Protection of personal data in marketing and advertising under the Draft Law on Personal Data Protection
In the era of rapid technological advancement, personal data has become a valuable asset, yet it is also susceptible to various security and privacy risks. To address these challenges, the Draft Law on Personal Data Protection has introduced stringent regulations to safeguard personal information across various critical sectors, including labor, education, finance, and e-commerce. These regulations not only ensure citizens’ privacy but also aim to create a secure and transparent legal environment for organizations and businesses.
This article will analyze the provisions on personal data protection in several key areas, thereby providing a deeper understanding of the responsibilities and rights of both users and stakeholders in data processing.
1. Protection of personal data in marketing services business
Protecting personal data in the marketing services business is one of the important issues focused on by the Draft Law on Personal Data Protection. Accordingly, organizations and individuals operating in the marketing field must strictly comply with the regulations on collecting and using customer data to ensure the rights and privacy of users, under which:
Data usage must comply with regulations: Marketing service businesses are only allowed to use personal data of customers that they have collected through legitimate business activities. All actions related to this data must comply with the provisions on the rights of data subjects, especially the rights to protect personal information as stipulated in Article 9 of the Law.
Customer consent is mandatory: The processing of personal data for marketing purposes can only be carried out with the explicit consent of the customer. This requires that the customer clearly understands the content, methods, forms, and frequency of marketing campaigns. This regulation ensures transparency and prevents customers from being disturbed in an unwanted manner.
Compliance with spam and SIM card regulations: The use of personal data for marketing purposes must comply with legal regulations related to preventing spam and SIM card abuse. This is to prevent the misuse of personal data for illegal marketing activities that disturb consumers.
Right to opt-out of marketing communications: A crucial point in the regulations is that customers have the right to request to stop receiving marketing communications. Upon receiving a request from the data subject, organizations and individuals operating marketing services must immediately cease sending marketing communications to the customer.
No authorization of marketing to other organizations: The law strictly prohibits the hiring or contracting with a third party to perform or assist in marketing activities on behalf of the main organization. This regulation aims to tightly control the process of using personal data and ensure security, preventing data from being misused by organizations that do not have direct responsibility.
Responsibility for proof of compliance: Ultimately, organizations and individuals operating marketing services are responsible for proving that they have used personal data in accordance with the provisions of this Article. This ensures transparency and legality in all marketing activities involving personal data.
2. Protection of personal data in behavioral or targeted advertising services
The Draft Personal Data Protection Law presents important regulations regarding the protection of personal data in behavioral or targeted advertising activities. This is an area where the collection and use of user personal data occurs frequently, requiring transparency and ensuring the rights of data subjects. These regulations are not only aimed at protecting privacy but also ensuring the legality of advertising business activities. Accordingly, if the Personal Data Protection Law draft comes into effect, the following points are what businesses operating advertising services will need to pay close attention to:
Data collection only with consent: Organizations and individuals operating behavioral advertising services are only permitted to collect personal data through website or application tracking with the explicit consent of the data subject. This helps ensure users’ control over their personal information and prevents unauthorized or non-transparent data collection.
Right to opt-out of data sharing: Organizations and individuals providing advertising services must establish a mechanism allowing users to opt out of data sharing in various contexts. This not only enhances security but also empowers users to make decisions about how their data is used for specific purposes, thereby ensuring transparency and voluntariness in data processing.
Data usage must be for the intended purpose: The regulations clearly state that organizations are only allowed to use personal data collected through their business activities for the specific purpose of behavioral or targeted advertising. This prevents the use of data beyond the agreed scope and protects users from irrelevant or intrusive advertising.
Ensuring data subject rights: All activities of collecting and using personal data for advertising purposes must strictly comply with the data subject rights as stipulated in Article 9 of the Draft Personal Data Protection Law. This regulation affirms the privacy and freedom of users in controlling their personal data, ensuring that all advertising business activities must comply with the prescribed legal standards.
Protecting personal data in behavioral or targeted advertising plays a crucial role in the context of rapid technological development. The regulations in the draft Personal Data Protection Law not only ensure users’ control over their information but also aim for transparency and accountability of organizations and individuals operating in this field. This contributes to building a healthy and safe business environment for users and protects the rights of data subjects.
The draft Personal Data Protection Law has introduced detailed and strict regulations regarding the protection of personal data in the field of marketing and advertising. These regulations not only ensure the privacy and freedom of users in controlling their personal information but also create a transparent legal framework for organizations and businesses operating in this field. Compliance with these regulations will help marketing and advertising businesses build trust with customers and avoid legal violations related to personal data rights. The balance between business interests and protecting user rights is the key to sustainable development in the current digital environment.
Time of writing: 15/10/2024
The article contains general information which is of reference value, in case you want to receive legal opinions on issues you need clarification on, please get in touch with our Lawyer at info@cdlaf.vn
Why choose CDLAF’s service?
- We provide effective and comprehensive legal solutions that help you save money and maintain compliance in your business;
- We continue to monitor your legal matters even after the service is completed and update you when there are any changes in the Vietnamese legal system;
- Our system of forms and processes related to labor and personnel is continuously built and updated and will be provided as soon as the customer requests it;
- As a Vietnamese law firm, we have a thorough understanding of Vietnam’s legal regulations, and grasp the psychology of employees, employers, and working methods at competent authorities;
- CDLAF’s team of lawyers has many years of experience in the field of labor and enterprises, as well as human resources and financial advisory.
- Strict information security procedures throughout the service performance and even after the service is completed.
You can refer for more information:
- Distinguishing Between Labor Outsourcing and Service Provision
- Is it allowable for a business to transform foreign loans into capital contributions?
- How does the draft Personal Data Protection Law regulate the consent rights of data subjects?