It has been almost 60 days since the enactment of the Vietnam Government's Decree No. 13/2023/ND-CP on the Protection of Personal Data (PDPD), the country's first comprehensive legislative instrument governing personal data protection, and thus the deadline for outbound data transfer impact assessments (OTIA) submissions is approaching. By adopting the PDPD's broad extraterritoriality,^[1] Vietnam's Government has set a bold goal to effectively safeguard Vietnamese citizens' rights and interests over their personal data. Therefore, businesses, particularly multinational corporations frequently involved with the international transfer of personal data, must be aware of how the PDPD regulates their transfer activities.

This Insight article provides a comprehensive look at the outbound transfer of personal data, and related requirements, including the matters necessary for the compilation of OTIA, as well as differences between OTIA and data processing impact assessments (DPIA) under the PDPD, allowing businesses to take note of some key compliance takeaways.

The emergence of artificial intelligence (AI), particularly with the introduction of powerful generative AI-powered chatbots like Open AI's ChatGPT, Google LLC's Bard, Microsoft Corporation's Bing Chat, Baidu, Inc's ERNIE Bot, and Alibaba's Tongyi Qianwen, has captured considerable attention this year. These powerful language tools are revolutionizing human-technology interactions due to their increasing ability to generate text indistinguishable from those written by humans. Generative AI is also being used for generating other content such as images, videos, computer codes, etc. That said, various experts have warned that advancing the development of AI technologies without appropriate safeguards could cause detrimental effects to humanity. In fact, in July 2023, seven tech companies jointly expressed their voluntary commitment to developing AI responsibly according to the principles of safety, security, and trust¹. Ada Chung Lai-Ling, Privacy Commissioner for Personal Data, Hong Kong, China, discusses the considerations and risks regarding the use of generative AI, as well as the ever-evolving regulatory landscape.

The absence of a comprehensive data protection law has affected India's progress towards becoming a global leader in business, technology, and outsourcing. The enactment of the Digital Personal Data Protection Act, 2023 (the Act), brings with it a promise of enabling the processing of personal data in a way that respects both individual rights and the legitimate needs of businesses to process data for lawful purposes. But what are the key implications businesses need to be aware of? Since the Act is yet to take effect and will likely be rolled out in phases, readiness to comply will be paramount. 

In this Insight article, Harsh Walia, Partner at Khaitan & Co., explores the implications of the Act for businesses, offering guidance on how to navigate the new obligations. This proactive approach will not only ensure adherence to legal requirements but also cultivate a culture of responsible data practices in this digital age.