Yes, web scraping is permissible in Vietnam but strictly constrained by data protection and cybersecurity laws. While no explicit ban exists, compliance with the Law on Cybersecurity (2018), Decree 53/2022/ND-CP, and the Personal Data Protection Decree (PDPD, effective July 2023) is mandatory. Unauthorized scraping of personal or sensitive data risks fines up to VND 5 billion (≈USD 210,000) under the PDPD’s 2026 enforcement framework.
Key Regulations for Web Scraping in Vietnam
- Personal Data Protection Decree (PDPD, 2023): Requires explicit consent for scraping personal data unless exempt under Article 17. Violations trigger administrative penalties or criminal liability under the 2015 Penal Code (amended 2017).
- Law on Cybersecurity (2018): Mandates prior notification to the Ministry of Public Security (MPS) for large-scale data collection (Article 26). Non-compliance may result in platform blocking or criminal prosecution.
- Decree 53/2022/ND-CP: Prohibits scraping government or critical infrastructure data without authorization. Entities must adhere to Vietnam’s cross-border data transfer restrictions (Article 26.3).
Practical Compliance Steps
- Consent Mechanisms: Implement opt-in protocols for personal data extraction, aligning with PDPD’s “purpose limitation” principle.
- Data Localization: Store scraped data within Vietnam unless exempt under PDPD’s Chapter IV provisions.
- MPS Notification: File a data collection report with the MPS for projects exceeding 1,000 records or involving sensitive categories (e.g., biometrics).
Failure to comply risks enforcement actions by the MPS, Ministry of Information and Communications (MIC), or provincial authorities under the 2023 Cybersecurity Law’s 2026 enforcement phase.