Vietnam’s draft of a new data protection law has sparked pushback from US tech companies, who have been eyeing the country as one of Asia’s leading growth markets.
The tech companies primarily object to what would be stringent international data transfer terms, and the ability of the government to demand that data be turned over in “the public interest.” Meta, Google and others have been considering new data center projects in the country, decisions that they say could now be influenced by what Vietnam’s government decides at the end of November.
Tech companies may cool on Vietnam market if China-like compliance requirements come online
The draft data protection law is currently up for discussion before Vietnam’s parliament, currently set for a vote on November 30. While many countries now look to Europe’s General Data Protection Regulation (GDPR) as a model for their own new regulations, the scheme Vietnam is considering has some similarities to China’s stringent set of laws. Primarily in that tech companies setting up shop in the country would have to allow the Vietnamese government to access their data in broadly defined cases of “public interest,” something that may well be a non-starter for those interested in building data centers there.
The Information Technology Industry Council, which represents some of the world’s biggest tech companies, is leading the charge on this. US tech companies are not just interested in regional data centers, but in the country’s population of 100 million and an information tech market projected to grow to $36.06 billion by 2029. Much of this recent explosion of growth is owed to the country’s National Digital Transformation Program, initiated in 2021 and running through 2025 with the goals of training one million tech workers and supporting both government and small and medium-sized enterprises in modernizing and innovating.
The US tech companies oppose what they call an “undue expansion of government access,” but also a requirement that they seek permission before being allowed to send local data overseas. The proposed data protection law also has vague and expansive terms here, allowing this requirement to be put on anything determined to be “core” or “important” data.
Vietnam’s ministry of public security and the information ministry have reportedly been pushing the strenuous terms, but have yet to issue a public comment on the data protection law. The country has been eyed by tech companies as an Asian regional data center haven as laws restricting foreign ownership are set to expire in 2025, but the terms indicate that the ruling Communist Party is not quite ready to be “open for business” in this way without retaining the same level of control it would have over domestic firms.
Government insistence on access could turn data protection law into business deterrent
The American Chamber of Commerce in Hanoi has jumped in on behalf of US tech companies, petitioning the government to amend the data protection law before passing it. The organization argues that as it stands, the rules would cause significant compliance challenges and potentially drive business from the country. The Chamber called the legislative process “rushed” and urged the government to take more time in review.
Google has been public with its interest in establishing a data center in South Vietnam, where it already has some of its Pixel smartphone assembly operation. The “hyperscale” data center is planned to be near the economic center of Ho Chi Minh City, and Google said that demand for services such as YouTube specifically drew its attention to the country. Alibaba also expressed interest in building a similar facility in the area earlier this year. The only major data centers that presently exist in Vietnam are owned by state-run companies.
Neighboring China, similarly run by an authoritarian Communist party, provides some example of the potential pitfalls of subjecting foreign tech companies to onerous data protection law that threaten to invade both data subject and company privacy. Many major tech companies do retain a presence in China, but this has become much more for manufacturing purposes than any sort of data handling. Over the past few years the country has gradually brought on stronger national security laws that require private companies to essentially allow the government free access to their data, and have also cracked down on transfers of Chinese citizen data outside of the country. This has caused companies such as IBM, Microsoft, BlackRock and Dell to either severely contract their physical presence there or to pull up stakes and leave entirely. And even manufacturing has been contracting recently as international companies re-evaluate their reliance on the country in light of geopolitical tensions, creating a direct economic boon for Vietnam and a number of other countries throughout Asia.
