Protection of Personal Data for People’s Trust in Online Public Services - PAPI

Protection of Personal Data for People’s Trust in Online Public Services

28/06/2022

According to the report, 59 in 63 provincial e-government portals and 60 in 63 provincial eservice portals have not yet published a Privacy Policy—a form of an e-agreement that establishes responsibilities of state agencies to protect citizens’ data.

Protection of Personal Data for People’s Trust in Online Public Services Local governments’ awareness and interest in personal data protection on government-citizen interaction platforms remain limited. This is a key finding shared at the thematic discussion “Review of local governments’ implementation of personal data protection on online government-citizen interaction interfaces, 2022” co-organized by the United Nations Development Program (UNDP) in Vietnam and the Institute for Policy Studies and Media Development (IPS).

 

According to the report, 59 in 63 provincial e-government portals and 60 in 63 provincial eservice portals have not yet published a Privacy Policy—a form of an e-agreement that establishes responsibilities of state agencies to protect citizens’ data and provides a legal basis for citizens to exercise their rights to personal data in events of data breach or personal data violation.

 

Mr. Nguyen Lam Thanh, Vice President of the Vietnam Digital Communications Association emphasized: “Protecting personal data in the digital environment in general and on the government citizen interactive platforms, in particular, will help strengthen public trust and motivate them to participate in the digital transformation process.”

 

Mr. Patrick Haverman, Deputy Resident Representative of the United Nations Development Programme (UNDP) in Vietnam, commended the Government and localities for their efforts in providing online public services. “The Covid-19 pandemic required many aspects of citizens’ lives to move to the online realm. However, findings from the Viet Nam Provincial Governance and Public Administration Performance Index (PAPI) surveys in 2020 and 2021 show that only 3.5% of the respondents used the National E-Service Portal each year,” Mr. Haverman said.

 

Sharing the same view as Mr. Thanh, Mr. Haverman emphasized that the good practice of protecting citizens’ personal data in the public sector is one of the key factors to build citizens’ trust in online public services. “As we have learned from experiences in other countries, digital transformation should observe key principles on personal data protection as guided by the United Nations,” Mr. Haverman said, adding that key principles include, among others, (i) fair and legitimate processing; (ii) purpose specification; (iii) proportionality and necessity; (iv) retention; (v) transparency; and (vi) accountability.

 

The research team also pointed out that the majority of localities have not fully satisfied the existing regulations on personal data protection. For example, local governments are required by law to disclose a contact point that is responsible for receiving and responding to citizens’ requests and complaints on personal data protection. The review shows that only 17 among 50 smart applications for government-citizen interaction, one out of 63 e-service portals, and three out of 63 provincial e-government portals published information about the contact point. Among 130 emails sent to requesting an update of profile information and access to existing personal data protection measures enacted by the local governments, (temporarily using contact points as provided on home pages of provincial e-services portals and provincial e-government portals), only 9 responses were received timely.

 

One of the most concerning issues is the misinterpretation and misidentification of the legal responsibilities of subjects related to controlling data. Specifically, the legal responsibility for personal data is confused between the “administrative authority” (a Provincial People’s Committee), “operating agency” (a Provincial Department of Information and Communications), and platform service providers. If the subjects’ roles are not properly defined, the implementation of data protection procedures will be ineffective. Moreover, when incidents of personal data breach occur, there will be no basis for determining who is accountable.

 

The study made recommendations to central and local authorities on how to improve policy on and practices of protecting personal data on the government-citizen interaction platforms.

 

In the short-term, it is necessary to regularly evaluate the governments’ enforcement of personal data protection on the interaction platforms as well as to add personal data protection assessment criteria to the Digital Transformation Index (DTI), which was initiated and is conducted annually by the Ministry of Information and Communications (MIC). The MIC should develop national guidelines on personal data protection in the public sector, and issue a sample of privacy policy for online government-citizen interaction platforms.

 

Supportive of the recommendations from the research team based on his experience, Vice Director of the Department of Information and Communications of Thua Thien-Hue province, stressed that the protection of citizens’ personal data is key to build public trust in the digital government. “For example, the smart government-citizen interaction application of Thua Thien-Hue province (i.e. Hue-S) has received more than 50,000 comments from citizens since 2021,” Mr. Anh explained. “This result is thanks to our province’s commitment to the protection of citizens’ personal data in accordance with our published internal regulations for operating, and processing personal data.”.

 

DIEP NGUYEN – Nhịp sống doanh nghiệp

Highlights
Protection of Personal Data for People’s Trust in Online Public Services - PAPI
Registration Email

to attend the launch of the 2019 PAPI Report.