Vietnam has recently modernised its data protection regime. The Law of Personal Data Protection and its guiding Decree 356/2025/ND-CP, both effective from 1 January 2026, now impose stricter rules on sensitive personal data, including health, biometric and financial information.
However, the law only polices consent among the living and says nothing about the dead. “Why should your right to privacy end at death? Can heirs access a deceased person’s data? Must platforms cooperate? May hospitals disclose records? Should private messages stay sealed? None of these questions currently has an answer in the law,” Mr Dat says.
Digital wills, not password lists
The most practical starting point is a legally recognised digital will, Mr Dat suggests. Operating alongside a traditional will, it would record binding instructions about access, deletion, preservation and transfer of data.
A person could direct that family photos pass to their children, private messages remain sealed, cryptocurrency recovery instructions go to a trusted person, and no AI version of their voice or image ever be created.
A digital executor, named in the will, would deal with platforms, banks and hospitals and see those instructions carried out with identity verification and audit trails, so the right person gets the right data for the right purpose.
The importance of a digital will becomes highly visible in financial assets and health data – two areas where access and privacy raise different challenges.
In Vietnam, where crypto asset ownership is among the highest in the world, with around 20% of the population owning crypto, the risks are particularly acute. With common types of bank assets, banks can usually verify a deceased customer and process an inheritance claim after some time. However, self-custody cryptocurrency often works differently: access depends on a private key or seed phrase known only to the owner, and no court order can recover a secret key that no one knows. This means that an heir may hold a valid legal claim to an asset that is technically unrecoverable.
Health data present a different challenge, not of access, but of privacy. According to RMIT PhD candidate in Psychology and medical doctor Nguyen Thi Dang Thu, “Confidentiality does not end at death. A doctor stays bound to a dead patient's secrets. And more of it now lives outside the hospital,” she says.
She explains that a smartwatch now logs years of heart rhythms, sleep and stress; a phone tracks cycles, weight and mood – intimate readings no doctor ever sees, held under a platform's terms rather than any rule of medical confidentiality. Yet the data is partly the family's too, because it reveals the inherited risks they carry. For example, does a daughter inherit the right to read her mother's medical file to learn what health risks may be coming for her?
“Vietnam's new Law on Personal Data Protection already treats health information as sensitive and demands explicit consent. That consent should survive death, not dissolve into automatic family access or open-ended research,” Dr Thu suggests. “Like organ donation, these records should serve kin and medicine only when the person chose it, never by default.”