The Internet has substantially changed human behaviors in the way of accessing and exchanging information – including personal data – easier and faster than ever. Frontier-less nature of the Internet not only enables the free flow of data across countries, but also brings new challenges including risks to privacy.

Under the state surveillance, Vietnam has regulated differently privacy from the state and privacy from private actors. The utmost priority focused on regulating cyber activities that impact national security and social order and safety, which is reflected in Law on Cybersecurity No. 24/2018/QH14 on June 12, 2018.

For personal data protection, the rules for the collection, storage, processing, use, disclosure, and publication of personal data are set out in Vietnam’s Civil Code 2015 and in multiple sectorial laws besides a general framework for data protection promulgated in Law on Network Information Security No. 86/2015/QH13 (Nov 19, 2015). However, these rules are drafted in broad language and are open to interpretation; however, there has been no repository for precedent till now.

Recently, in order to enhance the best effort in protecting personal data, Vietnam updated its legislative agenda and planned to enact an initial decree on Personal Data Protection drafted by Vietnamese Ministry of Public Security after its first issuance in 2019. This updated draft has a more robust set of rules regulating specific rights of data subjects, cross-border transfer of data, and processing of sensitive personal data, which clarified mostly the longstanding speculation about the direction of Vietnam’s data protection regime beyond state surveillance.

The objective of the present article is to point out the current status of the legal system in protecting personal data, its potential obstacles to effective protection of the right to data protection, and to put forward solutions for removing those obstacles with regard to data protection in Vietnam.