Decree No. 47/2020/ND-CP the management, connection and sharing of digital data of state agencies

DECREE

Prescribing the management, connection and sharing of digital data of state agencies^[1]

Pursuant to the June 19, 2015 Law on Organization of the Government;

Pursuant to the June 29, 2006 Law on Information Technology;

Pursuant to the November 29, 2005 Law on E-Transactions;

Pursuant to the April 6, 2016 Law on Access to Information;

At the proposal of the Minister of Information and Communications;

The Government promulgates the Decree prescribing the management, connection and sharing of digital data of state agencies.

Chapter I

GENERAL PROVISIONS

Article 1.Scope of regulation

1. This Decree prescribes the management, connection and sharing of digital data of state agencies, covering management and administration of digital data; connection and sharing of digital data; and use and exploitation of digital data of state agencies; provision of open data of state agencies to organizations and individuals; and rights and responsibilities in the connection and sharing of digital data of state agencies.

2. This Decree does not apply to the sharing of digital data containing information classified as state secrets prescribed in the Law on Protection of State Secrets. The sharing of digital data containing information classified as state secrets must comply with current regulations.

Article 2.Subjects of application

This Decree applies to state agencies, including ministries, ministerial-level agencies, government-attached agencies, and People’s Committees at all levels; and organizations and individuals that exploit and use digital data of and shared by state agencies in accordance with law.

Article 3.Interpretation of terms

In this Decree, the terms below are construed as follows:

1. Digital data means data in the form of signs, scripts, numerals, images or sound, or a similar form and demonstrated by digital signals. Digital data carry digital information and may be shared in the form of data messages. In this Decree, data are construed as digital data.

2. Structure of exchanged data means the structure of data messages that are exchanged among information systems and databases.

3. Data sharing services means services of providing and sharing data to agencies, organizations and individuals for exploitation or receiving data from agencies, organizations and individuals via information systems. In an information system, data sharing service is an interaction interface of software serving the connection and sharing of data messages with outside systems.

4. Open data of state agencies means data widely published by competent state agencies to agencies, organizations and individuals for free use, republish or sharing. In this Decree, open data are construed as open data of state agencies.

5. Sharing of default data means the regular sharing of data among state agencies according to a simple process, whereby state agencies make data sharing services available and provide data with standardized structure for exchange via data sharing services to different state agencies for use.

6. Data sharing upon request means the sharing of data to other state agencies for use upon their specific request, for data not available for popular use by different state agencies. This form of data sharing requires technical coordination of involved parties in making infrastructure, technical and technological preparations for processing or creating data for sharing.

7. Data about shared lists means data about lists and classification code lists issued by competent state agencies which are shared for common use in information systems and databases, ensuring synchronous and unified integration, exchange and sharing of data.

8. Open format means a format of files or data messages prescribed under technical declarations of standardization organizations. The use of such technical declarations is restriction-free.

9. Master data means data carrying the most fundamental information for identifying and describing core and independent operations entities.

10. National Data Portal, at data.gov.vn, means a hub for information and data access serving the announcement of open data and provision of information about sharing of data of state agencies; and provision of data processing and exploitation documents, services, tools and applications announced by state agencies.

Article 4.Legal validity of shared data

The legal validity of shared data in data messages is the legal validity of data messages prescribed in Section 1, Chapter II of the Law on E-Transactions and relevant regulations.

Article 5.General principles of data management, connection and sharing

1. Data formed in operations of state agencies shall be shared to serve operations of state agencies toward serving people and enterprises that comply with law in data creation, management and use.

2. State agencies shall share data with other agencies, organizations and individuals in accordance with law; refrain from providing information in the form of document if such information has been exploited via data connection and sharing among information systems; refrain from collecting, or organizing the re-collection of, data, or requesting people or enterprises to provide information and data in the process of carrying out administrative procedures if such data have been provided or made available for provision by other state agencies via data connection or sharing, unless such data fail to meet quality requirements according to specialized standards or technical regulations or unless otherwise prescribed by law.

3. Data sharing among state agencies must neither affect the interests and responsibilities of related organizations and individuals nor infringe upon privacy, personal secrets or family secrets, unless otherwise prescribed by law.

4. Shared data must be updated and accurate in accordance with law.

5. Data shared among state agencies are free of charge, except cases of exploitation and use of data on the lists referred to in the Law on Charges and Fees.

6. Data of state agencies shall be shared to organizations and individuals on the following principles:

a/ Organizations and individuals may exploit data of their own or of other organizations and individuals with the latter’s consent, unless otherwise prescribed by law;

b/ In cases other than those specified at Point a of this Clause, data of state agencies shall be shared to organizations and individuals in accordance with the Law on Access to Information and other current laws.

Article 6.Performance of data connection and sharing

1. Data-managing state agencies shall perform data management and administration activities and ensure their readiness for data connection and sharing with agencies, organizations and individuals in accordance with the provisions of Chapter II of this Decree.

2. For open data, agencies, organizations and individuals shall connect and exploit data already announced by state agencies as specified in Section 3, Chapter II of this Decree.

3. Data connection and sharing among state agencies are prescribed as follows:

a/ For data already made available for default sharing, their connection and sharing must comply with the provisions of Section 2, Chapter III of this Decree;

b/ For data not yet made available for default sharing, agencies providing and exploiting data shall coordinate and reach agreement with each other in sharing them upon request according to the provisions of Section 3, Chapter III of this Decree;

c/ In case it is impossible to perform data connection and sharing under Points a and b of this Clause, data connection and sharing must comply with the provisions on settlement of problems in data connection and sharing of Section 5, Chapter III of this Decree.

4. Connection and sharing of data of state agencies to organizations and individuals: In case data-providing state agencies permit data connection and sharing in accordance with law, organizations and individuals connecting and exploiting data shall fulfill relevant obligations of state agencies connecting and exploiting data prescribed in this Decree.

Article 7.Requirements for data management, connection and sharing

State agencies performing data connection and sharing shall fulfill the following requirements:

1. To assign an officer to take charge of data connection and sharing; to publicize the telephone number, email, name, position and functions of this officer. The officer in charge of data connection and sharing shall receive, and coordinate with others in dealing with, issues in data connection and sharing between his/her agency or unit and outside agencies and units.

2. To disclose information about the officer in charge of data connection and sharing; information about readiness for data sharing, and information required to be disclosed in accordance with this Decree.

3. To comply with regulations on information confidentiality; regulations on intellectual property rights concerning data; and privacy of organizations and individuals.

4. To ensure that shared data can be sent, received, stored and processed by digital equipment.

5. To comply with technical regulations and instructions on exchange of data and application of information technology in state agencies, and the principles specified in Article 5 of this Decree.

6. To ensure that data connection and sharing systems conform to the Vietnam E-Government Architecture Framework.

Article 8.Prohibited acts

1. Obstructing agencies’, organizations’ or individuals’ connection to, or their right to exploit and use, lawful data as prescribed by law.

2. Trading, exchanging or sharing data in contravention of law.

3. Violating regulations on intellectual property rights or the right to protection of personal information upon data connection or sharing.

4. Falsifying data in the process of transmitting data from data providers to data exploiters.

5. Undermining information infrastructure facilities or interrupting data sharing.

Chapter II

MANAGEMENT OF DATA AND DATABASES AND ADMINISTRATION OF DATA IN STATE AGENCIES, AND ASSURANCE OF READINESS FOR DATA CONNECTION AND SHARING

Section 1

MANAGEMENT OF DATA AND DATABASES IN STATE AGENCIES

Article 9.Principles of management of data and databases in state agencies

1. Data in state agencies shall be organized in a unified manner and managed according to delegated powers of state agencies. Data and databases within agencies and units shall be organized and stored in a way that facilitates data sharing to outside agencies and units.

2. The establishment of, and data information in, databases in state agencies must ensure the use of shared code lists in conformity with master data issued by competent state agencies.

3. State agencies may not request individuals and organizations to provide the data that are currently managed by the former or available for sharing by other state agencies and meet prescribed requirements, unless they request provision of data for the purpose of data updating or verification and examination.

Article 10.Organization and management of data and databases

1. Contents of data organization and management:

a/ Collecting and creating data to form databases;

b/ Managing, maintaining and updating data and managing data changes;

c/ Sharing data and managing data sharing;

d/ Exploiting and using data managed by state agencies and exploiting and using data shared from other state agencies.

2. State agencies shall carry out the data organization and management activities specified in Clause 1 of this Article in accordance with law.

Article 11.Databases in state agencies

1. Databases in state agencies include:

a/ National databases;

b/ Databases of ministries, sectors and local authorities, including shared databases of ministries, shared databases of sectors, and shared databases of local authorities;

c/ Other databases within information systems of state agencies not specified at Points a and b of this Clause.

2. The Ministry of Information and Communications shall assume the prime responsibility for, and coordinate with related agencies in, drawing up and submitting the list of national databases to the Government for approval, and updating such list.

3. Full-time units in charge of information technology of ministries, ministerial-level agencies, government-attached agencies, provinces and centrally run cities shall assume the prime responsibility for, and coordinate with related units in, drawing up and submitting lists of databases managed by ministries, sectors or local authorities and submitting them to ministers, heads of ministerial-level agencies or government-attached agencies or chairpersons of provincial-level People’s Committees for issuance, and updating such lists.

4. A list of databases of a ministry, sector or local authority must demonstrate the following contents:

a/ Names of databases;

b/ Purposes, scope and contents of databases;

c/ Mechanisms for  data collection and updating, and sources of collected data of databases;

d/ Data items, including open data, data shared by default, and data shared upon specific request of databases corresponding to different subjects exploiting and using data.

5. Databases on residence, land and enterprises are fundamental data for development of an e-government.

Article 12.List of national databases and maintenance thereof

1. If wishing to add a database to the list of national databases, modify such list, or withdraw a database from such list, the agency managing a relevant database shall send a request for adjustment of the list of national databases, accompanied by explanations about the reason for the request, to the Ministry of Information and Communications for summarization and submission to the Government for consideration and decision.

2. If requesting addition of a database to the list of national databases, explanations about the reason for the request to be sent to the Ministry of Information and Communications must have the following principal contents:

a/ Name of the national database to be added;

b/ Objectives of developing the national database;

c/ Scope of data in the national database; information about master data of the national database to be stored and shared;

d/ Subjects and purposes of use and exploitation of the national database;

dd/ Sources of information to be developed for and updated to the national database;

e/ Methods of sharing data from the national database.

3. To be included in the list of national databases, a national database must meet the following requirements:

a/ Its data have legal validity equivalent to that of paper documents containing information provided by competent agencies;

b/ It contains master data of the Government as a basis for data reference and synchronization among databases of ministries, sectors and local authorities;

c/ Its data are shared and used by different ministries, sectors and local authorities to serve performance of administrative procedures, administrative reform and simplification of administrative procedures for people and enterprises.

4. The list of national databases shall be updated to meet information technology application demand in each period of e-government development or upon request of ministries, ministerial-level agencies, government-attached agencies, provinces or centrally run cities.

Article 13.National Data Portal

1. The National Data Portal is the focal point providing open data of state agencies in the cyber environment with a view to increasing transparency in operations of the Government and promoting innovation and socio-economic development.

2. The National Data Portal is the focal point providing technical assistance for, and supervising, data connection and sharing among information systems in state agencies.

3. State agencies shall monitor, register and provide information about data and open data; open data management; and data sharing capacity and data exploitation demand on the National Data Portal.

4. The Data Sharing Service Management System constitutes a component of the National Data Portal.

5. The National Data Portal is designed to meet other requirements related to administration of data of state agencies.

Section 2

ADMINISTRATION OF DATA AND DATA SHARING AND EXPLOITATION

Article 14.Administration of data and data sharing and exploitation

1. Administration of data and data sharing and exploitation covers:

a/ Formulating data strategies and data development plans, and developing databases to enable data connection, sharing and common use in state agencies;

b/ Formulating legal documents and regulations on exploitation and use of data shared from databases; technical regulations and standards on structure of exchanged data; and technical documents on data exchange;

c/ Organizing, providing, exploiting, sharing and using data to serve operations of state agencies and sharing data to organizations and individuals in accordance with law;

d/ Coordinating, examining and supervising, and settling problems in, the process of data connection and sharing;

dd/ Examining, evaluating and maintaining data; and managing data quality;

e/ Integrating, analyzing and synthesizing data to serve state management and formulation of long-term development strategies.

2. Ministries, ministerial-level agencies, government-attached agencies and provincial-level People’s Committees shall organize the performance of, or perform the activities specified in Clause 1 of this Article, for the data they manage in accordance with law.

Article 15.Inspection, examination and supervision of data connection and sharing

1. The Ministry of Information and Communications shall inspect and examine data connection and sharing activities according to its competence; and guide the inspection and examination of data connection and sharing activities in state agencies.

2. Ministers and heads of ministerial-level agencies or government-attached agencies shall direct, inspect and examine data connection and sharing in their ministries and sectors; chairpersons of provincial-level People’s Committees shall direct, inspect and examine data management, connection and sharing in their localities.

Article 16.Data examination, evaluation and maintenance

1. Data shall be examined, evaluated and maintained on an annual basis.

2. Contents of data examination and evaluation:

a/ Inventorying data content items;

b/ Evaluating conformity with standards, technical regulations or regulations on data;

c/ Evaluating data quality, including accuracy and integrity of data, and occurrence of abnormal data;

d/ Evaluating data maintenance, operation and updating, and keeping diaries of data updating and exploitation;

dd/ Evaluating data sharing, data users, and whether data sharing purposes comply with regulations on exploitation and use of shared data;

e/ Other contents as instructed by specialized management agencies in charge of information technology in each period.

3. Evaluation results shall be recorded in writing with proposals on necessary activities (if any) to maintain data.

4. Agencies managing databases shall themselves organize periodical data examination and evaluation and send before December 31 every year reports thereon to full-time units in charge of information technology of ministries, ministerial-level agencies, government-attaches agencies, provinces or centrally run cities.

5. Within their management scope, full-time units in charge of information technology of ministries, ministerial-level agencies, government-attaches agencies, provinces or centrally run cities shall:

a/ Guide agencies managing databases in examining and evaluating data;

b/ Formulate programs and plans on data examination and evaluation, and submit them to ministers, heads of ministerial-level agencies or government-attached agencies or chairpersons of provincial-level People’s Committees for approval, and implement such programs and plans.

6. Agencies managing databases shall take measures to maintain data based on data examination and evaluation results.

Section 3

OPEN DATA OF STATE AGENCIES

Article 17.Principles of provision of open data of state agencies

1. The provision of open data of state agencies to organizations and individuals must adhere to the following principles:

a/ Open data must be integrated and fully reflect information contents provided by state agencies;

b/ To-be-provided open data must be updated ones;

c/ Open data must be accessible and usable in the cyber environment;

d/ Open data must enable data sending, receipt, storage and processing by digital equipment;

dd/ Organizations and individuals may freely access and use open data without being required to declare their identification information;

e/ Open data must be in an open format;

g/ Open data are free for use;

h/ Open data shall be provided with priority, for data with high use demand of people and enterprises.

2. Ministers, heads of ministerial-level agencies or government-attached agencies, and chairpersons of provincial-level People’s Committees shall, within their management scope, issue lists of open data of state agencies, organize the formulation of plans on open data and announce open data of state agencies.

Article 18.Use of open data of state agencies

1. Agencies, organizations and individuals may freely photocopy, share, exchange and use open data or combine open data with other data; and use open data in their commercial or non-commercial products and services.

2. Agencies, organizations and individuals shall extract and record information taken from open data they use in relevant products and documents.

3. Open data of state agencies are those in original state as announced; and must not contain forms of presentation and information arising from open data provided.

4. Agencies, organizations and individuals may not sell open data they exploit in original state from state agencies to others. When using open data in their commercial products and services, agencies, organizations and individuals shall provide free of charge open data accompanying such products and services.

5. State agencies shall take no responsibility for any loss or damage caused to agencies, organizations or individuals by the latter’s use of open data.

Article 19.Plans on and deployment of open data of state agencies

Within their management scope, ministries, ministerial-level agencies, government-attached agencies, and provincial-level People’s Committees shall:

1. Formulate and implement plans on open data, including plans on announcement of open data, and minimum requirements to be satisfied in each period of such a plan.

2. Determine mechanisms for collecting and analyzing feedback from individuals and organizations about the use of open data; designate focal points to make contacts and receive feedback from organizations and individuals about issues relating to data quality, usability and format, and observance of regulations on open data.

3. Take necessary preventive measures to maintain the development and announcement of open data directly relating to assurance of safety for humans and assets affected by open data deployment plans in their agencies.

4. Implement solutions for encouraging organizations and individuals to use open data as follows:

a/ Receiving feedback from organizations and individuals in order to identify the level of priority of open data and announce open data meeting their demands;

b/ Assisting organizations and individuals in the society and community in developing and contributing data for expansion of open data.

Article 20.Requirements for announcement of open data of state agencies

1. To refrain from disclosing personal information; to assess and limit dangers and risks of disclosing personal information when such information is combined with other information.

2. To ensure safety and security when using open data, including risks caused by open data or risks caused by open data combined with other data.

3. To make lists of open data reviewed and modified (if any) at least once every 6 months; to ensure that open data announced according to such lists are updated or supplemented (if any) within 3 months from the date of announcement.

4. To comply with relevant regulations.

Article 21.Modes and methods of announcement of open data of state agencies

1. Open data of state agencies shall be provided by the following modes:

a/ Providing packed data and permitting organizations and individuals to download such data for use;

b/ Providing data through data sharing services.

2. Open data shall be announced on the National Data Portal.

Section 4

ASSURANCE OF READINESS FOR DATA CONNECTION AND SHARING

Article 22.Regulations on exploitation and use of shared data

1. The connection, sharing and use of data of state agencies must comply with regulations on data exploitation and use issued by managing agencies. Regulations on data exploitation and use shall be issued based on groups of data subjects or on databases.

2. Regulations on data exploitation and use shall be publicized.

Article 23.Modes of data sharing

1. Modes of data sharing include:

a/ Online data connection and sharing in the cyber environment between information systems of data providers and data exploiters;

b/ Online data connection and sharing in the cyber environment through wholly or partially synchronizing data between databases of data providers and data exploiters;

c/ Sharing of packed data and storage of data in information storage devices.

2. It is encouraged to apply the mode of data sharing specified at Point a, Clause 1 of this Article.

3. For the modes of data sharing specified at Points a and b, Clause 1 of this Article, data sharing shall be continuously determined definitely or indefinitely after the date data providers accept data sharing under regulations on data exploitation and use.

4. When publicizing data sharing services, data providers shall announce forms of data sharing and their capacity to enable connection to databases in accordance with this Decree.

Article 24.Data sharing services

1. The connection, provision and exploitation of data among information systems shall be carried out via data sharing services.

2. Agencies managing databases shall establish and announce data sharing services and necessary technical documents to serve data access, for data under their management.

3. Information contents of data sharing services:

a/ Lists of data sharing services and accompanying necessary technical parameters and documents;

b/ Exchanged data structure of shared data in conformity with current standards or technical regulations;

c/ Other necessary information about data sharing services which data service providers need to provide to other agencies to facilitate the access and connection to and use of data sharing services.

Article 25.Disclosure of information about data sharing services

1. Data sharing service providers shall themselves publicize information about their data sharing services in the Data Sharing Service Management System within 1 working day from the date such services are ready to receive data sharing connection.

2. Upon the occurrence of a change in or update of data sharing services, service providers shall update information about data sharing services in the Data Sharing Service Management System.

3. Information about data sharing services shall be fully posted and promptly and accurately updated.

4. Data service providers shall manage lists of their data sharing services and relevant information and documents; receive and process data exploiters’ requests, proposals and recommendations on data sharing services publicized in the Data Sharing Service Management System.

5. When necessary, full-time units in charge of information technology of ministries, ministerial-level agencies or government-attached agencies shall, within their management scope, assist state agencies in posting, updating and managing information about data sharing services.

Article 26.The Data Sharing Service Management System

1. The Data Sharing Service Management System is an information system for centralized management of lists of data sharing services of state agencies, which is established and managed by the Ministry of Information and Communications for provision of data to state agencies for exploitation and use.

2. Role and functions of the Data Sharing Service Management System:

a/ To perform centralized management of information about data sharing services nationwide;

b/ To assist data providers in declaring and updating information about data sharing services;

c/ To assist state agencies in seeking, accessing and exploiting data sources and data services shared by state agencies;

d/ To support the receipt of requests for connection to and exploitation of data sharing services;

dd/ To provide other support functions facilitating data connection and sharing among state agencies.

3. State agencies shall search information about data sharing services in the Data Sharing Service Management System for connecting, sharing and exploiting usable data sources of state agencies.

Article 27.Infrastructure facilities for data connection and sharing

1. Agencies providing and using data shall ensure infrastructure facilities for data connection and sharing, including:

a/ Information systems and network connection infrastructure facilities suitable for data provision and exploitation;

b/ Tools and methods for data protection and verification in the process of data sharing and use;

c/ Other technical conditions serving data connection and provision and data exploitation and use;

2. Information systems and databases in state agencies must have items serving data connection and sharing, including:

a/ Structure of data to be shared and data to be exploited from data sharing;

b/ Components for data connection and sharing and provision of data sharing services to the outside;

c/ Management, operation and maintenance of data connection and sharing.

3. The Ministry of Information and Communications shall assume the prime responsibility for, and coordinate with related agencies in, formulating a national service platform to serve data connection and sharing among ministries, ministerial-level agencies, government-attached agencies, provinces and centrally run cities.

4. Full-time units in charge of information technology of ministries, ministerial-level agencies, government-attached agencies, provinces and centrally run cities shall assume the prime responsibility for building and maintaining infrastructure facilities for data connection and sharing within their ministries, ministerial-level agencies, government-attached agencies, provinces and centrally run cities and with other ministries, ministerial-level agencies, government-attached agencies, provinces and centrally run cities.

Article 28.Assurance of safety during data connection and sharing

Data connection and sharing must comply with the laws on cyberinformation security and cyber security, and the following regulations:

1. Agencies managing information systems that participate in the process of data connection and sharing shall ensure information safety and security when data are managed, stored, processed and transmitted in their systems.

2. Data exploiters shall ensure information safety and security when connecting and receiving shared data under regulations of data providers and relevant regulations.

Article 29.Funds for data connection and sharing

1. The central budget or local budgets shall allocate funds for building infrastructure facilities for data connection and sharing; and ministerial- and provincial-level service platforms and national databases on the following principles:

a/ The central budget shall allocate funds for ministries, ministerial-level agencies and government-attached agencies, and provide support for difficulty-hit localities that are unable to balance budget funds by themselves;

b/ Local budgets shall allocate funds for localities that have transfers to the central budget or see a big increase in budget revenues; and use funding sources retained aside from budget balance under regulations, and other lawfully mobilized funding sources (if any);

c/ The central budget shall pay annual service charges, prioritizing and promoting investment through cooperation with the private sector, especially the hire of information technology services, and taking full advantage of resources of different economic sectors to invest in system development.

2. For separate tasks and projects of ministries, sectors and localities (except ministerial- and provincial-level service platforms):

a/ Ministries, sectors and localities shall balance funds from budget estimates for performance of these tasks and projects, or hire information technology services, for projects having revenues and being implemented with such revenues;

b/ For extreme difficulty-hit mountainous localities that cannot balance budget funds to meet their demands, the central budget shall provide partial funds as approved by competent authorities.

3. Funds for data maintenance, operation, connection and sharing shall be included in fund estimates for management, operation and maintenance of information systems and databases, and balanced from annual state budget funds reserved for regular expenditures according to delegation of powers of state agencies for budget management (funds for performance of irregular tasks; financial autonomy is not applied).

Article 30.Human resources for data connection and sharing

1. Human resources for data connection and sharing are those currently managing and operating information systems; information technology services may be hired and other human resources may be mobilized in accordance with law.

2. State agencies providing and using data shall ensure human resources for data management, connection and sharing.

Chapter III

PERFORMANCE OF DATA CONNECTION, SHARING AND USE

Section 1

ORGANIZATION OF DATA CONNECTION AND SHARING

Article 31.Data connection and sharing among ministries, ministerial-level agencies, government-attached agencies and provinces and centrally run cities

1. The Prime Minister shall direct data management, connection and sharing among ministries, sectors and localities; and promptly solve difficulties or problems arising in the course of implementation of this Decree.

2. The Ministry of Information and Communications shall:

a/ Promulgate documents prescribing or guiding data management, connection and sharing;

b/ Urge, assess and inspect the performance of data connection and sharing, and the observance of regulations on data connection and sharing, and advise the Prime Minister on solving difficulties and problems related to data management, connection and sharing;

c/ Coordinate data connection and sharing among ministries, ministerial-level agencies, government-attached agencies and provinces and centrally run cities on the national service platform;

d/ Summarize and publicize statistical information on data sharing by ministries, ministerial-level agencies, government-attached agencies and provinces and centrally run cities.

3. Ministries, sectors and localities shall proactively prepare necessary conditions, connect and provide data and exploit real data to meet requirements and perform connection.

Article 32.Data connection and sharing within ministries, ministerial-level agencies, government-attached agencies and provinces and centrally run cities

1. Ministers, heads of ministerial-level agencies, heads of government-attached agencies and chairpersons of provincial-level People’s Committees shall direct data management, connection and sharing within ministries, sectors and localities under their management.

2. Full-time units in charge of information technology of ministries, ministerial-level agencies, government-attached agencies and provinces and centrally run cities shall:

a/ Guide data management, connection and sharing within their management scope;

b/ Monitor, urge, assess and inspect data connection and sharing among agencies and units within ministries, ministerial-level agencies, government-attached agencies and provinces and centrally run cities, and advise heads on solving difficulties and problems related to data management, connection and sharing;

c/ Coordinate data connection and sharing, and guide and assist agencies and units in performing connection outside ministries, ministerial-level agencies, government-attached agencies and provinces and centrally run cities.

3. Agencies and units of ministries, ministerial-level agencies, government-attached agencies and provinces and centrally run cities shall organize data connection and prepare necessary conditions to meet requirements and perform data connection and sharing.

Section 2

DEFAULT SHARING OF DATA

Article 33. Preparation for and performance of data provision

Data providers shall:

1. Identify and standardize data to be shared by default.

2. Determine the lists of data to be shared by default.

3. Develop data sharing services, and prepare documents guiding data connection and exploitation.

4. Publicize data sharing services under Article 25 of this Decree.

5. Receive requests for data sharing service connection and use and data exploitation from agencies wishing to use data sharing services.

6. Perform data connection and sharing.

Article 34.Data to be shared by default

1. Data to be shared by default include:

a/ Master data of national databases;

b/ Master data of databases of ministries, sectors and localities;

c/ Data about shared lists;

d/ Data of other types which are used by many state agencies in the same manner according to data format, structure, standards and technical regulations.

2. Ministers, heads of ministerial-level agencies, heads of government-attached agencies and chairpersons of provincial-level People’s Committees shall issue the lists of data to be shared by default and review them at least every 6 months for updating and consider gradually shifting from data sharing upon request to default sharing of data when conditions permit.

Article 35.Sending of requests for data connection and exploitation

1. Agencies and units shall send online requests for data connection and exploitation through the Data Sharing Service Management System. In case the Data Sharing Service Management System is not available, requests shall be sent in appropriate forms accepted by data providers.

2. Contents of a request for data connection and use:

a/ Identification information and name of the requester;

b/ Identification information and name of the data connection and exploitation application (if necessary);

c/ Purposes and solutions for using data after they are exploited;

d/ Contents of data requested for provision; names and quantity of information items to be received;

dd/ Identification number and name of the data sharing service;

e/ Frequency of exploitation of shared data;

g/ Other necessary information (if any).

3. Within 5 working days after receiving a request, a data provider shall create a connection account and notify it to the requester. In case of refusal, the data provider shall clearly state the reason.

Section 3

DATA SHARING UPON REQUEST

Article 36.Principles of data sharing upon request

1. Data sharing upon request may be performed only when data cannot be exploited in the form of default sharing of data.

2. Data providers and data exploiters shall exchange and agree on contents of data connection, sharing and exploitation.

3. The agreed contents of data sharing shall be stated in a paper document, an electronic document or a supporting information system (if any).

4. An agency having not yet participated in data sharing and exploitation according to the valid agreed contents of data sharing may request its participation and become one of the parties performing such contents.

5. Agreed contents of data sharing shall be notified to parties participating in data connection and sharing; and sent to competent authorities when so requested.

Article 37.Process of preparing data connection and sharing

Data providers and data exploiters shall coordinate with each other in:

1. Reviewing demands, regulations, necessary conditions and activities to be carried out for data connection and sharing.

2. Drafting the contents of data sharing to be agreed.

3. Confirming (signing) the agreed contents of data sharing.

4. Organizing the performance of the agreed contents of data sharing.

Article 38.Agreed contents of data sharing

1. List of agencies providing data and agencies exploiting and using data.

2. Contents of data to be shared among agencies.

3. Location for data sharing and use.

4. Time limit for data connection and use.

5. Mode and method of data sharing.

6. Mode and method of processing data after they are received.

7. Conditions and restrictions on data sharing and use of shared data.

8. Agencies’ commitment to complying with regulations on data protection and agreed contents of data sharing.

9. Confidentiality and verification measures applicable to data transmission, storage and access.

10. Requirements for storage of data after they are shared; and data arising from processing of data after they are shared, during and after the performance of the agreed contents of data sharing.

11. Methods of deleting or destroying data after they are shared, or deleting or destroying data upon completion of data sharing.

12. Other issues affecting data sharing as agreed upon by agencies participating in data sharing.

Article 39.Performance of data connection, sharing and use

The data connection, sharing and use shall be performed according to the contents of data sharing agreed upon by related agencies. In the course of performance, any changes, if any, in the agreed contents shall be updated as a basis for monitoring, supervising and settling arising problems.

Section 4

MANAGEMENT OF DATA CONNECTION AND SHARING

Article 40.Connection accounts and management thereof

1. Except the case of data sharing not requiring verification of data exploiters (as stated in regulations on exploitation and use of shared data), the connection and sharing of data to data exploiters shall be performed through connection accounts in appropriate forms of identification and verification for agencies and organizations wishing for connection in accordance with law.

2. In case of data connection and sharing via an intermediary system, the agency managing a database may entrust the unit managing such intermediary system to manage and grant accounts for data connection and exploitation.

3. The grant and verification of accounts for data connection and exploitation must comply with regulations on data exploitation and use regarding shared databases.

Article 41.Time limit for using data after they are exploited

1. Data exploited from the sharing of a database shall be used for a definite time. The time limit for use of data shall be specified in the regulation on exploitation and use of shared data of such database.

2. The time limit for use of data is provided as follows:

a/ Data exploited according to the mode specified at Point a, Clause 1, Article 23 of this Decree may be used right after they are exploited, unless otherwise prescribed by law;

b/ Data exploited according to the mode specified at Point b, Clause 1, Article 23 of this Decree may be used for a definite time. The time limit for use of data shall be counted from the time of the last synchronization of data from a source database to a target database. Upon the expiration of this time limit, data in the target database become invalidated or shall be synchronized with data of the source database;

c/ Data exploited according to the mode specified at Point c, Clause 1, Article 23 of this Decree may be used for multiple times within a specified time limit. After this time limit, data become invalidated.

Article 42.Storage of data upon connection and exploitation

Data exploiters may store and use data for:

1. Using data within the time limit specified in Article 41 of this Decree;

2. Ensuring the performance of the data exploitation and usage system; or,

3. The case where data storage is permitted.

Article 43.Suspension of connection and provision of data in the cyber environment by data providers

1. Data providers shall suspend the provision of data sharing services to all data exploiters in the following cases:

a/ Upgrading, expanding and maintaining information systems and information infrastructure facilities;

b/ Inforce majeureevents which interrupt service provision or data connection or affect the operation of information systems or data security.

2. Data providers shall suspend the provision of data to one or more than one data exploiter in the following cases:

a/ The data exploiter(s) violate(s) the regulation on data exploitation and use;

b/ Data connection is identified to threaten safety or security.

3. In case of suspension of connection and provision of services under Point a, Clause 1 of this Article, data providers shall post up a notice of such suspension on its portal at least 7 working days before suspending the provision of data sharing services, and notify the expected time limit for restoration of the provision of data sharing services after repairing, troubleshooting or upgrading and expanding information infrastructure systems. The upgrading, expansion and maintenance of the systems shall be carried out in the possible shortest period while minimizing risks caused to the agencies exploiting and using data by interruption or suspension of the provision of data sharing services.

4. Inforce majeureevents resulting in suspension of the provision of data sharing services under Point b, Clause 1 of this Article, the service providers shall notify them in an appropriate form and promptly take troubleshooting measures.

5. In the case specified in Clause 2 of this Article, data providers shall notify data exploiters, within 1 day after identifying violations, of the following:

a/ Contents violating regulations and plans on handling of violations;

b/ Necessary requirements for maintaining or restoring the connection.

Article 44.Termination of data connection and sharing via the cyber environment

1. Data providers may terminate data connection to and sharing with data exploiters via the cyber environment in the following cases:

a/ The data exploiters’ data use purposes are different from those at the time of initial registration;

b/ The connection cannot be restored due to incidents or objective conditions, making the data providers unable to continue maintaining data sharing services;

c/ At the request of a competent agency in accordance with law;

d/ The data exploiters no longer wish to continue data connection and exploitation or the agreed contents of data sharing have expired.

2. Data exploiters shall fulfill obligations (if any) in the process of terminating data connection and sharing.

3. Data providers shall notify the results of termination of data connection and sharing to data exploiters and related agencies.

Article 45.Storage of diaries of data sharing

1. Data providers shall store a history of requests for data from data exploiters and contents of data shared to data exploiters as a basis for comparison and settlement of issues on the use of data after they are exploited.

2. Contents of information about the history of data storage include:

a/ Time and form of data requests and data provision;

b/ Identification information about agencies requesting data exploitation;

c/ Content of requests;

d/ Status of satisfying requests; contents of shared data (if necessary);

dd/ Other necessary information as a basis for comparison and settlement of problems arising in the use of data.

3. The period of storage of diaries must comply with regulations on data exploitation and use.

Article 46.Models of data connection and sharing

Data connection and sharing between information systems and databases shall be performed according to one of the following models in the following order of priority:

1. Connection through intermediary systems: the national service platform; ministerial- and provincial-level infrastructure facilities for data connection and sharing in conformity with Vietnam E-Government Architecture Framework, and e-government and e-administration architectures approved by competent authorities.

2. Direct connection between information systems and databases when intermediary systems are not yet available or managing agencies of intermediary systems see that such systems fail to meet the requirements for data connection and sharing.

Section 5

SETTLEMENT OF PROBLEMS RELATED TO DATA CONNECTION AND SHARING

Article 47.Problems arising during data connection, sharing and exploitation

Problems related to data management, connection and sharing include:

1. Problems related to the rights and obligations in data sharing and exploitation as prescribed by law.

2. Problems related to technical infrastructure facilities for data connection and sharing.

3. Problems related to the application of and compliance with data standards, technical regulations and regulations.

4. Problems related to the quality of shared data and use of data after they are shared.

5. Problems related to data connection and sharing plans.

6. Other problems affecting data management, connection and sharing.

Article 48.Competence to receive and settle problems

1. Data providers shall receive and settle problems arising during the connection or use of the provided data.

2. Ministers, heads of ministerial-level agencies and government-attached agencies and chairpersons of provincial-level People’s Committees shall handle problems related to data sharing within their ministries, sectors and localities.

3. The Ministry of Information and Communications shall receive and settle problems related to techniques, technologies and application of regulations, standards and technical regulations.

4. The Prime Minister shall direct the settlement of problems related to data connection and sharing among ministries, sectors and localities.

Article 49.Process of handling of problems

Unless the handling of problems has been specified in documents issued by competent authorities, the process of handling problems is as follows:

1. Data exploiters suffering problems in data connection and sharing shall send a request to data providers for the latter to provide instructions and settle problems. Within 7 working days after receiving the request, data providers shall issue a reply and guide the handling of problems to data exploiters.

2. In case it is impossible to settle a problem under Clause 1 of this Article, the agency suffering such problem shall send a request to a full-time unit in charge of information technology of the concerned ministry, ministerial-level agency, government-attached agency or provincial-level People’s Committee for consideration and guidance for settlement.

Within 7 working days after receiving the request, the full-time unit in charge of information technology shall guide related agencies in implementing a plan to settle the problem if such problem falls within its competence or coordinate with related agencies in proposing a problem settlement plan and report it to the minister, head of the ministerial-level agency or government-attached agency, or chairperson of the provincial-level People’s Committee concerned for decision.

3. In case problems related to data connection and sharing arise among ministries, sectors or localities or are impossible to be settled under Clause 2 of this Article, the minister, head of the ministerial-level agency or government-attached agency, or chairperson of the provincial-level People’s Committee concerned shall send a request to the Ministry of Information and Communications for handling or reporting to the Prime Minister for settlement.

Article 50.Problem settlement plans and implementation of problem-handling plans

1. Principles of settling problems:

a/ To ensure compliance with the provisions of relevant laws;

b/ To respect data sharing agreements (if any) signed by participating agencies;

c/ To ensure the harmony of interests of state agencies for mutual purposes, and respect the problem settlement plans of related agencies.

2. Related agencies shall comply with problem settlement plans issued by competent agencies.

3. The agencies competent to settle problems shall perform inspection to ensure compliance with problem-handling plans.

Chapter IV

RIGHTS AND RESPONSIBILITIES IN DATA CONNECTION AND SHARING

Article 51.Rights and responsibilities of data providers

1. Data providers have the following rights:

a/ To reject data sharing requests if such a request does not comply with this Decree and relevant regulations. In this case, data providers shall clearly state the reason for rejection and notify thereof to the agencies competent to receive and settle problems prescribed in Article 48 of this Decree;

b/ To request data users to notify the situation of use of shared data if detecting signs showing that the data use does not comply with the regulations on data exploitation and use and law;

c/ To suspend or terminate data connection and sharing in accordance with Articles 43 and 44 of this Decree.

2. Data providers have the following responsibilities:

a/ To complete information infrastructure facilities to make them ready for data connection and sharing;

b/ To formulate and finalize documents guiding data sharing;

c/ To manage and publicize data in accordance with law; to ensure that their data management suits practical conditions on data management;

d/ To ensure the quality of provided data; to update data timely; to correct and adjust data errors (if any);

dd/ To review and assess information infrastructure facilities, and limit barriers on information infrastructure conditions serving data provision and sharing; to assess problems and propose solutions in data sharing; to report on data sharing to competent authorities and state management agencies;

e/ To report to competent agencies on data provision and exchange upon request;

g/ To coordinate with data exploiters and agencies competent to settle problems in settling problems and disputes arising in the process of data sharing and use;

h/ To share currently managed data on individuals and organizations to other state agencies in need when being requested by such individuals or organizations.

Article 52.Rights and responsibilities of data exploiters and users

1. Data exploiters and users have the following rights:

a/ To exploit and use data for proper purposes;

b/ To request competent agencies to settle problems that affect the former’s rights to exploit and use shared data.

2. Data exploiters and users have the following responsibilities:

a/ To comply with the provisions of this Decree and regulations of competent authorities on data connection and sharing;

b/ To exploit and use data within the permitted scope according to the regulations on data exploitation and use, agreements on data sharing and relevant documents;

c/ To promptly notify errors of shared data to data providers;

d/ To coordinate with competent agencies and data providers in settling problems in the process of data sharing and use.

Article 53.Responsibilities of ministries, ministerial-level agencies and government-attached agencies

1. The Ministry of Information and Communications

a/ To formulate and submit to competent authorities for promulgation the national data strategy; to guide data administration and data sharing and exploitation administration activities in state agencies; to supervise the implementation of data administration and data sharing and exploitation administration activities of national databases in accordance with Article 14 of this Decree;

b/ To develop and operate the National Data Portal;

c/ To collect and publicize the list of data providers and the list of data eligible to be provided for exploitation and use by state agencies. To collect and manage data about shared lists nationwide for provision to agencies in need;

d/ To collect and assess connections in the form of data sharing upon request in order to request data providers to share data by default;

dd/ To implement solutions, initiatives and utilities to support data sharing and support subjects engaged in online public administrative procedures on the basis of data connection and sharing.

2. The Ministry of Planning and Investment shall allocate development investment funds for the construction and upgrading of information systems to meet the requirements of data management, connection and sharing in accordance with this Decree and relevant regulations.

3. The Ministry of Finance

a/ To guide ministries, ministerial-level agencies, government-attached agencies, People’s Committees at all levels and related organizations and individuals in balancing and allocating funds for investment in information infrastructure facilities and systems serving data connection and sharing;

b/ To allocate regular funds for performance of the tasks of data management, connection and sharing in accordance with the the Law on the State Budget and guiding documents.

4. The Ministry of Public Security shall guide and implement measures to ensure cyber security in the process of connecting and sharing digital data.

5. Ministries, ministerial-level agencies and government-attached agencies

a/ To perform, and direct full-time units in charge of information technology in performing, the tasks assigned in this Decree. As data providers, to organize the performance of tasks for the data under their management as prescribed in this Decree;

b/ To develop technical standards or regulations on the structure of exchanged data, and data sharing regulations and processes for specialized data under their management; to issue regulations on exploitation and use of data of the national databases of which they act as managing agencies as assigned and databases of ministries and sectors under their respective management;

c/ To allocate funds for data connection and sharing activities;

d/ Based on the actual situation, to revise, or propose revision to, legal documents in order to simplify administrative procedures and specialized administrative operations on the basis of exploiting shared data.

Article 54.Responsibilities of provincial-level People’s Committees

1. To perform, and direct full-time units in charge of information technology in performing, the tasks assigned in this Decree. As data providers, to organize the performance of tasks for the data under their management as prescribed in this Decree.

2. To issue regulations on exploitation and use of data of the local databases under their management.

3. To propose provincial-level People’s Councils to allocate funds for performance of the tasks of data management, connection and sharing in accordance with the Law on the State Budget and relevant guiding documents.

4. To direct attached agencies and units in formulating data connection and use plans; to organize compatible information systems to make them ready for data connection and sharing with relevant national databases, databases of ministries and sectors, and information systems serving state agencies’ operations.

Chapter V

IMPLEMENTATION PROVISIONS

Article 55.Transitional provisions

1. Agencies managing national databases that are approved by competent authorities shall, within 3 months from the effective date of this Decree, review and send the information specified in Clause 2, Article 12 of this Decree to the Ministry of Information and Communications for the latter to make a list of national databases for submission to the Government for approval.

2. For the databases of ministries, sectors and localities prescribed in Article 11 of this Decree, ministers, heads of ministerial-level agencies and government-attached agencies and chairpersons of provincial-level People’s Committees shall review and issue the lists of databases of their ministries, sectors and localities within 6 months from the effective date of this Decree and update them when there are changes.

3. For data connection and sharing systems operating before the effective date of this Decree, data sharing shall be maintained. Agencies managing information systems and databases shall review such systems and databases and comply with this Decree when upgrading or expanding their items (if any).

4. Ministries, ministerial-level agencies, government-attached agencies and provincial-level People’s Committees shall, within their respective competence, review documents and regulations that restrict data connection and sharing in order to amend them or propose competent authorities to amend, replace or annul them in accordance with this Decree.

Article 56.Effect

This Decree takes effect on May 25, 2020. When the legal documents and regulations referred to in this Decree are amended, supplemented or replaced, the amending, supplementing or replacing documents will prevail.

Article 57.Implementation responsibility

1. The Ministry of Information and Communications shall guide, examine and urge the implementation of this Decree.

2. Ministers, heads of ministerial-level agencies and government-attached agencies, chairpersons of provincial-level People’s Committees and related agencies, organizations and individuals shall implement this Decree.

3. All-level agencies of the Party and National Assembly, the Office of the President, People’s Councils, People’s Procuracies, People’s Courts and other socio-political organizations shall, in pursuance to this Decree, formulate appropriate regulations for implementation in their respective agencies and organizations.-

On behalf of the Government
Prime Minister
NGUYEN XUAN PHUC