The enactment andapplication of data protection legislation in Europe began in the 1970s to control thehandling of personal information by public authorities and large companies.3 Mostre
The necessity of the thesis
The Industrial Revolution 4.0 marks a pivotal moment in human history, ushering in the digital era characterized by rapid data analysis and processing As science and technology continue to advance, the protection of human rights, particularly privacy, has gained significant attention from legislators, legal scholars, and the general public alike.
In today's digital age, data, particularly personal data, has emerged as a valuable commodity, sought after by organizations and states for various purposes The proliferation of intelligent computer systems designed to collect and analyze this data has made it increasingly challenging for individuals to maintain control over their personal information Widespread incidents of data buying, selling, and leaks have raised serious concerns about privacy and individual rights A notable example is the recent revelation by the Guardian and 16 other media outlets regarding the use of Pegasus spyware against journalists, opposition activists, and politicians, including French President Emmanuel Macron In response to these alarming abuses, the European Parliament has initiated an investigation into the spyware scandal to protect individual liberties.
Bài viết của Vũ Công Giao và Lê Trần Như Tuyên (2020) trên Tạp chí Nghiên cứu Lập pháp đề cập đến việc bảo vệ quyền đối với dữ liệu cá nhân trong pháp luật quốc tế và pháp luật của một số quốc gia, đồng thời đưa ra những giá trị tham khảo cho Việt Nam Tài liệu này có thể được truy cập tại địa chỉ http://www.lapphap.vn/Pages/TinTuc/210546/Bao-ve-quyen-doi-voi-du-lieu-ca-nhan-trong-phap-luat-quoc-te phap-luat-o-mot-so-quoc-gia-va-gia-tri-tham-khao-cho-Viet-Nam.html, và đã được truy cập vào ngày 18/4/2022.
The European Union is investigating the Pegasus spyware scandal, highlighting the urgent need for robust legal frameworks to safeguard personal data in the face of technological advancements As technology evolves, it poses significant threats to individual privacy, underscoring the necessity for clear regulations to protect personal information effectively.
The European Union (EU) stands as a prominent political and economic powerhouse globally, significantly impacting worldwide operations The intricacies involved in the analysis and processing of personal data within the EU highlight the complexity of its regulatory framework.
The European Union has established numerous legal documents to regulate data protection, starting from the 1970s to oversee the handling of personal information by public authorities and large corporations The implementation of the General Data Protection Regulation (GDPR) on May 25, 2018, marked a significant advancement in the EU's commitment to safeguarding personal data rights In the digital age, the necessity of personal data protection extends beyond developed nations like the EU to countries such as Vietnam This initiative not only aims to uphold human rights but also enhances Vietnamese legislation, aligning it with international standards for personal data protection.
Because of these above reasons, the author decides to choose the topic
The graduation thesis titled "Personal Data Protection in the European Union and Recommendations for Vietnam" highlights the critical need for robust personal data protection in today's vulnerable landscape The author aims to provide foundational knowledge regarding the right to personal data protection by analyzing EU regulations and their practical applications This analysis will lead to valuable recommendations for enhancing Vietnam's legal framework on personal data protection.
Research overview
Bạch Thị Nhã Nam (2021) trong bài viết "Quyền được lãng quên từ thực tiễn phán quyết trong phạm vi Liên minh Châu Âu" đã phân tích sự phát triển và ứng dụng của quyền được lãng quên trong bối cảnh pháp lý của EU Nghiên cứu này được đăng tải trên Tạp chí Nghiên cứu lập pháp và có thể truy cập tại http://lapphap.vn/Pages/tintuc/tinchitiet.aspx?tintucid!0717, với ngày truy cập là 18/4/2022.
During the research phase for this graduation thesis, the author discovered numerous scientific studies, articles, and journals focused on data protection, with several key documents standing out in the field.
Dương Kim Thế Nguyên, Huỳnh Kim Tứ, Lê Thùy Khanh, và Mai Nguyễn Dũng (2021) đã nghiên cứu về việc cải cách pháp luật nhằm đáp ứng nhu cầu bảo vệ dữ liệu cá nhân trong bối cảnh chuyển đổi số Nghiên cứu này được thực hiện tại Trường Đại học Kinh tế Thành phố Hồ Chí Minh, nhấn mạnh tầm quan trọng của việc xây dựng khung pháp lý phù hợp để bảo vệ quyền lợi của người dùng trong thời đại số.
This article examines the significance of personal data in the context of digital transformation and emphasizes the necessity for legal regulations to protect such data Through a global analysis of personal data protection laws, the authors identify the deficiencies in Vietnam's current personal data protection framework and offer recommendations to enhance data protection measures in line with the demands of digital transformation in the country.
2 Mai Phương, “Một số nội dung nổi bật trong Dự thảo Nghị định quy định về bảo vệ dữ liệu cá nhân”,nhquang&associates.
This article examines the key aspects of the Draft Decree on personal data protection, highlighting three critical areas: the definition of personal data, the processing of such data, and the cross-border transfer of data The author provides insights on the current regulations and offers recommendations aimed at enhancing the effectiveness of the Draft Decree.
Trần Thị Thu Phương (2022) trong bài viết “Quy định chung của Liên minh Châu Âu về bảo vệ dữ liệu cá nhân và một số khuyến nghị đến Quốc hội, Chính phủ và Doanh nghiệp Việt Nam” đã phân tích các quy định của EU về bảo vệ dữ liệu cá nhân Bài viết cũng đưa ra những khuyến nghị thiết thực cho Quốc hội, Chính phủ và doanh nghiệp Việt Nam nhằm cải thiện chính sách bảo vệ dữ liệu cá nhân trong bối cảnh hội nhập quốc tế.
In light of the growing concerns surrounding the protection of personal information during electronic transactions, this article examines key aspects of the EU's General Data Protection Regulation (GDPR) It discusses the definition of personal data, the rights afforded to data subjects, the principles governing data processing, and the responsibilities of data controllers and processors Based on this analysis, the author offers recommendations for the National Assembly, Government, and Vietnamese businesses to adapt to global changes in data protection standards.
Bài viết của Vũ Công Giao và Lê Trần Như Tuyên (2020) tập trung vào việc bảo vệ quyền đối với dữ liệu cá nhân trong khuôn khổ pháp luật quốc tế và pháp luật của một số quốc gia Tác giả phân tích các quy định hiện hành và đưa ra những giá trị tham khảo cho Việt Nam, nhằm nâng cao nhận thức và cải thiện khung pháp lý liên quan đến quyền riêng tư và bảo mật thông tin cá nhân.
This article emphasizes the importance of personal data rights, particularly the right to privacy, in the context of the Fourth Industrial Revolution The author argues that these rights are crucial for individuals to maintain their dignity and self-control Additionally, the article examines international and national laws regarding personal data protection, offering valuable insights and reference points for Vietnam's legal framework.
5 Maria Tzanou, “Data protection as a fundamental right next to privacy?
``Reconstructing’ a not so new right”, International Data Privacy Law, Vol 2/2013.
This article explores the close connection between the right to privacy and data protection, highlighting the fundamental principles underlying data protection It serves as a valuable resource for understanding the global history of data protection.
6 Chris Jay Hoofnagle, Bart van der Sloot & Frederik Zuiderveen Borgesius
(2019), “The European Union general data protection regulation: what it is and what it means”,Information & Communications Technology Law.
This comprehensive research article on GDPR explores the strategic regulation of personal data, detailing its normative foundations and origins It thoroughly analyzes the provisions of GDPR and evaluates its impact on the European Union's management of personal data Overall, the article serves as a valuable resource for researchers seeking an in-depth understanding of GDPR-related issues.
7 European Data Protection Supervisor, “EDPS Guidelines on the concepts of controller, processor and joint controllership under Regulation (EU) 2018/1725”.
The guidelines focus on key aspects such as the definitions of controllers and processors, their respective obligations and responsibilities, and specific enforcement scenarios related to these roles The primary aim is to assist EU entrepreneurs in effectively complying with GDPR and meeting their regulatory obligations.
Recent scientific studies highlight the growing body of research on data protection in the digital age While these studies vary in scope, objectives, and depth, they serve as crucial references for the author's graduation thesis titled "Personal Data Protection in the European Union and Recommendations for Vietnam."
Research objectives
The author investigates the fundamental principles of the right to protect personal data, focusing on an analysis and evaluation of EU legislation in this area, and subsequently relates these findings to the corresponding legal framework in Vietnam.
The specific objectives that the author set for this thesis include:
Firstly, learn about an overview of the right to protect personal data including historical aspects of formation and development, concepts, nature, and meanings.
Second, research, analyze and compare provisions on the right to protect personal data in EU law and relate and compare with provisions in Vietnamese law.
Third, analyze and evaluate challenges in the practice of applying the data protection law and make some recommendations to improve Vietnamese law on the right to protect personal data.
Research object
This article focuses on the right to protect personal data in cyberspace, examining specific regulations, characteristics, and application conditions Additionally, it analyzes the challenges, trends, and enforcement practices related to personal data protection in Vietnam.
Research scope
In terms of space, the scope of the thesis focuses mainly on the regulations in the European Union and Vietnam.
In terms of time, the study focuses on the right to protect personal data since the General Data Protection Regulation (GDPR) was issued on April 27, 2016, until now.
Research methods
There are three main scientific research methods that the author uses in the study:
The analysis and synthesis method is employed throughout the research paper to examine the concepts and regulations surrounding personal data laws This approach clarifies the legal frameworks of the EU and Vietnam regarding the right to protect personal data, detailing the subjects involved and the conditions necessary for exercising this right.
The comparative research method is employed to analyze the similarities and differences between EU and Vietnamese laws regarding personal data protection regulations This analysis aims to provide insights and recommendations for enhancing Vietnam's legal framework on the right to protect personal data.
The analysis and interpretation of case law is a crucial method for examining how personal data protection rights are enforced within the EU This approach not only clarifies the application of relevant regulations but also provides insightful commentary on specific cases.
Scientific and practical meaning of the thesis
Scientific meaning
This thesis systematically examines the legal frameworks governing the right to personal data protection in the European Union and Vietnam Through comprehensive research and analysis, the author elucidates key theoretical foundations and existing legal regulations, thereby enhancing the scientific understanding of personal data protection rights.
Practical meaning
This article examines not only the legal framework surrounding the right to protect personal data in Vietnam but also delves into relevant court rulings and disputes that have emerged from legal practice The author highlights the practical implementation of these laws by state agencies, identifying various challenges and shortcomings encountered during the application process Based on these insights, the author offers several proposals and recommendations aimed at enhancing the legal provisions related to personal data protection in Vietnam.
Structure of the thesis
The thesis titled “Personal Data Protection In European Union And Recommendations For Vietnam” spans 38 pages and is organized into three main chapters, along with an introduction, conclusion, a list of acronyms, and references.
Chapter 1: General overview of the personal data protection;
Chapter 2: General provisions of the personal data protection in the European Union and relating to Vietnamese law;
Chapter 3: Practical implementation and recommendations forVietnam's data protection law.
GENERAL OVERVIEW OF THE RIGHT TO PROTECT
Personal data and its value in the digital age
Personal data refers to the specific facts or information related to an individual, which is collected and utilized for various purposes According to the Oxford dictionary, data is defined as "facts or information, especially when examined and used to find out things or to make decisions," while personal denotes something that is "your own; not belonging to or connected with anyone else." Therefore, personal data encompasses the unique information pertaining to a person.
From a legal standpoint, the concept of personal data has been extensively addressed in official documents The EU Data Protection Directive (Directive 95/46/EC) defines personal data as any information pertaining to an identified or identifiable natural person, referred to as the 'data subject.' Similarly, the General Data Protection Regulation (GDPR), the most recent EU legislation governing personal data protection, reiterates that personal data encompasses any information related to an identified or identifiable natural person ('data subject').
Personal data plays a crucial role in the economy, especially in the context of the Industrial Revolution 4.0, which integrates technology across various sectors, transforming production capabilities This revolution significantly influences both economic and political aspects of global society, highlighting the importance of data in driving innovation and change.
4 Consult the Oxford dictionary, https://www.oxfordlearnersdictionaries.com/definition/english/data?qa, accessed on 10/4/2022.
5 Consult the Oxford dictionary,, https://www.oxfordlearnersdictionaries.com/definition/english/personal?q=personal, accessed on 10/4/2022.
6 Art 2.(a) Directive 95/46/EC, https://eur-lex.europa.eu/legal- content/en/TXT/?uriEX:31995L0046, accessed on 10/4/2022.
7 Art 4.(1) GDPR, https://eur-lex.europa.eu/legal- content/EN/TXT/PDF/?uriEX:32016R0679&from=EN, accessed on 10/4/2022.
In her 2020 article, Trần Thị Thanh Bình discusses the implications of the Fourth Industrial Revolution for the Vietnamese working class, highlighting both opportunities and challenges The digital economy is primarily driven by three key components: the Internet of Things (IoT), Big Data, and Artificial Intelligence (AI) For these technologies to function effectively, the significance of data, particularly personal data, cannot be overlooked.
In the digital age, personal data has emerged as a vital asset, often referred to as the "new oil" or "currency" of the internet Researchers emphasize that data is the driving force behind digital transformation, allowing companies to gather insights on consumer demographics, preferences, and behaviors This extensive data collection enables businesses to enhance customer experiences, refine marketing strategies, and even convert data into revenue In e-commerce, big data analytics plays a crucial role in transforming raw data into actionable insights, facilitating informed decision-making and delivering significant economic advantages.
Bài viết của Dương Kim Thế Nguyên, Huỳnh Kim Tứ, Lê Thùy Khanh và Mai Nguyễn Dũng (2021) tập trung vào việc cải cách pháp luật nhằm đáp ứng nhu cầu bảo vệ dữ liệu cá nhân trong bối cảnh chuyển đổi số Nghiên cứu này được thực hiện tại Trường Đại học Kinh tế, nhấn mạnh tầm quan trọng của việc xây dựng khung pháp lý phù hợp để bảo vệ quyền lợi của cá nhân trong môi trường số hóa ngày càng phát triển.
Thành phố Hồ Chí Minh, https://digital.lib.ueh.edu.vn/viewer/simple_document.php?subfolder/69/20/&doc69203321 39480809675225539128209669508&bitsid426476-c4cc-4045-8ff7-4e3c83fc0aa0&uid=, accessed on 10/4/2022.
10 Chris Jay Hoofnagle, Bart van der Sloot & Frederik Zuiderveen Borgesius (2019), “The European Union general data protection regulation: what it is and what it means”, Information &
Communications Technology Law, https://www.tandfonline.com/doi/pdf/10.1080/13600834.2019.1573501, accessed on 10/4/2022.
11 Paul M Schwartz (2004), “Property, Privacy, And Personal Data”, Harvard Law Review, http://edshare.soton.ac.uk/15267/1/Schwartz-harvard-pdf.pdf, accessed on 10/4/2022.
12 Max Freedman (2021), “How Businesses Are Collecting Data (And What They’re Doing With It)”, Business New Daily, https://www.businessnewsdaily.com/10625-businesses-collecting- data.html, accessed on 10/4/2022.
Bài viết của Dương Kim Thế Nguyên, Huỳnh Kim Tứ, Lê Thùy Khanh và Mai Nguyễn Dũng (2021) tập trung vào việc cải cách pháp luật nhằm bảo vệ dữ liệu cá nhân trong bối cảnh chuyển đổi số Các tác giả nhấn mạnh tầm quan trọng của việc xây dựng khung pháp lý phù hợp để đáp ứng nhu cầu bảo vệ thông tin cá nhân trong môi trường số hóa hiện nay Nghiên cứu được công bố tại Trường Đại học Kinh tế Thành phố Hồ Chí Minh, cung cấp những phân tích sâu sắc về các thách thức và giải pháp trong việc đảm bảo an toàn dữ liệu cá nhân Tài liệu có thể được tham khảo tại địa chỉ https://digital.lib.ueh.edu.vn/viewer/simple_document.php?subfolder/69/20/&doc69203321.
In today's digital age, personal data is highly valuable yet increasingly vulnerable to breaches and theft, leading to significant human rights violations and economic losses that can reach millions The frequency of data leaks has surged, highlighting the urgent need for enhanced protection measures.
In 2013, Yahoo disclosed that hackers had compromised over 1 million accounts on its social network By October 2017, this figure surged to an estimated 3 million leaked accounts, marking it as one of the largest data breaches in history Similarly, Vietnam faces a complex landscape of personal data theft and leakage, characterized by large-scale and sophisticated tactics.
In May 2021, a significant online data breach exposed 17 GB of Vietnamese identity card information linked to the Pi Network digital currency platform This compromised data includes personal details such as faces, addresses, phone numbers, and emails, and is currently being offered for sale at a price of $9,000.
The vulnerability of personal data highlights the urgent need for robust legal protections to safeguard privacy rights, as recognized by international legal frameworks To ensure information security in the digital age, implementing legal sanctions for the protection of personal data is essential.
GENERAL PROVISIONS OF THE PERSONAL DATA
PRACTICAL IMPLEMENTATION AND
Some recommendations to improve the law on the protection of personal
Based on an analysis of domestic legislation regarding personal data protection and a comparison with European Union regulations, this article proposes several recommendations to enhance the legal framework for safeguarding personal data in our country.
To effectively address the challenges of personal data protection in Vietnam, it is essential to establish a dedicated law that clarifies and streamlines existing regulations, which are currently vague and overlapping In contrast, other Southeast Asian nations, such as Singapore, have successfully implemented their own personal data protection laws, highlighting the need for Vietnam to adapt to the digital era A comprehensive law on personal data protection will not only eliminate inconsistencies in current legislation but also ensure the safeguarding of individuals' personal information Key elements that should be incorporated into this new law are critical for enhancing data protection standards in the country.
Regulations must establish a clear distinction between "personal information" and "personal data." By defining these concepts and developing specific criteria for classifying personal data, organizations can enhance data management practices and ensure compliance with privacy standards.
The Personal Data Protection Act 2012 emphasizes the importance of safeguarding personal data processed by data collectors It aims to enhance the effectiveness of personal data protection measures, ensuring that individuals' rights to privacy are upheld and that their personal information is managed responsibly For more details, visit the official legislation at the Attorney-General's Chambers website.
When defining the scope of application for personal data protection, it is crucial to consider potential overlaps and contradictions with existing specialized documents Typically, a personal data protection act focuses on the private sector, specifically governing the collection, retention, use, and disclosure of personal data by businesses offering goods and services In contrast, the activities of state agencies regarding personal data are regulated by separate legal frameworks, such as the Law on Statistics and the Law on Public Secrets.
The law must establish clear provisions outlining the rights and obligations of all parties involved, particularly focusing on the rights of data subjects and the responsibilities of those collecting and processing data Key elements to be included are the data subject's right to safeguard personal information, the limitations of this right, specific standards for data collection and processing, exceptions allowing data handlers to process information without adhering to these standards, and penalties for those who violate these regulations.
To ensure a harmonious coexistence of personal data protection and public interests, it is essential to implement provisions that balance these rights This includes safeguarding the right to privacy while also upholding freedoms such as expression and press.
Vietnam's current sanctions for personal data breaches are insufficient and do not effectively deter violations It is essential to amend and enhance these sanctions to ensure they are proportional to the severity of the offenses committed.
Bài viết của Nguyễn Thị Kim Ngân (2019) nhấn mạnh rằng pháp luật về bảo vệ dữ liệu cá nhân tại một số quốc gia Đông Nam Á cần được nghiên cứu để đưa ra những gợi ý cho Việt Nam Cần thiết phải xây dựng một hệ thống chế tài nghiêm khắc hơn trong luật chung về bảo vệ dữ liệu cá nhân nhằm đảm bảo quyền lợi của người dân.
To enhance the protection of personal data in Vietnam, it is essential to develop or amend specialized legal documents, including the Law on Information Technology, the Law on Network Information Security, and the Law on Cybersecurity Unlike the stringent regulations found in European and U.S laws, Vietnamese legal frameworks currently offer only general principles, which hampers effective enforcement The introduction of a comprehensive law on personal data protection, along with revisions to existing specialized laws, will strengthen the legal framework and ensure more robust data protection measures.
The Government of Vietnam and relevant authorities should establish a framework that encourages businesses and organizations to create their own technical regulations for personal data handling This initiative will empower companies to take proactive steps in fulfilling their data protection obligations However, it is essential that these regulations undergo rigorous testing and evaluation by qualified professional bodies to ensure they effectively safeguard personal data while respecting the rights of data subjects.
Fourth, a National Committee on Personal Data Protection should be established This Committee can perform the following main functions: (i) advise the government, organizations, and individuals; (ii) raise awareness through
Bài viết của Vũ Công Giao và Lê Trần Như Tuyên (2020) tập trung vào việc bảo vệ quyền đối với dữ liệu cá nhân trong bối cảnh pháp luật quốc tế và pháp luật của một số quốc gia, đồng thời đưa ra những giá trị tham khảo cho Việt Nam Tài liệu này được đăng trên Tạp chí Nghiên cứu Lập pháp và có thể truy cập tại http://www.lapphap.vn/Pages/TinTuc/210546/Bao-ve-quyen-doi-voi-du-lieu-ca-nhan-trong-phap-luat-quoc-te phap-luat-o-mot-so-quoc-gia-va-gia-tri-tham-khao-cho-Viet-Nam.html, với thời gian truy cập vào ngày 30/4/2022.
In their 2021 study, Dương Kim Thế Nguyên and colleagues emphasize the need for legal reforms to enhance personal data protection in Vietnam's digital transformation They propose several measures, including the supervision of laws safeguarding minors and the development of standardized frameworks for organizations to follow in data protection practices Furthermore, the establishment of a dedicated department to handle notifications and complaints regarding personal data breaches is essential This initiative will empower individuals to take a proactive stance in safeguarding their personal information from potential threats.
To enhance personal data protection in Vietnam, it is essential to further develop and refine the legal framework governing this area Strengthening these laws will enable more effective safeguarding of personal data against increasingly complex threats.
In Chapter 3, the author evaluates the successes and shortcomings of Vietnamese legal frameworks concerning personal data protection, highlighting issues such as a convoluted legal system and the need for a balanced approach to rights Additionally, the author provides recommendations aimed at enhancing the effectiveness of personal data protection laws in Vietnam.