Vietnamese
This is one of the key provisions of the Law on Personal Data Protection 2025, No. 91/2025/QH15, passed by the National Assembly on June 26, 2025, and effective from January 01, 2026.
According to Clause 5 Article 29 of the Law on Personal Data Protection 2025, organizations and individuals providing social media and online communication services are prohibited from eavesdropping, wiretapping, recording calls, or reading text messages without the data subject’s consent, unless otherwise provided by law.
Clause 1 of this Article also stipulates that platforms must not illegally collect personal data or collect data beyond the scope agreed upon with users.
In addition, under Clause 2 Article 29 of the Law on Personal Data Protection 2025, organizations and individuals providing social media and online communication services must not require the provision of images or videos containing all or part of identity documents for the purpose of account authentication.
This means that, from the effective date of the Law on Personal Data Protection 2025, social media platforms must not use the Citizen Identity Card, Identity Card, Passport, etc. in image or video form as a means of user account verification.
Clause 6 Article 29 of the Law on Personal Data Protection 2025 also requires social media providers to:
Publicly disclose privacy policies;
Clearly explain the methods of collecting, using, and sharing personal data;
Provide mechanisms for accessing, correcting, and deleting personal data;
Establish privacy settings and promptly handle violations.
