The Ministry of Public Security’s (MPS) recent lawmaking efforts are increasingly resembling a farce. It recently proposed penalizing individuals who fail to protect their own personal data with fines ranging from 50 to 70 million đồng (roughly $2,100 to $2,900 USD). [1]
This proposal is explicitly detailed in Clause 1, Article 58 of the draft decree on administrative sanctions in the fields of cybersecurity and personal data protection: [2]
“1. A fine of between 50,000,000 đồng and 70,000,000 đồng shall be imposed for one of the following acts:
a) The data subject fails to protect their own personal data;”
Consequently, the people of Việt Nam may soon find themselves starring in a darkly comic Tết skit:
– Officer, my personal information has been leaked online.
– All right, please sign this report.
– Wait, why is this a 70-million-đồng fine?
– Because you did not protect yourself.
No further commentary is needed; the punchline writes itself.
An Infringement on the Right to Self-determination
At its core, this provision from the MPS contradicts a fundamental principle of any legal system: a citizen’s right to self-determination.
Under various legal frameworks, personal data is treated as a personal right or even a form of property. [3]
Regardless of the exact interpretation, rights over personal data are inherently tied to individual autonomy; what people choose to do with their data is fundamentally their own business.
This aligns with the harm principle, a key foundation of civil law, which dictates that individuals are free to act as they please as long as they do not harm others.
The legal system prioritizes safeguarding personal autonomy, giving individuals the freedom to control and dispose of their property and personal rights without interference, provided their actions do not cause societal harm.
This respect for autonomy is why many countries recognize the right to euthanasia, allowing individuals to make decisions concerning their life and death. [4] Even if a person takes their life out of desperation, it cannot be legally considered “murder,” as it falls within a sphere of personal autonomy that exempts the individual from self-liability.
Rights over personal data follow an identical logic. If an individual inadvertently exposes their own private information, harming only themselves, there is no logical basis for punishment. It is as absurd as being fined for losing your motorbike simply because you failed to safeguard your property.
Blaming the Victim
While the MPS’s draft might provide a brief moment of dark comedy, it ultimately reveals a profound moral inversion within the provision.
Consider the nightmare of malicious actors exposing and exploiting an individual’s sensitive data online. If that victim reaches out to the authorities for assistance and instead faces a 70-million-đồng ($2,900 USD) penalty, the devastation would be absolute. It is the equivalent of someone assaulting you and then blaming you for the attack—a textbook example of victim-blaming.
Such a provision undermines fundamental moral and legal norms. Standard legislative frameworks are designed to assign primary responsibility to perpetrators and the organizations that process or control personal data. They aim to protect individuals, who are inherently the weaker party despite holding the original rights to their information.
This protective approach is the common legislative philosophy regarding personal data around the world. The Ministry of Public Security’s current proposal blatantly contradicts this logic.
This raises a glaring question: among all the government ministries in Việt Nam today, which one actually holds the largest volume of personal data belonging to its citizens?
Đan Thanh wrote this article in Vietnamese and published it in Luật Khoa Magazine on March 31, 2026. Đàm Vĩnh Hằng translated it into English for The Vietnamese Magazine.
1. Danh Trọng. (2026, March 26). Mua, bán dữ liệu cá nhân có thể bị phạt 70-100 triệu đồng. TUOI TRE ONLINE. https://tuoitre.vn/mua-ban-du-lieu-ca-nhan-co-the-bi-phat-70-100-trieu-dong-20260326133923457.htm
2. LuatVietnam. (2026, March 18). Dự thảo Nghị định xử phạt vi phạm hành chính trong an ninh mạng và bảo vệ dữ liệu. LuatVietnam. https://luatvietnam.vn/hanh-chinh/du-thao-nghi-dinh-xu-phat-vi-pham-hanh-chinh-trong-an-ninh-mang-va-bao-ve-du-lieu-428899-d10.html
3. Đan Thanh. (2025, October 23). Redefining Data: Property Rights, Personal Rights, and State Power in Việt Nam. The Vietnamese Magazine. https://thevietnamese.org/2025/10/redefining-data-property-rights-personal-rights-and-state-power-in-viet-nam/
4. VnExpress. (2020, September 7). Những quốc gia cho phép “chết êm ái.” vnexpress.net. https://vnexpress.net/nhung-quoc-gia-cho-phep-chet-em-ai-4158004.html
