Vietnam’s Ministry of Information and Communication recently released a draft law on electronic transactions for public consultation.
The Ministry of Information and Communication (“microphone“) recently released the Electronic Transactions Bill (“Law Project“), which will replace the Electronic Transactions Act 2005 for public comment. The public comment period is scheduled to end on July 4, 2022. It is unclear when the new law will come into force.
This bill aims to revamp the Electronic Transactions Law of 2005 to reflect the rapid growth of Vietnam’s digital economy and provide adequate regulations. Specifically, this bill not only includes amendments and additions to the provisions on digital signatures, digital identity and electronic contracts, but also includes new regulations specific to digital platforms. We note that the Bill classifies digital platforms into types (i.e. digital intermediary platforms, social media platforms/online communication networks, search platforms online, app store platforms, online advertising platforms, e-commerce rooms, cloud computing platforms, etc.) and imposes different requirements accordingly. This classification of digital platforms is a new attempt in Vietnamese law. Given its broad scope, it will be one of the most important pieces of legislation among the myriad of Internet laws and regulations in this jurisdiction. We have outlined some noteworthy points below.
Confidentiality obligations of digital platform providers
All digital platform providers must:
- provide tools/mechanisms for users to report concerns regarding violation of content or quality of goods and services;
- delete information that violates the law; and
- protect user privacy.
Intermediary providers of digital platforms have additional obligations such as setting up an internal complaints handling system to handle user complaints and dealing with complaints within 48 hours. It should be noted that the current laws do not provide a time limit for handling complaints, but require e-commerce platform providers to delete information on illegal goods/services within 24 hours of receiving the request for a competent authority.
Safe ports for digital platform providers
The bill provides an exemption from liability for content-related violations by users if digital platform providers:
- are unaware of such violation/illegal content and, with respect to a claim for damages, are unaware of the circumstances under which such violation/illegal content is clear; or
- are aware of such violations/illegal content and have promptly removed/disabled access to them.
This exemption does not apply in the following cases:
- the users acted under the control of the digital platform provider; or
- the electronic transaction established between an end user (consumer) and a merchant user concluded via the digital platform contains information on the goods/services displayed on this platform leading consumers to believe that:
- the goods/services are provided by the platform itself; or
- the merchant user is under the control and management of the digital platform.
Additional obligations imposed on certain digital platforms
Intermediate Digital Platforms reaching a threshold of users (to be specified later by the MIC) will be considered as Large Platforms and subject to the following obligations:
- assess potential risks arising from the operation and use of the platform (e.g. dissemination of illegal information, negative impact on personal life, freedom of press and information, children’s rights, national health/security );
- have measures in place to mitigate the aforementioned potential risks; and
- appoint one or more supervisors to ensure compliance with the relevant obligations.
The bill imposes additional requirements on specific large platforms that the bill designates as dominant platforms. Dominant platforms are platforms that occupy dominant positions and play a particularly important role and contribute to the connection between service and goods providers with a large number of users in the Vietnamese market. Dominant platforms must ensure that they:
- provide users with the ability to opt out of tracking users’ personal preferences and algorithmic recommendations, and to stop providing related services upon request accordingly;
- inform users of the algorithmic recommendations of the platform, as well as its underlying principles, objectives and operating mechanism;
- allow end users to remove any pre-installed software programs from mainstream platforms without affecting the platforms’ essential technical functions;
- do not use algorithmic models that prevent users from making accurate purchasing decisions or lead to overspending; and
- not to use the data collected from the activities of the providers of goods/services on the platform to compete with them.
Data protection obligation
In line with the bill’s objective to address technical and specific issues related to the electronic environment, digital platforms are required to comply with specific data protection provisions. Digital platforms must:
- provide data to competent authorities upon request;
- provide users with accessibility to the data they generate on the digital platform;
- publish information about the collection and generation of user data; and
- provide support if users wish to transfer their data to another data processing platform.
We note that the bill provides that the cross-border transfer of “level 3 significance” data must be subject to a data security assessment, as regulated by the MIC. The bill does not elaborate further on “level 3 significance”. We also note that this is a requirement that is not detailed in any other existing legal instrument or in the draft decree on the protection of personal data which is awaiting publication. As various important legal instruments are being drafted to further develop the legal framework of cyberspace, we might find some inconsistencies that require further interpretation or imply additional provisions in either regulation.