide deep insights into the differences between them. Results and Conclusions: Although the Decree takes advantage of many of the European General Data Protection Regulation's principles, i.e., the rights of data subjects, consent requirements, and the need for impact assessments, it has its provisions specific to the Vietnamese context, such as the absence of "legitimate interests" as a legal basis for processing and the unique enforcement mechanisms. Despite many similarities, the specific requirements around consent, data subject rights, breach notification, extraterritorial data transfers, and enforcement mechanisms might result in conflicts among these legislative documents. The Decree, which would become more effective, shall rely on its enforcement mechanisms and the ability to impose meaningful sanctions for non-compliance; thus, it should incorporate a more detailed sanctions regime to deter violations effectively.