The VCCI sent its comments about the draft law to National Assembly’s Committee on National Defence and Security, saying some proposed regulations are unreasonable.
For example, Item 3, Article 34 proposes that suppliers of telecoms services and internet services must establish mechanisms to verify personal information of users when they create an account to ensure confidential authentication of the information. The suppliers would also have to provide the information to cyber security agencies.
According to the VCCI, it is not possible for the suppliers to verify and ensure the authentication of the information that users provide, especially when suppliers have yet to use the national database on citizen identification.
Item 2, Article 47 proposes that websites or web portals hosting illegal cyber information may be subject to temporary suspension or withdrawal of operating licences if they contain information inciting mass gatherings that disturb security and order or that encourage anti-government activities.
The website/web portal operators would be asked to prevent the sharing of such illegal information and to remove the illegal information within 24 hours. The VCCI said that the requirement could add cost and staff burdens to the operators.
Notably, the draft law requires foreign suppliers of telecom services and internet services to obtain operation licences, establish a representative agency in Vietnam, and locate the server that manages Vietnamese users’ data in the territory of Vietnam.
The VCCI said that the proposal went against commitments that Vietnam made when joining the World Trade Organisation and the Europe-Vietnam Free Trade Agreement.
VCCI Vice Chairman Hoang Quang Phong said that the proposal on sever location was against a commitment relating to Location of Computing Facilities (Article 14.13) in the Electronic Commerce Chapter of the Trans-Pacific Partnership (TPP) that Vietnam signed in February, 2016.
Tuoi Tre (Youth) newspaper on November 4 reported that experts were concerned the proposals, if approved, could hinder the development of internet firms in Vietnam and Vietnamese users could lose opportunities to access quality services.
They also said foreign service suppliers like Google, Facebook, Viber, Uber could refuse to establish a representative agency or relocate their servers to Vietnam.
Lawyer Vu Quang Duc from Ho Chi Minh City Bar Association said that Vietnam should not use administrative measures to manage services provided by foreign companies. Instead, technical measures could be more effective, he said.
Bui Viet Hien Nhi, deputy head of FPT Telecom’s Communication Board said the requirement for a representative agency was reasonable because it helped State agencies oversee and minimise risks of trade fraud and cyber attacks.
Nhi said that few foreign companies were willing to move their servers to Vietnam.
“It’s necessary to tighten control but any regulation needs to be considered carefully and logically to match the typical features of each industry,” she said.
Vu Tu Thanh, Deputy Regional Managing Director & Representative, US-ASEAN Business Council in Vietnam, said that there was a contradiction between the requirement for users’ information and the requirement for servers to be located in Vietnam, where IT infrastructure is poor.
“Where servers are located is not as important as how to ensure cyber security for the data that the servers store,” he said.