Seminar "Review of Local Governments’ Implementation of Personal Data Protection on Online Government-Citizen Interaction Interfaces"

The information was presented on the morning of June 28th during the seminar 'Review of Local Governments’ Implementation of Personal Data Protection on Online Government-Citizen Interaction Interfaces'. The seminar was held both virtually and directly by the United Nations Development Programme (UNDP) in Vietnam and the Institute for Policy Studies and Media Development (IPS).

In his remarks at the seminar, Mr. Nguyen Lam Thanh, Vice Chairman of the Vietnam Digital Communications Association, emphasized: 'Protecting personal data in the digital environment in general and on online government-citizens interaction interfaces in particular will strengthen people's trust and encourage their participation in the digital transformation process.'

Mr. Patrick Haverman, Deputy Resident Representative of UNDP in Vietnam, commended the government and localities for their extensive efforts in providing online public services. 'The COVID-19 pandemic has increased people's interaction in the digital space. However, the Viet Nam Provincial Governance and Public Administration Performance Index (PAPI) for 2020 and 2021 in Vietnam showed that only 3.5% of those surveyed reported using the national e-service portal,' Mr. Haverman noted.

Sharing a similar view with Mr. Thanh, Mr. Haverman emphasized that good practices in protecting citizens' personal data within the public sector are crucial in building trust in public e-services. 'Experience from developed countries shows that for successful digital transformation, it is essential to ensure principles of personal data protection according to United Nations standards, including: i) fair and legitimate processing; ii) purpose specification; iii) proportionality and necessity; iv) retention; v) transparency; vi) accountability,' he said.

At the seminar, the research team highlighted that some localities have made efforts to develop and implement various tools to protect personal data and, more broadly, privacy on platforms interacting with citizens. However, in general, provincial governments haven't shown sufficient interest in this issue. No locality has excelled in protecting personal data across different platforms; instead, only a few have shown specific good practices in certain aspects.

Only 4/63 government portals and 3/63 e-service portals have documents mentioning their privacy policies (also known as Regulations). Among the 50 provinces and cities using smart apps for citizen interaction, only 32 have posted privacy policies as required by Google Play and the Apple Store for their apps. It's evident that policies and tools related to protecting personal data on these portals and smart apps across provinces and cities are somewhat spontaneous, lacking a clear understanding of the importance of safeguarding citizens' privacy rights. Local authorities focus more on technical requirements for data safety and security and cybersecurity risks than on the privacy of personal data and users on these platforms. While it's easy to access local government documents online regarding information security, 59 government portals and 60 e-service portals lack documents concerning personal data protection. Moreover, most current platforms only ask users to confirm the accuracy of their provided information but lack tools for users to actively protect their privacy rights.

One of the most concerning issues highlighted by the assessment results is the misunderstanding and incorrect assignment of legal responsibilities among data managers. Specifically, legal responsibilities concerning personal data are often confused between the 'governing body' (Provincial People's Committee), the 'operating agency or unit' (Department of Information and Communications), and the businesses providing platform-building services. Without clear distinctions in roles and functions, the design and implementation of data protection processes become ineffective. Moreover, in cases of problems or incidents, there won't be a basis to determine who is responsible.

The study provides some suitable policy recommendations and legal enforcement suggestions for authorities at both central and local levels to enhance the protection of personal data on online government-citizens interaction interfaces platforms. In the short term, there's a need for regular assessments of how local governments enforce people's rights regarding personal data on platforms used for citizen interactions. Additionally, it's important to include criteria for evaluating personal data protection in the Digital Transformation Index at national, provincial, and ministerial levels. The Ministry of Information and Communications should develop national guidelines on personal data protection in the public sector and issue standardized regulations for e-platform privacy policies.