However, it simultaneously triggers unprecedented legal challenges in safeguarding the rights and interests of individuals and organisations — particularly regarding data — demanding swift and decisive responses from the legal system.
High risk of data leakage
According to Dr Tran Anh Tuan of the Department of International Law and International Investment Dispute Settlement under the Ministry of Justice, the rapid expansion of cross-border trade, finance and services dramatically escalates the risks of data leakage, online fraud, cyberattacks, privacy violations, and other complex legal challenges.
Even in international payment transactions, significant risks persist, including fraud and impersonation; malware attacks that infiltrate systems to alter account numbers, or encrypt entire databases for ransom; account takeovers and transaction fraud; and the leakage of personal data and financial information.
Lawyer Phan Hoai Nam, Chief Executive Officer of W&A Consulting and an arbitrator at the Viet Nam International Arbitration Centre (VIAC), stressed that within the digital payment ecosystem, personal data serves not only as a means of identification but also as a core component at every stage of service operation, from transaction authentication to risk management.
A single transaction may involve multiple layers of information, including personal identification data, sensitive financial data, technical data, and behavioural data. When combined, these layers create a comprehensive digital profile of the user. Because payment data is directly linked to financial flows, any breach triggers immediate and devastating consequences, including financial theft or identity fraud.
Although many digital business activities inherently involve cross-border data transactions, users often remain entirely oblivious that their data is being transferred across borders. For example, when individuals in Viet Nam use social media platforms, search engines, e-commerce platforms, or cloud computing services provided by foreign companies, foreign companies routinely transmit their personal data to multiple countries for storage and processing.
This reality sharply heightens the risks of personal data misuse, data monopolisation, and a severe power imbalance between individuals and major technology platforms.
Hackers compromised more than 6.9 million accounts in the first quarter of 2026 alone, doubling the figure recorded during the same period in 2025.
In reality, the leakage, trading, and illegal use of personal data in Viet Nam are becoming increasingly complex, posing major risks to the lawful rights and interests of individuals and organisations, and to national security in the digital environment.
In the first quarter of 2026 alone, hackers compromised more than 6.9 million accounts, twice as many as in the corresponding period of 2025. Criminals weaponise this leaked data to engineer highly sophisticated fraud schemes, frequently impersonating victims’ relatives to exploit emotional vulnerabilities and drain their assets.
According to the Department of Cyber Security and High-Tech Crime Prevention under the Ministry of Public Security (A05), more than 30 variations of high-tech crime currently plague the digital space, where online fraudsters systematically harvest personal data before launching calculated asset appropriation schemes.
Building a risk-based governance framework
Against this backdrop, protecting the lawful rights and interests, and the data of Vietnamese individuals and organisations engaged in cross-border transactions has become an urgent priority. Resolution No. 66-NQ/TW on reforming law-making and law enforcement demands an overhauled the legal framework to better adapt to the digital environment, catalyse innovation, and simultaneously guarantee data security, data safety and national interests.
It provides an important political foundation for Viet Nam to shift from a purely administrative approach to data management towards a data governance model based on risk management, accountability, and technological oversight.
Deputy Minister of Justice Nguyen Thanh Tu stressed that data rapidly functions as a strategic resource capable of dictating national competitiveness and shaping a new development landscape. Viet Nam must therefore construct a rigorous governance framework designed to both neutralise risks — preventing data misuse, and the rise of “digital authoritarianism” — and aggressively harness technological breakthroughs to drive socio-economic development, elevate product and service quality, and sharpen the competitive edge of Vietnamese businesses.
Data rapidly functions as a strategic resource capable of determining national competitiveness and shaping a new development landscape. Viet Nam must therefore construct a rigorous governance framework designed to both neutralise risks — preventing data misuse, and the rise of “digital authoritarianism” — and aggressively harness technological breakthroughs to drive socio-economic development, elevate product and service quality, and sharpen the competitive edge of Vietnamese businesses.
Deputy Minister of Justice Nguyen Thanh Tu
According to Dr Ha Cong Anh Bao, Dean of the Faculty of Law at the Foreign Trade University, data in the cross-border digital trade environment is often stored across multiple technical systems and in different countries, leaving Vietnamese businesses with virtually zero direct control over the core data infrastructure of international digital platforms.
He therefore urged lawmakers to overhaul regulations governing the retention of transaction data, information disclosure obligations of intermediary entities, mechanisms for preserving electronic evidence, and the admissibility of electronic data in resolving cross-border disputes.
Regarding personal data, lawyer Nguyen Trong Hieu of Asia Legal LLC emphasised that while the 2025 Law on Personal Data Protection signals a significant paradigm shift in the legislative approach to personal data, it fundamentally fails to establish a comprehensive liability framework for joint data controllers in cross-border data transactions, define clear responsibility-sharing mechanisms, or provide sufficient jurisdictional enforcement powers over cross-border digital platforms.
Viet Nam's legal system currently wrestles with the daunting challenge of balancing three major objectives: protecting personal data rights, safeguarding digital security and sovereignty, and promoting the digital economy.
Despite notable strides, the existing legal framework remains heavily entrenched in an outdated administrative management mindset, lacking the flexibility, transparency, and international compatibility required for modern data governance.
From a policy perspective, Hieu argued that Viet Nam's personal data protection legislation must be actively anchored in a human rights-based approach in the digital environment, rather than focusing primarily on cybersecurity and information management in cyberspace.
He further demanded a decisive pivot away from traditional administrative management mindset towards a robust, risk-based, human rights-centred approach to data governance, paired with highly flexible regulatory mechanisms to manage complex cross-border data flows.