Vietnam's Cyber Law Fuels Data Harvesting Concerns

Recent internal directives from Vietnamese government agencies, shared by cybersecurity professionals via industry forums, indicate a significant expansion of data collection mandates under the guise of national security and cybercrime prevention. The intelligence points to a new policy requiring major e-commerce platforms and social media providers operating in Vietnam to retain user data for up to three years, with broad access granted to law enforcement without requiring a warrant in 'urgent' cases. This directive, while framed as a counter-terrorism measure, has raised alarms among tech firms about potential data breaches due to insufficient security infrastructure at the receiving agencies. Furthermore, whistleblowers within these firms express concerns that this extensive data harvesting could be repurposed for domestic surveillance and the suppression of dissent, mirroring trends seen in other regional authoritarian states. The lack of robust data protection regulations in Vietnam amplifies these risks.