Data protection key to sustaining trust in Vietnam’s digital economy

SKIP TO CONTENT

Tiếng Việt

Data protection key to sustaining trust in Vietnam’s digital economy

Personal data protection should be treated as a top priority in Vietnam’s digital economy, says Dr James Kang, a senior lecturer in Computer Science at RMIT University Vietnam.

Digital growth built on necessity

Vietnam’s digital economy has been driven more by necessity than by trust. Most users already know their personal data may not be fully protected. They see scams, spam messages, and data leaks all the time, but still continue using digital platforms because they have little choice. Ordering food through GrabFood, booking rides on beCar, shopping on Lazada or Shopee, and even paying at restaurants using MoMo or ZaloPay all now depend on digital systems. Opting out is no longer practical.

Everyday activities in Vietnam now depend on digital platforms. (Image: Freepik)

The real question is not how to build trust from scratch. That is unrealistic. A more practical goal is to slow down the growing distrust. If people become too cautious, they may still use digital services, but not fully. That affects engagement, spending, and ultimately economic growth.

Making trust more visible

One way forward is to make trust more visible. Right now, users have no clear way to judge whether a platform protects their data well enough. A simple certification or rating system could help. Even if not perfect, it gives users a reference point instead of relying on blind trust or guesswork.

Another approach is to reduce how much personal data is exposed. Not every platform needs full identity details. Using pseudo identities or system-generated IDs can limit unnecessary data sharing. If one platform is compromised, the damage can be contained.

None of these solutions remove risk completely. But they do reduce exposure and slow distrust. In a system people cannot opt out of, that may be what matters most.

Personal data protection, therefore, plays a direct role in economic growth. It is not about perfect trust, but about maintaining enough confidence for people to keep using digital services. For that reason, it should be treated as a top priority, but in a practical way that focuses on risk reduction.

The real risk

The real problem with data misuse today is not just technology. It is governance. There is often a gap between what privacy laws say and what platforms do.

Many platform providers do not fully comply. In some cases, they may not understand the seriousness of regulations. In others, enforcement is weak. Individual users rarely challenge platforms because it takes time and effort, so most people simply move on after being scammed or having their data misused.

This creates a loophole. When there are few consequences, some platforms may not prioritise strong data protection. In the worst case, they tolerate risks because they do not see immediate impact. They focus on the short term, but this can create much bigger costs in the long run.

Users also have very limited power. If a scammer operates across borders or hides behind anonymous accounts, it is almost impossible for an individual to track or stop them.

Responsibility needs to shift. Instead of focusing only on the hidden scammer, more accountabilities should be placed on platform providers. They have the resources and technical capability to detect suspicious activity and prevent abuse if they choose to act.

For businesses, the stakes are even higher. Data breaches can cause serious damage; however, many incidents are not openly discussed. Companies may stay quiet to avoid reputational harm or financial panic like a bank run. As a result, the real scale of the problem remains hidden.

Stronger accountability is not optional but necessary. When businesses know they will be held responsible, they are more likely to invest in security and prevention. Users cannot manage this alone. The system must ensure that those with the most power carry the most responsibility.

Stronger accountability is necessary to ensure personal data is properly protected. (Image: Freepik)

Rethinking business responsibility

Most people just click “accept” when they install an app or sign up for a service. They don’t read the terms, and realistically, they can’t be expected to. Businesses need to take more responsibility for how data is used, rather than relying on users to protect themselves.

A more practical approach is to reduce risk from the start. Not every business needs to collect so much data. Limiting what is collected, using safer default settings, and being more careful about how data is shared can already make a big difference.

There is also a need for stronger and more independent monitoring. This could be done through government or trusted third parties. The key point is that responsibility should not sit with individual users, but with institutions that have the ability to enforce standards.

The financial sector offers a useful comparison. When people sign mortgage documents, they rarely read everything. They rely on the fact that banks are regulated and expected to follow clear rules. A similar approach can work for data, where users trust that platforms are being monitored, rather than trying to protect themselves all the time.

A gap remains between companies. Some invest seriously in data protection, while others do very little. A more consistent baseline would help reduce this gap and limit misuse.

Communication also needs to improve. Instead of long and complex policies, businesses should explain in simple terms what data is collected and why. That alone can build more trust than formal compliance.

Ultimately, compliance should not be treated as a box to tick. It is part of building a system where data can be used but not abused.

A shared responsibility for the future

Stronger data protection will not be achieved through harsher penalties alone. In many cases, punishment is not sufficient to prevent harmful behaviour. The focus should shift to prevention and shared responsibility.

For regulators, the priority is to keep rules simple, clear, and practical. When regulations are too complex, people ignore them. Governments should focus on guiding, monitoring, and intervening early to reduce harm, rather than adding more layers of rules or shifting responsibility onto businesses or users.

Businesses need to act earlier as well. They have the tools to detect misuse, so they should focus on prevention, not just response. Clear communication with users is also important so people understand what they are agreeing to.

Users must also play their part. Many still share personal data without fully considering the consequences. Even small habits, such as sharing less personal information and taking a moment before giving consent, can significantly reduce risk. For example, it is useful to check the sender’s email address before clicking on a link or opening a file.

Ultimately, data protection depends on shared responsibility. Regulators set the framework, businesses build safer systems, and users become more aware of how their data is used. This balance helps strengthen trust in digital systems.

Story: Dr James Kang, senior lecturer in Computer Science at RMIT University Vietnam

Media Release

Science and technology

11 May 2026

Share

Engage

Contact RMIT News

Find an expert

RMIT Vietnam facts & figures

Related news

RMIT and ACV partner to develop Vietnam’s aviation workforce

Media Release

12 May 2026

RMIT University has signed a Memorandum of Understanding with the Airports Corporation of Vietnam (ACV) to strengthen collaboration in education, talent development and innovation for the future of Vietnam’s aviation sector.