The Information and Communications Authority recently released the “Draft Electronic Transactions Law” to solicit comments from the public
The Information and Communications Authority (“MIC”) has recently released the Draft Electronic Transactions Law (the “Draft” ) for public consultation. The “Draft” will replace the “Electronic Transactions Act 2005”. The comment period is scheduled to close on July 4, 2022. It is unclear when the new law will take effect.
This “Draft” aims to amend the “2005 Electronic Transaction Law” to support Vietnam’s fast-growing digital economy and provide it with appropriate regulation. First of all, the “Draft” not only includes amendments and supplements to digital signature, digital identity and electronic contract clauses, but also adds new regulations for digital platforms. In addition, the “Draft” divides digital platforms into different types (i.e. intermediary digital platforms, social network/online communication network platforms, online search platforms, application store platforms, online advertising platforms, e-commerce transaction platforms, cloud computing platforms, etc.), and Different requirements are specified accordingly. This classification of digital platforms is a new attempt under Vietnamese law. Given its broad scope of application, this will be one of the most important of the many Internet laws and regulations in the jurisdiction. Below we list some key points worth noting.
Privacy protection obligations of digital platform providers
All digital platform providers must:
- Publish the Terms of Service and Privacy Policy;
- Provide tools/mechanisms for users to report product violations, quality and service related issues;
- delete illegal information; and
- Protect user privacy.
Providers of digital platforms have additional obligations, such as setting up an internal complaint handling system to handle user complaints, which should be dealt with within 48 hours. It is worth noting that the current law does not specify a time limit for handling complaints, but requires e-commerce platform providers to delete information on illegal goods/services within 24 hours of receiving a request from the competent authority.
Safe Haven for Digital Platform Providers
The “Draft” stipulates that under the following circumstances, digital platform providers are not liable for users’ content infringements:
- The Digital Platform Provider was not aware of such violation/illegal content and, for the purposes of the claim for damages, was not aware of information sufficient to enable it to be inferred that such violation/illegal content existed; or
- The digital platform provider was aware of such violations/illegal content, but it has immediately removed/disabled access to such content.
This exclusion of liability does not apply to:
- the user’s conduct is controlled by the digital platform provider; or
- An electronic transaction between an end user (consumer) and a merchant user via a digital platform that includes information on goods/services displayed on that platform leads the consumer to believe that:
- the goods/services are provided by the platform itself; or
- Merchant users are controlled and managed by the digital platform.
Additional obligations for certain digital platforms
Intermediary digital platforms that reach the threshold of number of users (subsequently determined by the MIC) will be considered as large platforms, subject to the following obligations:
- Assess potential risks arising from platform functionality and use (such as dissemination of illegal information, negative impact on personal life, freedom of press and information, children’s rights, health/national security, etc.);
- Configure appropriate measures to reduce the above potential risks;
- Deploy supervisors to ensure that platforms comply with relevant obligations.
The “Draft” puts forward additional requirements for certain large platforms (ie, major platforms). Major platforms refer to platforms that have a dominant position and play a particularly important role, connecting a large number of users in the Vietnamese market with service and commodity providers. Major platforms must ensure:
- Provide users with the option to turn off personal preference tracking and algorithm recommendation services, and stop providing related services when receiving corresponding requests;
- Inform users of the algorithm recommendation of the platform and its basic principles, purpose and operating mechanism;
- Allow end users to remove any pre-installed software programs from the primary platform without affecting the basic technical functionality of the platform;
- Do not use algorithmic models that prevent users from making accurate shopping decisions or that will lead to excessive consumption;
- Do not use data collected from the activities of the platform’s goods/service providers to compete with it.
Data Protection Obligations
The “Draft” aims to address technical gaps and specific problems in the electronic environment, and requires digital platforms to comply with relevant data protection regulations. Digital platforms must:
- Provide data to competent authorities in accordance with relevant regulations;
- Allow users to access the data they generate on the digital platform;
- Disclosing information about the collection and generation of user data;
- Provide users with data transfer services between platforms.
The “Draft” highlights that the cross-border transmission of “three-level importance” data must undergo data security assessment in accordance with the provisions of the MIC. However, the “Draft” does not further explain the “three levels of importance”. And this requirement is not specified in any other existing legal document or in the forthcoming Draft Personal Data Protection Act.
Currently, Vietnam is drafting various legal documents to further consolidate the legal framework of cyberspace. We can find that there are some inconsistencies in the current laws and regulations, which need to be further explained or improved.
