12:00 | 26/11/2023

Is personal location identified via location services considered sensitive personal data in Vietnam under the Decree 13/2023/ND-CP?

Is personal location identified via location services considered sensitive personal data in Vietnam under the Decree 13/2023/ND-CP? T.Q - Hanoi

Is personal location identified via location services considered sensitive personal data in Vietnam under the Decree 13/2023/ND-CP?

Pursuant to Point i, Clause 4, Article 2 of Decree 13/2023/ND-CP on sensitive personal data as follows:

Definition of terms
For the purpose of this Decree, the following terms shall be construed as follows:
...
3. General personal data includes:
a) Last name, middle name and first name, other names (if any);
b) Date of birth; date of death or going missing;
c) Gender;
d) Place of birth, registered place of birth; place of permanent residence; place of temporary residence; current place of residence; hometown; contact address;
dd) Nationality;
e) Personal image;
e) Phone number; ID Card number, personal identification number, passport number, driver’s license number, license plate, taxpayer identification number, social security number and health insurance card number;
h) Marital status;
i) Information about the individual’s family relationship (parents, children);
k) Digital account information; personal data that reflects activities and activity history in cyberspace;
l) Information associated with an individual or used to identify an individual other than that specified in Clause 4 of this Article.
4. “Sensitive personal data” refers to personal data in association with individual privacy which, when being infringed, will directly affect an individual's legal rights and interests, including:
a) Political and religious opinions;
b) Health condition and personal information stated in health record, excluding information on blood group;
c) Information about racial or ethnic origin;
d) Information about genetic data related to an individual's inherited or acquired genetic characteristics;
dd) Information about an individual’s own biometric or biological characteristics;
e) Information about an individual’s sex life or sexual orientation.
g) Data on crimes and criminal activities collected and stored by law enforcement agencies;
h) Information on customers of credit institutions, foreign bank branches, payment service providers and other licensed institutions, including: customer identification as prescribed by law, accounts, deposits, deposited assets, transactions, organizations and individuals that are guarantors at credit institutions, bank branches, and payment service providers;
i) Personal location identified via location services;
k) Other specific personal data as prescribed by law that requires special protection.

Thus, personal location identified via location services is considered sensitive personal data according to the law.

Is personal location identified via location services considered sensitive personal data in Vietnam under the Decree 13/2023/ND-CP?

Vietnam: Does a data subject have the obligation to fully and accurately provide his/her personal data when he/she consents to the processing?

Pursuant to Clause 3, Article 10 of Decree 13/2023/ND-CP on Obligations of data subjects as follows:

Data subject’s obligations
1. Protect his/her own personal data; request relevant organizations and individuals to protect his/her personal data.
2. Respect and protect others’ personal data.
3. Fully and accurately provide his/her personal data when he/she consents to the processing.
4. Participate in dissemination of personal data protection skills.
5. Comply with regulations of law on protection of personal data and prevent violations against regulations on protection of personal data.

Thus, the data subject has the obligation to fully and accurately provide his/her personal data when he/she consents to the processing.

What are the rules for protection of personal data in Vietnam?

Pursuant to Article 3 of Decree 13/2023/ND-CP stipulating the rules for protection of personal data is carried out according to the following principles:

- The personal data shall be processed as prescribed by law.

- The data subject shall be entitled to receive information related to the processing of his/her personal data, unless otherwise provided for by law.

- The personal data shall be processed for the purposes that have been registered and declared by the Personal Data Controller, the Personal Data Processor, the Personal Data Controller-cum-Processor and the Third Party.

- The collected personal data shall be appropriate for the scope and purposes of processing. The purchase or sale of personal data shall be prohibited in any form, unless otherwise provided for by law.

- The personal data shall be updated and added for the processing purposes.

- The personal data shall be protected and secured throughout the processing. To be specific, the personal data shall be protected from violations against regulations on protection of personal data and prevention of loss, destruction or damage caused by incidents and use of technical measures.

- The personal data shall be stored within a period of time that is appropriate for the processing purposes, unless otherwise provided for by law.

- The Personal Data Controller and the Personal Data Controller-cum-Processor shall comply with the rules for data processing specified in Clauses 1 through 7 of Article 3 of Decree 13/2023/ND-CP and prove their compliance.

LawNet

The latest legal advice
Related topics
MOST READ
{{i.ImageTitle_Alt}}
{{i.Title}}