Vietnam’s data localization strategy is impacting its tech leadership
Vietnam has been making inroads and diversifying its forward-looking mentality in technological implementation and manufacturing capacities over the last couple of years. Now its regulatory environment is catching up, with the country’s data localization directives as part of the 2018 Cybersecurity Law finally going into effect in October.
The new law on October 1 will mandate all companies, foreign and domestic, with interests in major digital services like telecommunications, e-commerce, and online payments to store user data onshore. Covered under the data localization guidelines are information related to “users’ personal identities, financial records, digital footprints, and online connections and networks,” as per Nikkei Asia.
While Vietnamese tech startups have been developing their competencies at a rapid clip, and its manufacturing end has been establishing itself as a more cost-effective alternative with less political recriminations in contrast to traditionally dominant Chinese production that is now mired in geopolitical tension, the newer data localization rulings could possibly derail the positive sentiment and foreign direct investment (FDI) potential that the populous Southeast Asian economy has built up in recent years.
Multinational corporations active in the country will be given 12 months to comply with the new regulations, to be monitored by the Vietnam Communist Party’s Ministry of Public Security, with a compulsory requirement to establish locally registered offices in Vietnam “in the name of safeguarding national security, public order and the ‘legitimate interests’ of local individuals and organizations” points out Nikkei.
As China has faded into the background of FDI thanks to simmering political friction with the US (and the US’s powerful allies) and its controversial zero-COVID policy, and Vietnam has risen up in its place with a younger working-age population of 98 million – the workforce is less skilled and less technologically-advanced than China’s, but makes up for it with cheaper labor and land costs that is attractive to big plant builders – it is ironic that Vietnam’s cybersecurity and data localization decrees would mirror China’s in cracking down on “content that infringes national security, propagandizes against the state; incites violence; disrupts security or public order; is humiliating or slanderous” as noted by law firm Tilleke & Gibbins.
There is some ambiguity as to how these far-ranging laws would be enforced, but as pointed out by Tilleke & Gibbins, would also encompass the localization of data found in cloud storage, intermediary payment gateways, online transportation platforms, e-sports, social media, and “services of providing, managing, or operating other information in cyberspace in the form of messages, phone calls, video calls, email, or online chat.”
The broad collection and storage of personal data, including from major platforms like Facebook and Youtube which are so heavily used that they are major drivers of social discourse in Vietnam, could be interpreted as being outside the domain of business interests that major international companies might want to be associated with.
The unprecedented data localization changes have been drawing flak from US business groups since the rules became known, with a joint letter sent to Vietnam Prime Minister Pham Minh Chinh, the US Chamber of Commerce, the American Chamber of Commerce Hanoi, and the Asia Internet Coalition asking for clarification on the interpretation of much of the abstract language used in the clauses. Business and policy directors are speculating that how the rules are enforced could put companies at a competitive disadvantage, affecting their ability to attract vendors and certain types of customers.
The cost to quickly implement actions with potentially high overheads, such as recruiting local talent and building up a local office, is also worrying foreign entities who have been operating with a purely digital presence in the country for some time.
There also mounting concerns with Vietnam’s trade partners in the Comprehensive and Progressive Agreement for Trans-Pacific Partnership (CPTPP), like Canada and Japan. “Canada continues to urge Vietnam to implement its laws and regulations applicable to the transfer and storage/processing of data in a manner that is consistent with its commitments in Chapter 14: Electronic Commerce of the [CPTPP],” Global Affairs Canada Spokesperson Lama Khodr was quoted by Nikkei Asia, which also pointed out that the Japanese government had “expressed concerns” about data localization contravening CPTPP trade guidelines, and would be keeping a “close watch on the consistency between the Law on Cybersecurity and Vietnam’s obligations under relevant international agreements.”
It’s worth highlighting that the likes of Facebook and Youtube have gone along with previous requests from the Vietnamese government to take down content that could be deemed to be sensitive from the political and social spheres, but did not break any international laws.
A host of international players including Samsung, Apple, and NTT have invested heavily in Vietnamese production facilities, bringing in millions of dollars in FDI, and the emerging Southeast Asian economy risks endangering the influx that is helping turn the country into a regional powerhouse.
- Are your web applications secure? Barracuda reports high incident and breach involvement
- Teleport’s quest for next-day e-commerce delivery in Southeast Asia
- Here’s how AI can help businesses and job seekers
- Samsung’s leap: Securing 2nm AI chip deal, nipping at TSMC’s Heels
- FBI and UK crime agency finally disrupt Lockbit cyber-gang