On the Responsibility of Media and Press Agencies for Protecting Personal Information

* In the field of post and telecommunications

- Clause 10, Article 29 of the 2010 Postal Law stipulates that postal service providers are not allowed to disclose information about the use of postal services by organizations and individuals, except in the cases specified in Article 14 of this Law, specifically: There is a basis to determine that the postal item is related to or leads to a violation of the law on national security or other serious violations of the law; The postal item is related to a criminal case in which the inspection, handling of the postal item and the request for information on the use of postal services are permitted by law.)

- Clause 4, Article 6 of the 2009 Telecommunications Law stipulates that telecommunications enterprises are not allowed to disclose private information related to telecommunications service users, including name, address, calling number, called number, calling location, called location, call time and other private information that users have provided when entering into a contract with the enterprise, except in the following cases:

+ Telecommunication service users agree to provide information;

+ Telecommunications businesses have written agreements with each other on exchanging and providing information related to telecommunications service users to serve the purpose of calculating rates, making invoices and preventing acts of evading contractual obligations;

Maybe you are interested!

• Enhancing the Role and Responsibility of the Media in Preventing and Detecting "Immoral" Manifestations in Banking Business, Detecting and Reporting
• Press and media on Vietnam's state administrative reform policy - 26
• The right to inviolability of private life in Vietnamese law - 2
• Lessons on the Division of Responsibility Between the State and the Private Sector
• Tourism Promotion Media in the Press

+ When requested by a competent state agency as prescribed by law.

- Circular No. 06/2008/TTLT-BTTTT-BCA on ensuring infrastructure safety and information security in postal, telecommunications and information technology activities stipulates that postal, telecommunications and information technology enterprises are responsible for ensuring the confidentiality of private information related to users of postal, telecommunications and information technology services according to the provisions of law (point i, section 3.III).

* In the medical field

- Medical laws all stipulate the responsibility of doctors and medical staff in keeping the patient's condition and personal information related to the patient confidential, for example: Clause 3, Article 33 of the Law on Prevention and Control of Infectious Diseases 2007; Clause 3, Article 25 of the Law on Prevention and Control of Human Immunodeficiency Virus (HIV/AIDS) 2006; Clause 5, Article 37 of the Law on Medical Examination and Treatment 2009...

- Decree No. 10/2015/ND-CP Decree on giving birth by in vitro fertilization and conditions for surrogacy for humanitarian purposes stipulates that medical examination and treatment facilities are not allowed to provide the name, age, address and image of the sperm donor (Clause 3, Article 4); if the sperm, egg or embryo donor later wants to donate the sperm, egg or embryo storage facility to another person, the storage facility must use measures to encrypt information about the donor. In case of donation for scientific research purposes, there is no need to encrypt information (Clause 5, Article 21).

- In addition, legal documents in the health sector also stipulate the responsibilities of health insurance organizations; social insurance agencies; health insurance medical examination and treatment facilities in storing records of health insurance and social insurance participants and providing relevant information at the request of competent state agencies (Clause 10.45, Article 41, Clause

2.46 Article 43 of the Law on Health Insurance 2009, amended and supplemented in 2014; Article 23 of the Law on Social Insurance 2014).

* In the criminal field

- The 2015 Criminal Procedure Code has provisions on the responsibility to preserve means, documents, objects, electronic data, letters, telegrams, parcels, and postal items that are seized, temporarily detained, or sealed (Article 199); obligations of the defense attorney (Article 73), specifically: the defense attorney must not disclose investigation secrets that he/she knows while performing the defense; must not use documents that have been

Record or photocopy in case files for the purpose of infringing upon the interests of the State, public interests, rights and legitimate interests of agencies, organizations and individuals; do not disclose information about the case or the accused that you know when defending, unless this person agrees in writing and do not use that information for the purpose of infringing upon the interests of the State, public interests, rights and legitimate interests of agencies, organizations and individuals.

* In the administrative field

- According to the provisions of the 2015 Law on Administrative Procedures, the agency conducting the proceedings and the person conducting the proceedings must keep personal secrets at the legitimate request of the parties (Clause 3, Article 22); must not disclose confidential information that they know when conducting the appraisal or notify the appraisal results to others, except for the person who decided to request the appraisal (Point e, Clause 2, Article 63).

- Legal documents on denunciation also stipulate the responsibility of competent agencies, organizations and individuals to ensure confidentiality of information for denouncers (Clause 1, Article 5 of the 2011 Law on Denunciation; Article 13 of Decree No. 76/2012/ND-CP detailing the implementation of a number of articles of the Law on Denunciation; Clause 1, Article 14 of Decree No. 04/2015/ND-CP on implementing democracy in the activities of state administrative agencies and public service units...).

- The 2014 Law on Civil Status stipulates that the agency managing the Civil Status Database is responsible for ensuring personal confidentiality in the Civil Status Database (Clause 2, Article 61).

- The 2014 Law on Citizen Identification stipulates that the citizen identification management agency must ensure the safety and confidentiality of information in the National Population Database and the Citizen Identification Database (Clause 4, Article 6); the person assigned to collect and update information and documents is responsible for preserving and securing relevant information and documents; must not modify, erase or damage documents and must be responsible for the accuracy and completeness of the updated information (Point b, Clause 2, Article 13).

* In the fields of trade, finance, banking

- Currently, legal documents on commerce, finance, and banking all stipulate that traders, organizations, and related individuals are responsible for complying with regulations on protecting customers' personal information (Articles 27, 36, and 41 of Decree No. 52/2013/ND-CP on e-commerce; Article 85 of Decree No. 59/2009/ND-CP dated July 16, 2009 regulating the organization and operation of commercial banks; Article 14 of the Law on Credit Institutions 2010...).

* In the field of intellectual property

- The law on intellectual property stipulates the responsibility to keep confidential information related to the case that one represents (Point b, Clause 1, Article 35 of Decree No. 88/2010/ND-CP detailing and guiding the implementation of a number of articles of the Law on Intellectual Property and the Law amending and supplementing a number of articles of the Law on Intellectual Property on rights to plant varieties); intellectual property appraisers are responsible for keeping confidential the appraisal results, information and appraisal documents (Point e, Clause 4, Article 44 of Decree No. 105/2006/ND-CP detailing and guiding the implementation of a number of articles of the Law on Intellectual Property on the protection of intellectual property rights and state management of intellectual property).

2.3.1.9. On the responsibility of media and press agencies for protecting personal information

There are currently no regulations on this issue.

Responsibilities of businesses, organizations and state agencies in protecting personal information:

* In the field of network security, information technology

- Clause 1, Article 20 of the 2015 Law on Network Information Security stipulates the responsibilities of state management agencies in protecting personal information online, specifically: establishing an online information channel to receive recommendations,

Feedback from organizations and individuals related to ensuring personal information security on the Internet; annually organize inspections and examinations of organizations and individuals processing personal information; organize surprise inspections and examinations when necessary.

- Article 23 of Decree No. 85/2016/ND-CP on ensuring information system security by level stipulates the responsibilities of state management agencies, specifically the Ministry of Information and Communications as follows: appraising proposal documents for levels according to the authority specified in Point a, Clause 3, Article 12 of this Decree; drafting national standards, promulgating national technical regulations on ensuring information security by level...

- According to the provisions of Clause 2, Article 72 of the Law on Information Technology 2006, organizations and individuals are not allowed to perform one of the following acts: intrude, modify, or delete information content of other organizations and individuals on the network environment; crack, steal, or use passwords, encryption keys, and information of other organizations and individuals on the network environment; other acts that disrupt the safety and confidentiality of information of other organizations and individuals that is exchanged, transmitted, or stored on the network environment...

* In the criminal field

- Clause 2, Article 16 of Decree No. 20/2012/ND-CP regulating the database on criminal judgment execution stipulates: agencies, organizations and individuals provided with information on criminal judgment execution are responsible for using the information for the right purpose, must not provide or disclose information to third parties in any form and must promptly notify the competent data management agency of any errors in the data provided.

In addition, the laws on litigation, administration, commerce, and banking also have regulations on the responsibility to protect personal information of enterprises, organizations, and state agencies (Article 38 of the 2006 Law on Residence; Clause 2, Article 46 of the Law on

Electronic Transactions 2005; Clause 3, Article 38, Law on State Bank of Vietnam 2010; Article 13, Article 15, Article 254 of the Civil Procedure Code 2015; Article 125 of the Law on Intellectual Property).

2.3.2. Compatibility with international law and the laws of some countries

As analyzed in Chapter 1, the right to privacy protection is recognized by the laws of most countries in the world with different names and scopes. For example, the French Civil Code recognizes that everyone has the right to be respected and protected by law with many different names and scopes. On April 13, 1988, the French Supreme Court issued a ruling explaining the scope of privacy, including emotional life, friends, family, daily activities, political views, work, religious thoughts, and health status. According to French law, the scope of protection of an individual's privacy includes both information provided in public and in private places. However, if an individual proactively discloses such information, it is not considered a private secret. In Japan, the Court determines the infringement of the right to privacy based on the following criteria: (1) Relevant to personal life; (2) The individual wishes to keep it a secret; (3) It is not public information or knowledge; (4) It would seriously affect the individual if offended.

Article 17 of the 1966 International Covenant on Civil and Political Rights (ICCPR) and General Comment No. 16 affirm: No interference with private life shall be permitted except in cases provided for by law, that is, interference with private life may only be permitted on the basis of law and must comply with the provisions and purposes of the Convention.

However, in Vietnam, there are currently no exceptional regulations for the above cases; if there are, they are only limited to a few areas.

such as commercial transactions and contracts. Specialized legal documents mainly use the phrase “except where otherwise provided by law” to limit the leakage of specific regulations on cases of legal processing of personal information and privacy. The Vietnamese legal system also does not have general regulations on the processing of information on gender, sexual orientation, race, etc. like France or Korea.

Up to now, Vietnamese law has not yet provided an official definition of the concepts of private life, personal secrets, family secrets, nor has there been a separate law regulating private life like some countries. The provisions on this right are currently scattered in a number of legal documents. However, as analyzed in the above sub-sections, specialized legal documents of Vietnam have interpreted these concepts. For example, Article 33 of Decree 56/2017/ND-CP guiding the Law on Children 2016 explains that children's private life and personal secrets include: Name, age, personal identification characteristics, information about health status recorded in medical records, personal images, information about family members, child caretakers, personal assets, telephone numbers, personal mailing addresses, addresses, information about residence, hometown, address, information about schools, learning results and friends of children, information about personal services provided to children.

However, in general, the compatibility of Vietnamese law on human rights in general, and on the protection of private life in particular, with international law has been improved. The 2013 Constitution has recognized and extensively internalized many human rights recognized in international treaties, including international treaties directly related to the right to privacy such as the 1966 International Covenant on Civil and Political Rights (ICCPR); the 1989 Convention on the Rights of the Child; the 1989 Convention on the Rights of Persons with Disabilities.

2006... Compared to the 1992 Constitution, the 2013 Constitution added many completely new rights and amended and supplemented most of the inherited rights, including rights directly related to the protection of personal confidential information and privacy.

At the sub-constitutional level, current regulations on protecting the right to privacy also show relatively high compatibility with international law, such as the 2015 Law on Ensuring Network Information Security, the 2018 Law on Cyber ​​Security, the 2016 Law on Children, etc.

However, the common model in the world in general is to establish specialized, independent agencies with the function of supervising the implementation of the law on the right to privacy as well as guiding, explaining the law or resolving related issues. Meanwhile, in Vietnam, there are no regulations on the mechanism to ensure the implementation of this right, which is mainly guaranteed through the supervision mechanism of elected bodies, litigation activities in court and the mechanism for handling complaints and denunciations of the state administrative system from central to local levels.

In summary, based on the criteria of completeness, comprehensiveness, unity, synchronization, feasibility, clarity, and transparency, the limitations of the Vietnamese legal framework on the right to privacy can be identified as follows:

First: As mentioned in the above sections, this right is recorded in many legal documents, so it lacks focus, has uneven legal value, making it difficult to understand, look up, cite, access and enforce. The content of legal regulations on this right is still quite general, there is no specific definition of what “private life” is, and it has not been approached from the perspective of human rights. In addition, sanctions for violations of the inviolable right to private life are lacking and inappropriate.