Vietnam could give tech companies one year to obey cyberlaw

HANOI: Vietnam may give internet companies like Google and Facebook one year to comply with a controversial cybersecurity law, according to a draft decree that outlines how the draconian bill could be implemented.

The cybersecurity bill, which observers say mimic China’s repressive web control tools, is set to come into effect in January despite drawing sharp criticism from the US, the EU and internet freedom advocates.

The bill would require tech companies to store data in the country, and remove "toxic content" from websites and hand over user information if asked by the government to do so.

Critics of the bill say it will be a chokehold on criticism in the one-party state where activists are routinely jailed and all independent media are banned.

According to a draft decree on how the law may be implemented, published by the Ministry of Public Security on Friday, companies offering internet services in Vietnam may be given 12 months to comply.

"Enterprises... must archive data and set up branches or representative offices in Vietnam," the decree said.

It did not outline the punishment for failing to comply, but any country in breach of the law could be barred from offering its services in Vietnam.

An enterprise can mean internet service providers, e-commerce sites, online payment firms and social networks. The draft decree added that companies must store user data in the country for at least 36 months.

Personal data required to be stored includes everything from a user’s name to passport number, medical records, credit card information and biometric data.

Google declined to comment Saturday, while Facebook did not immediately respond to a request from AFP. The public has two months to provide feedback on the decree, in line with Vietnamese law, though public comments have not traditionally led to dramatic alterations to proposed bills.