{"id":14064,"date":"2026-02-02T09:02:18","date_gmt":"2026-02-02T02:02:18","guid":{"rendered":"https:\/\/cdlaf.vn\/?p=14064"},"modified":"2026-02-02T09:05:05","modified_gmt":"2026-02-02T02:05:05","slug":"new-standards-for-consent-and-the-burden-of-proof","status":"publish","type":"post","link":"https:\/\/cdlaf.vn\/en\/new-standards-for-consent-and-the-burden-of-proof\/","title":{"rendered":"New Standards for &#8220;Consent&#8221; and the Burden of Proof"},"content":{"rendered":"<p><em>The standards for data subject &#8220;Consent&#8221; have evolved significantly from <\/em><em>Decree No. 13\/2023\/ND-CP toward the Law on Personal Data Protection (2025) and <\/em><em>Decree No. 356\/2025\/ND-CP. This shift focuses on enhancing transparency and verifiability, while explicitly placing the burden of proof on the data controller\/processor.<\/em><\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone wp-image-11939 size-medium\" src=\"http:\/\/cdlaf.vn\/wp-content\/uploads\/2025\/07\/our-culture-711x400.jpg\" alt=\"\" width=\"711\" height=\"400\" srcset=\"https:\/\/cdlaf.vn\/wp-content\/uploads\/2025\/07\/our-culture-711x400.jpg 711w, https:\/\/cdlaf.vn\/wp-content\/uploads\/2025\/07\/our-culture-1400x787.jpg 1400w, https:\/\/cdlaf.vn\/wp-content\/uploads\/2025\/07\/our-culture-768x432.jpg 768w, https:\/\/cdlaf.vn\/wp-content\/uploads\/2025\/07\/our-culture-1536x864.jpg 1536w, https:\/\/cdlaf.vn\/wp-content\/uploads\/2025\/07\/our-culture-2048x1152.jpg 2048w\" sizes=\"auto, (max-width: 711px) 100vw, 711px\" \/><\/p>\n<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_82_2 counter-hierarchy ez-toc-counter ez-toc-custom ez-toc-container-direction\">\n<div class=\"ez-toc-title-container\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">Table of contents:<\/p>\n<span class=\"ez-toc-title-toggle\"><a href=\"#\" class=\"ez-toc-pull-right ez-toc-btn ez-toc-btn-xs ez-toc-btn-default ez-toc-toggle\" aria-label=\"Toggle Table of Content\"><span class=\"ez-toc-js-icon-con\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #a32411;color:#a32411\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #a32411;color:#a32411\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/span><\/a><\/span><\/div>\n<nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/cdlaf.vn\/en\/new-standards-for-consent-and-the-burden-of-proof\/#1_More_Specific_and_Logical_Methods_of_Expressing_Consent\" >1. More Specific and Logical Methods of Expressing Consent<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/cdlaf.vn\/en\/new-standards-for-consent-and-the-burden-of-proof\/#2_Clarification_of_the_%E2%80%9CVerifiability%E2%80%9D_Concept\" >2. Clarification of the &#8220;Verifiability&#8221; Concept<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/cdlaf.vn\/en\/new-standards-for-consent-and-the-burden-of-proof\/#3_New_Principles_to_Combat_%E2%80%9CDefault_Consent%E2%80%9D\" >3. New Principles to Combat &#8220;Default Consent&#8221;<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/cdlaf.vn\/en\/new-standards-for-consent-and-the-burden-of-proof\/#4_Burden_of_Proof_and_Storage_Obligations\" >4. Burden of Proof and Storage Obligations<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-5\" href=\"https:\/\/cdlaf.vn\/en\/new-standards-for-consent-and-the-burden-of-proof\/#SEND_CONSULTATION_REQUEST\" >SEND CONSULTATION REQUEST<\/a><\/li><\/ul><\/nav><\/div>\n<h2><span class=\"ez-toc-section\" id=\"1_More_Specific_and_Logical_Methods_of_Expressing_Consent\"><\/span>1. More Specific and Logical Methods of Expressing Consent<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>Decree 356 has specified the methods that data controllers\/processors may use to collect consent. These measures ensure the ability to verify the identity of the data subject, as well as the specific timing and content of the consent given.<\/p>\n<p>The methods include:<\/p>\n<ul>\n<li>In writing;<\/li>\n<li>Via recorded phone calls;<\/li>\n<li>Consent statements via text message (SMS);<\/li>\n<li>Via email, websites, platforms, or applications with technical settings designed to request consent;<\/li>\n<li>By other appropriate methods that can be printed or reproduced in writing, including electronic formats or other verifiable formats.<\/li>\n<\/ul>\n<h2><span class=\"ez-toc-section\" id=\"2_Clarification_of_the_%E2%80%9CVerifiability%E2%80%9D_Concept\"><\/span>2. Clarification of the &#8220;Verifiability&#8221; Concept<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>A significant advancement of Decree 356 is the clarification of the &#8220;verifiability&#8221; requirement for consent, thereby addressing the existing gaps under Decree 13\/2023\/ND-CP. Accordingly, when collecting consent from data subjects, businesses must be able to demonstrate, at a minimum, the following elements:<\/p>\n<ul>\n<li><strong>Who<\/strong>the data subject providing consent is;<\/li>\n<li><strong>When<\/strong>the consent was given;<\/li>\n<li><strong>The content and scope<\/strong>of the consent provided by the data subject.<\/li>\n<\/ul>\n<p>Consequently, a business&#8217;s responsibility does not end with merely collecting consent; it also includes the obligation to reconstruct the consent process upon request by regulatory authorities or in the event of a dispute. In practice, if these elements cannot be traced and verified, the consent is at risk of being deemed invalid.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"3_New_Principles_to_Combat_%E2%80%9CDefault_Consent%E2%80%9D\"><\/span>3. New Principles to Combat &#8220;Default Consent&#8221;<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>Decree 356 establishes, for the first time, a clear principle aimed at eliminating the &#8220;default consent&#8221; mechanism in personal data processing activities. Accordingly, the law strictly prohibits setting up default consent methods (such as pre-ticked boxes) or creating unclear instructions that cause confusion between consent and non-consent for the data subject.<\/p>\n<p>The core point is that users are only considered to have consented when they actively perform an action demonstrating their approval. Conversely, any method that &#8220;pushes&#8221; users into consenting through interface design, presentation, or workflow potentially carries a risk of violation. Compared to Decree 13\/2023\/ND-CP, this approach is expressed more clearly and directly, especially in the context of data collection models based on digital platforms.<\/p>\n<p>Example 1: Some account registration forms include lines such as &#8220;I agree to receive marketing information&#8221; or &#8220;I agree to share data with partners&#8221; with the boxes already pre-ticked. The user only needs to click &#8220;Register.&#8221; This case does not meet the requirements for valid consent due to the lack of an active action by the user.<\/p>\n<p>Example 2: Cookie banners on e-commerce websites\u00a0<\/p>\n<p>Many websites display cookie banners with a prominent &#8220;Accept&#8221; button, while the &#8220;Customize&#8221; or &#8220;Decline&#8221; options are blurred, placed in hard-to-see positions, or require multiple additional steps to find. This poses a risk of violation because the interface creates psychological pressure, causing users to tend to click &#8220;Accept&#8221; without making a truly proactive choice.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"4_Burden_of_Proof_and_Storage_Obligations\"><\/span>4. Burden of Proof and Storage Obligations<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>The obligation to store consent is a significant advancement of Decree 356, as it clearly codifies this responsibility for the first time. Accordingly, the data subject&#8217;s consent is not only a legal condition for data processing at the time it occurs but must also be stored as an independent legal record. Businesses are obligated to ensure the accessibility and provision of evidence of consent upon request during inspections or audits by competent authorities, or in the event of a dispute.<\/p>\n<p>In practice, the failure to store or prove consent may lead to the risk of being deemed as processing personal data without a valid legal basis, even if consent had previously been obtained from the data subject.<\/p>\n<p><strong><u>Recommendation:<\/u><\/strong>\u00a0The aforementioned changes indicate that businesses need to review their entire process for collecting, recording, and storing consent, particularly regarding digital interfaces, electronic forms, and operating IT systems. Consent management is no longer a mere formality; it has become a critical component of the compliance framework and personal data accountability.<\/p>\n<ul>\n<li>\n<h4><strong>Advisory email<\/strong> info@cdlaf.vn<\/h4>\n<\/li>\n<li>\n<h4><strong>Hotline:<\/strong> (+84) 909 668 216<\/h4>\n<\/li>\n<\/ul>\n<p><strong><em>Time<\/em><\/strong><strong><em> of writing<\/em><\/strong><em>: 02\/01\/2026<\/em><\/p>\n<p><em>The article contains general information which is of reference value, in case you want to receive legal opinions on issues you need clarification on, please get in touch with our Lawyer \u00a0at\u00a0 <a href=\"https:\/\/mail.google.com\/mail\" target=\"_blank\" rel=\"noopener\"><strong>info@cdlaf.vn<\/strong><\/a><\/em><\/p>\n<div class=\"content-post-nd\">\n<div style=\"text-align: center;\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-5519 size-full aligncenter\" src=\"http:\/\/cdlaf.vn\/wp-content\/uploads\/2023\/05\/CHUONG-TRINH-THANG.png\" alt=\"\" width=\"1080\" height=\"600\" srcset=\"https:\/\/cdlaf.vn\/wp-content\/uploads\/2023\/05\/CHUONG-TRINH-THANG.png 1080w, https:\/\/cdlaf.vn\/wp-content\/uploads\/2023\/05\/CHUONG-TRINH-THANG-720x400.png 720w, https:\/\/cdlaf.vn\/wp-content\/uploads\/2023\/05\/CHUONG-TRINH-THANG-768x427.png 768w\" sizes=\"auto, (max-width: 1080px) 100vw, 1080px\" \/><\/div>\n<\/div>\n<div class=\"content-post-nd\">\n<p><strong>Why choose CDLAF\u2019s service?<\/strong><\/p>\n<ul class=\"li-content\">\n<li>We provide effective and comprehensive legal solutions that help you save money and maintain compliance in your business;<\/li>\n<li>We continue to monitor your legal matters even after the service is completed and update you when there are any changes in the Vietnamese legal system;<\/li>\n<li>Our system of forms and processes related to labor and personnel is continuously built and updated and will be provided as soon as the customer requests it;<\/li>\n<li>As a Vietnamese law firm, we have a thorough understanding of Vietnam&#8217;s legal regulations, and grasp the psychology of employees, employers, and working methods at competent authorities;<\/li>\n<li>CDLAF&#8217;s team of lawyers has many years of experience in the field of labor and enterprises, as well as human resources and financial advisory.<\/li>\n<li>Strict information security procedures throughout the service performance and even after the service is completed.<\/li>\n<\/ul>\n<\/div>\n<p><strong style=\"color: #a32411;\">You can refer for more information:<\/strong><\/p>\n<ul>\n<li><a href=\"https:\/\/cdlaf.vn\/en\/artificial-intelligence-ai-and-personal-data-rights\/\">Artificial Intelligence (AI) and Personal Data Rights<\/a><\/li>\n<li><a href=\"https:\/\/cdlaf.vn\/en\/internal-control-responsibilities-and-data-sharing-within-organizations\/\">Internal control responsibilities and data sharing within organizations<\/a><\/li>\n<li><a href=\"https:\/\/cdlaf.vn\/en\/personal-data-protection-personnel-under-decree-356-in-house-implementation-or-hiring-professional-external-services\/\">Personal data protection Personnel under Decree 356: In-house Implementation or Hiring Professional External Services?<\/a><\/li>\n<li><a href=\"https:\/\/cdlaf.vn\/en\/conditions-for-the-transfer-of-data-to-partners-to-be-considered-valid\/\">Conditions for the transfer of data to partners to be considered \u201cvalid\u201d<\/a><\/li>\n<li><a href=\"https:\/\/cdlaf.vn\/en\/regulations-regarding-personal-data-under-current-personal-data-protection-law\/\">Regulations regarding Personal Data under current Personal Data Protection Law<\/a><\/li>\n<li><a href=\"https:\/\/cdlaf.vn\/en\/data-and-legal-considerations-in-outsourcing-contracts-part-1\/\">Data and Legal Considerations in Outsourcing Contracts (Part 1)<\/a><\/li>\n<\/ul>\n\n<div class=\"wpcf7 no-js\" id=\"wpcf7-f2681-o1\" lang=\"en-US\" dir=\"ltr\" data-wpcf7-id=\"2681\">\n<div class=\"screen-reader-response\"><p role=\"status\" aria-live=\"polite\" aria-atomic=\"true\"><\/p> <ul><\/ul><\/div>\n<form action=\"\/en\/wp-json\/wp\/v2\/posts\/14064#wpcf7-f2681-o1\" method=\"post\" class=\"wpcf7-form init\" aria-label=\"Contact form\" novalidate=\"novalidate\" data-status=\"init\">\n<fieldset class=\"hidden-fields-container\"><input type=\"hidden\" name=\"_wpcf7\" value=\"2681\" \/><input type=\"hidden\" name=\"_wpcf7_version\" value=\"6.1.5\" \/><input type=\"hidden\" name=\"_wpcf7_locale\" value=\"en_US\" \/><input type=\"hidden\" name=\"_wpcf7_unit_tag\" value=\"wpcf7-f2681-o1\" \/><input type=\"hidden\" name=\"_wpcf7_container_post\" value=\"0\" \/><input type=\"hidden\" name=\"_wpcf7_posted_data_hash\" value=\"\" \/>\n<\/fieldset>\n<h2 class=\"tt-form\"><span class=\"ez-toc-section\" id=\"SEND_CONSULTATION_REQUEST\"><\/span>SEND CONSULTATION REQUEST\n<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p><label>Full name<\/label><br \/>\n<span class=\"wpcf7-form-control-wrap\" data-name=\"full-name\"><input size=\"40\" maxlength=\"400\" class=\"wpcf7-form-control wpcf7-text wpcf7-validates-as-required\" aria-required=\"true\" aria-invalid=\"false\" value=\"\" type=\"text\" name=\"full-name\" \/><\/span><br \/>\n<label>Email<\/label><br \/>\n<span class=\"wpcf7-form-control-wrap\" data-name=\"email\"><input size=\"40\" maxlength=\"400\" class=\"wpcf7-form-control wpcf7-email wpcf7-validates-as-required wpcf7-text wpcf7-validates-as-email\" aria-required=\"true\" aria-invalid=\"false\" value=\"\" type=\"email\" name=\"email\" \/><\/span><br \/>\n<label>Phone Number<\/label><br \/>\n<span class=\"wpcf7-form-control-wrap\" data-name=\"phone\"><input size=\"40\" maxlength=\"400\" class=\"wpcf7-form-control wpcf7-tel wpcf7-text wpcf7-validates-as-tel\" aria-invalid=\"false\" value=\"\" type=\"tel\" name=\"phone\" \/><\/span><br \/>\n<label>Message<\/label><br \/>\n<span class=\"wpcf7-form-control-wrap\" data-name=\"coment\"><textarea cols=\"40\" rows=\"10\" maxlength=\"2000\" class=\"wpcf7-form-control wpcf7-textarea\" aria-invalid=\"false\" name=\"coment\"><\/textarea><\/span><br \/>\n<input class=\"wpcf7-form-control wpcf7-submit has-spinner btn-yellow\" type=\"submit\" value=\"Send\" \/>\n<\/p><div class=\"wpcf7-response-output\" aria-hidden=\"true\"><\/div>\n<\/form>\n<\/div>\n\n","protected":false},"excerpt":{"rendered":"<p>The standards for data subject &#8220;Consent&#8221; have evolved significantly from Decree No. 13\/2023\/ND-CP toward the Law on Personal Data Protection (2025) and Decree No. 356\/2025\/ND-CP. This shift focuses on enhancing transparency and verifiability, while explicitly placing the burden of proof on the data controller\/processor. 1. More Specific and Logical Methods of Expressing Consent Decree 356&#8230;<\/p>\n","protected":false},"author":4,"featured_media":11939,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[64],"tags":[],"class_list":["post-14064","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-articles"],"acf":[],"_links":{"self":[{"href":"https:\/\/cdlaf.vn\/en\/wp-json\/wp\/v2\/posts\/14064","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/cdlaf.vn\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cdlaf.vn\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cdlaf.vn\/en\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/cdlaf.vn\/en\/wp-json\/wp\/v2\/comments?post=14064"}],"version-history":[{"count":2,"href":"https:\/\/cdlaf.vn\/en\/wp-json\/wp\/v2\/posts\/14064\/revisions"}],"predecessor-version":[{"id":14066,"href":"https:\/\/cdlaf.vn\/en\/wp-json\/wp\/v2\/posts\/14064\/revisions\/14066"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cdlaf.vn\/en\/wp-json\/wp\/v2\/media\/11939"}],"wp:attachment":[{"href":"https:\/\/cdlaf.vn\/en\/wp-json\/wp\/v2\/media?parent=14064"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cdlaf.vn\/en\/wp-json\/wp\/v2\/categories?post=14064"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cdlaf.vn\/en\/wp-json\/wp\/v2\/tags?post=14064"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}