According to Vietnam Plus yesterday, Ho Chi Minh City authorities are hopeful that their gross regional domestic process will be composed 25% of the digital economy. The plans are ambitious.
Accordingly, attention will be paid to raising public awareness of digital transformation; organising the implementation of digital transformation tasks and building digital government; and integrating and effectively exploiting data to serve the fight against COVID-19 pandemic, socio-economic recovery and development, and modern-oriented governance.
Specific action programmes will be mapped out and implemented, while the application of information technology will be accelerated across fields in association with ensuring information security and safety in building digital government, economy and society.
Investments will be strongly poured into human resources development, focusing on training and fostering cadres, civil servants and public employees.
The directive was issued by the standing board of the municipal party committee. As with most directives from party folks, the three paragraphs above comprise the main gist of the thing. and for those familiar with the data protection issues, it is cause for concern.
“Attention will be paid [to] effectively exploiting data to serve the fight against Covid-19 pandemic, socio-economic recovery and development, and modern oriented governance.”
Without a proper understanding of what the government intends to do regarding the protection of personal data of its citizens as the draft decree on personal data protection is still gestating in Hanoi, one must contemplate what powers the government of Ho Chi Minh City will obtain in its efforts to comply.
Existing data protection laws in Vietnam are primarily founded on the requirement that the data collector/user get the permission of the data subject prior to its disclosure, transfer, or other use. And while this is somewhat carried through into the draft decree, the role of the government as a data collector is ill defined. One thing that is clear, government authorities may request access to collected data. The instances when the collection of data collected by corporate providers can be obtained by the government are not well set out. And what role the government plays in actually collecting its own data on citizens? Well. Me oh my.
The boost in digital economy from (an estimated 14% of GRDP in 2022 to 25% in 2025) will not only give rise to situations in which the government will want access to data from corporates, but it will also provide myriad types of data that the government can collect and collate and analyze and transfer and abuse.
This gives rise to the famous question of who watches the watchmen?
- Human resources development and tracking;
- Public health information;
- Information regarding the movement of peoples;
- Utilities consumption;
- Economic status;
- Relationship data;
- Identification details;
- Financial movement;
- Online activity;
- Life-rhythms details (sleep, eat, drink);
Off the top of my head, there are ten potential categories of data that the government could collect on its citizens. And in most of those cases, they will not have to notify the data subjects of the fact, or the final disposition of, that data.
There are benefits. Analysis of traffic flows can lead to changes that will reduce gridlock and traffic jams in the urban center. Public health information will allow authorities to determine the best approach to react to threats like Covid-19 and monkeypox. General statistical information can be generated on demographics and wealth flows. There are many benefits to the collection of data, but with the development of AI and its implicit bias, one has to wonder in what position is a citizen in relation to its government in the collection and use of personal data?
To date, the most visible response by world governments is to act as a watch dog. They pass legislation and implement policing that will prevent the abuse of the personal data of their citizens by bad actors (EU, California). But there are also instances where the government has sought to utilize data on its citizens in nefarious and questionable ways (Xin Jiang, Egypt, North Korea). Between these two extremes is a spectrum of different approaches. In Vietnam, as seen in the new Decree on Cybersecurity issued last month, the government demonstrates a degree of protectiveness over its citizens in the requirement of retaining local data within the geographical territory of the country. This has made them one of only a handful of countries to do so. But to what end?
While I don’t want to write a dystopian missive in this post, the digitalization of the economy and the move towards adoption of the internet of things, AI, blockchain and the metaverse can’t fail but to strike a discordant note. In many instances, the collection of data for use by the authorities is legitimate and necessary. But there reaches a point where the intrusion into a citizen’s privacy may cross the line of acceptability.
It’s a conundrum stretching back decades when science fiction authors sold their imaginations on paper as they described societies in which government observation and intrusion into individuals’ lives exceeded all reason. I feel fairly confident that Vietnam will not walk down that path. Why?
Vietnam has already gone down that road and found it didn’t work. With Doi Moi and the gradual opening of the country’s economy (including the drafting and promulgation of thousands of regulations) Vietnam has seen the benefits of living as a global citizen rather than as one isolated by ideology. FDI, cross-border trade, gigantic trade inequities that scale in Vietnam’s favor, the recent hints towards easing up on certain minority groups (see the announcement that LGBT peoples are not sick), and a dozen more instances of progress both economically and socially have shown Vietnam that if it wishes to continue this forward momentum it must walk a thin line between data oppression and data liberty.
Since the second half of the 2020s, Vietnam has seen major GDP growth. With the inevitable digitalization of the world, and Vietnam’s economy, it does need to address these issues. What will the government be allowed to do in collecting and using its citizens’ data? Will that data be used for the betterment of the population or of the politicians and the wealthy who are in a position to enter into agreements that may involve data sharing? What recourse will a citizen have if the use of his data by the government causes him, or others, harm?
It will be interesting to see the final version of the decree on personal data protection and hopefully gain a greater understanding of the government’s relationship with its citizens regarding their personal data.