The Ministry of Information and Communication recently released the Draft Law on E-Transactions for public commenting.
The Ministry of Information and Communication (“MIC“) recently released the Draft Law on E-Transactions (“Draft Law“), which will supersede the Law on E-Transaction 2005, for public commenting. The public commenting period is scheduled to close on 4 July 2022. It is not clear when the new law will go into effect.
This Draft Law is an effort to revamp the Law on E-Transaction 2005 so that it reflects Vietnam’s fast-growing digital economy and provides for adequate regulations. Specifically, this Draft Law not only includes amendments and supplements to provisions on digital signatures, digital identity, and e-contracts but also features new regulations specific to digital platforms. We note that the Draft Law classifies digital platforms into types (i.e., Intermediary Digital Platforms, Social Network/Online Communication Network Platforms, Online Search Platforms, Application Store Platforms, Online Advertising Platforms, E-Commerce Trading Floors, Cloud Computing Platforms, etc.) and imposes different requirements accordingly. This classification of digital platforms is a new attempt under Vietnamese law. Given its broad scope of application, this will be one of the most important pieces of statute in the myriad of internet laws and regulations in this jurisdiction. We have set out some noteworthy points below.
Privacy obligations of digital platform providers
All digital platform providers must:
- publish terms of service and privacy policies;
- provide tools/mechanisms for users to report issues concerning violating content or quality of goods and services;
- remove information that violates the law; and
- protect users’ privacy.
Intermediary digital platform providers have additional obligations such as having an internal complaint handling system to handle user complaints and handling complaints within 48 hours. It is noted that present laws do not provide a timeline for handling complaints but require e-commerce platform providers to remove information about illegal goods/services within 24 hours upon receipt of a competent authority’s request.
Safe harbors for digital platform providers
The Draft Law provides an exemption from liabilities for content-related violations by users if digital platform providers:
- are unaware of such violation/illegal content and, relating to a claim for damages, unaware of the circumstance from which such violation has been committed/illegal content is clear; or
- are aware of such violation/illegal content and they have promptly removed/disabled access to it.
Such exemption does not apply in the following instances:
- users have acted under the digital platform provider’s control; or
- the electronic transaction established between an end-user (consumer) and a merchant user entered into via the digital platform contains information about goods/services displayed on such platform making consumers believe that:
- the goods/services are provided by the platform itself; or
- the merchant user is under the control and management of the digital platform.
Additional obligations imposed on certain digital platforms
Intermediary Digital Platforms meeting a threshold of users (to be specified by the MIC at a later time) will be deemed Large Platforms and subject to the following obligations:
- make assessments of potential risks arising from function and use of the platform (e.g., dissemination of illegal information, negatively impacting personal lives, freedom of press and information, children’s rights, health/national security);
- have in place measures to mitigate the abovementioned potential risks; and
- appoint supervisor(s) to ensure the compliance with relevant obligations.
The Draft Law imposes additional requirements on specific Large Platforms that the Draft Law refers to as Dominant Platforms. Dominant Platforms are platforms that are in dominant positions and play a particularly important role and contribute to the connection between services and goods providers with a large number of users in the Vietnamese market. Dominant Platforms must ensure they:
- provide users to turn off tracking of users’ personal preferences and algorithmic recommendations, and to stop providing related services when requested accordingly;
- notify users of the platform’s algorithmic recommendations, as well as its underlying principles, purposes, and operating mechanism;
- allow end users to remove any pre-installed software programs from the Dominant Platforms without impacting the platforms’ essential technical functions;
- do not employ algorithm models that either prevent users from making accurate shopping decisions, or cause overspending; and
- do not use data gathered from activities of the platform’s goods/services providers to compete with them.
Data protection obligations
Fitting to the Draft Law’s goal of addressing technical and specific issues arising in the electronic environment, digital platforms are required to comply with specific data protection provisions. Digital platforms must:
- provide data to competent authorities upon request;
- provide users with the accessibility to the data they generate on the digital platform;
- publish information on the users’ data collection and generation; and
- provide support if users wish to transfer their data to another data processing platform.
We note that the Draft Law provides that cross-border transfer of data of “level 3 importance” must undergo a data security assessment as regulated by the MIC. The Draft Law does not further elaborate on “level 3 importance”. We also note that this is a requirement not detailed in any other existing legal instrument nor the Draft Decree on Personal Data Protection which is pending issuance. As there are various important legal instruments are being drafted to further develop the legal framework for cyberspace, we might see some inconsistencies that require further interpretation or entail additional provisions in one or another regulation.
Authors: Yen Vu, Eunjung Han, Uyen Doan and My Anh Truong.
For further information, please contact:
Yen Vu, Principal, Rouse
yvu@rouse.com