Nghị định 47/2020/NĐ-CP về quản lý, kết nối và chia sẻ dữ liệu số của cơ quan nhà nước

DECREE

MANAGEMENT, CONNECTION AND SHARE OF DIGITAL DATA OF REGULATORY AGENCIES

Pursuant to Law on Governmental Organization dated June 19, 2015;

Pursuant to Law on Information Technology dated June 29, 2006;

Pursuant to Law on Electronic Transactions dated November 29, 2005;

Pursuant to Law on Information Access dated April 6, 2016;

At request of Minister of Information and Communications;

The Government promulgates Decree on management, connection and share of digital data of regulatory agencies.

Chapter I

GENERAL PROVISIONS

Article 1. Scope

1. This Decree prescribes management, connection and share of digital data of regulatory agencies, including: digital data management and administration; connection and digital data share; digital data utilization and use of regulatory agencies; provision of open data of regulatory agencies for organizations and individuals; rights and responsibilities in connecting and sharing digital data of regulatory agencies.

2. This Decree does not apply to sharing digital data containing government secret information specified under Law on Protection of Government Secret. Sharing of digital information containing government secret information shall comply with applicable regulations and law.

Article 2. Regulated entities

This Decree applies to regulatory agencies including ministries, ministerial agencies, governmental agencies and People’s Committees of all levels; organizations and individuals utilizing and using digital data of regulatory agencies shared by regulatory agencies as per the law.

Article 3. Interpretations

In this Decree, terms below shall be construed as follows:

1. “Digital data” refers to data in form of symbols, words, numbers, images, sound or similar forms expressed in digital signals. Digital data shall contain digital information and shall be shared in data messages. In this Decree, data shall refer to digital data.

2. “Structure of exchanged data” refers to structure of data messages exchanged among information systems and database.

3. “Data sharing services” refer to services that provide and share data for agencies, organizations and individuals utilizing or collecting data from agencies, organizations and individuals via information systems. In information systems, data sharing services are interface of software serving data message connection and exchange with external systems.

4. “Open database of regulatory agencies” refers to data widely distributed by competent regulatory agencies to agencies, organizations and individuals for use, redistribution and share. In this Decree, open data refers to open data of regulatory agencies.

5. “Default data share method” refers to methods of sharing regular data in regulatory agencies following simple procedures in which regulatory agencies prepare all data sharing services and provide standardized data in terms of structure of exchanged data via data sharing services for multiple regulatory agencies.

6. “Data sharing on a case-by-case basis” refers to methods of sharing data with other regulatory agencies at request for data not universally shared by different regulatory agencies; this method of sharing data requires cooperation by parties in terms of infrastructure, technical and technological conditions to process or create the data.

7. “Common schedule data” refers to data on schedules and classification tables issued by competent regulatory agencies and used commonly in information systems and database to ensure synchronized data integration, exchange and sharing.

8. “Open format” refers to format of files or data messages specified in technical declarations of organizations operating in standard affairs and not limited while applying said technical declarations.

9. “Master data” refers to data containing the most basic information to identify and describe core and independent professional entities.

10. “National portal” refers to contact point providing access to information and data at data.gov.vn on the internet serving publicizing open data, providing information on sharing data of regulatory agencies; providing documents, services, tools, applications to process and utilize data publicized by regulatory agencies.

Article 4. Legal value of shared data

Legal value of shared data in data messages shall be determined according to legal value of the data messages specified in Section 1 Chapter II of Law on E-Transactions and relevant law provisions.

Article 5. General rules in data management, connection and share

1. Data formed during operation of regulatory agencies and shared to serve operations of regulatory agencies in order to serve the people and enterprises shall comply with regulations and law in data creation, management and use.

2. Regulatory agencies are responsible for sharing data with other agencies, organizations and individuals as per the law; not sharing information in written form in case of information utilized in form of connection and data share among information systems; not collecting or recollecting data or requesting people and enterprises to provide information and data during administrative violations if said data has been provided by other regulatory agencies, being ready for provision via connection and data share, in case said data is not qualified in terms of quality according to specialized standards and regulations or otherwise regulated by the law.

3. Data sharing among regulatory agencies shall not affect powers and responsibilities of relevant organizations and individuals, not violate rights regarding private lives, personal secrets and family secrets unless otherwise specified by the law.

4. Shared data must be updated and accurate as per the law.

5. Data shared among regulatory agencies shall not be charged, except for cases of utilizing or using data under schedules specified in Law on Fees and Charges.

6. Data of regulatory agencies shared to organizations and individuals shall comply with following principles:

a) Organizations and individuals shall hold the rights to utilize their data or data of other organizations and individuals with their consent, unless otherwise specified by regulations and law;

b) With respect to cases other than those specified in Point a of this Clauses, data of regulatory agencies shared for organizations and individuals shall comply with Law on Information Access and applicable regulations and law.

Article 6. Connecting and sharing data

1. Regulatory agencies managing data are responsible for adopting measures to manage and supervise data and ensure available connection and data share for agencies, organizations and individuals specified in Chapter II of this Decree.

2. With respect to open data, agencies, organizations and individuals shall connect and utilize data publicized by regulatory agencies as specified in Section 3 Chapter II of this Decree.

3. Connect and share data with regulatory agencies satisfactory to following regulations:

a) With respect to data ready to be shared in default method, comply with regulations under Section 2 Chapter III of this Decree;

b) With respect to data not ready to be shared in default method, agencies that provide and utilize data shall cooperate and implement the data sharing on a case-by-case basis specified under Section 3 Chapter III of this Decree;

c) In case of incapable of connecting or sharing data according to Points a or b of this Clause, comply with regulations and law on handling complaints regarding connection and data share under Section 5 Chapter III of this Decree.

4. With respect to data connected and shared by regulatory agencies to individuals: in case regulatory agencies that provide the data permit connection and utilization as per the law, organizations and individuals that connect and utilize data are responsible for implementing obligations similar to those performed by regulatory agencies that connect and utilize data specified under this Decree.

Article 7. Requirements in data management, connection and share

Regulatory agencies that connect and share data must satisfy following requirements:

1. Appoint an official to act as a contact point to be responsible for connecting and sharing data; publicize phone number, e-mail address, name and titles of the official mentioned above. Officials acting as contact point are responsible for connecting, cooperating and handling issues regarding connection and data share of their agencies and entities with different agencies and entities.

2. Publicize information regarding contact points in charge of connection and data share; information regarding readiness in sharing data and other information which are to be publicized according to this Decree.

3. Comply with regulations and law on information security; regulations and law on intellectual property related to data; privacy of organizations and individuals.

4. Ensure that shared data must be sent, received, stored and processed by digital devices.

5. Comply with technical regulations and instructions regarding data exchange, application of information technology in regulatory agencies and rules specified Article 5 of this Decree.

6. Conform to Vietnam Electronic Government Structure Frame.

Article 8. Prohibited acts

1. Obstruct connection, rights to connect and use data legally of agencies, organizations and individuals as per the law.

2. Sell, trade or exchange data against regulations and law.

3. Violations against regulations and law on intellectual property, personal information protection rights upon connecting and sharing data.

4. Falsify data during transmission from agencies providing data to agencies utilizing data.

5. Destroy information infrastructure interrupt connection and data share.

Chapter II

DATA AND DATABASE MANAGEMENT AND DATA ADMINISTRATION IN REGULATORY AGENCIES AND ENSURING AVAILABLE CONNECTION AND DATA SHARE

Section 1. DATA AND DATABASE MANAGEMENT IN REGULATORY AGENCIES

Article 9. Rules of data and database management in regulatory agencies

1. Data in regulatory agencies shall be organized in a joint fashion and assigned for management according to their management responsibilities. Internal data and database of agencies and entities must be organized and stored in a manner that facilitates sharing for other agencies and entities.

2. Creation of data in database in regulatory agencies must use common schedule data in accordance with master data publicized by competent regulatory agencies.

3. Regulatory agencies shall not request individuals and organizations to provide again the data which is under management by the agencies or data which can be shared by other regulatory agencies, except for cases of requesting information serving update or data verification.

Article 10. Data and database organization and management

1. Contents of data organization and management:

a) Collect and organize data to create databases;

b) Manage, maintain, update data and manage data change;

c) Share data and manage shared data;

d) Utilize and use data under their management and utilization, use data shared by other regulatory agencies.

2. Regulatory agencies are responsible for implementing data organization and management as specified in Clause 1 of this Article and complying with regulations and law.

Article 11. Database in regulatory agencies

1. Database in regulatory agencies includes:

a) National database;

b) Databases of ministries, sectors and local government including: shared database of ministries; shared databases of sectors; shared databases of local governments;

c) Other databases in any information system of regulatory agencies not specified in Point a and Point b of this Clause;

2. Ministry of Information and Communications shall take charge and cooperate with relevant agencies in developing and proposing the Government with list of national databases.

3. Entities specialized in information technology of ministries, ministerial agencies, Governmental agencies, provinces and central-affiliated cities shall take charge and cooperate with relevant entities in developing and proposing ministers, heads of ministerial agencies, Governmental agencies, Chairpersons of People’s Committees of provinces and central-affiliated cities with lists of databases under management of ministries, sectors and local governments.

4. Lists of databases of ministries, sectors and local governments must include following information:

a) Name of databases;

b) Aim, scope and contents of each database;

c) Methods of collecting and updating data, data sources of each database;

d) Classify lists of databases including: open data; data shared in default method, data shared on a case-by-case basis for each database that suit each user.

5. Databases on populations, land and enterprises are fundamental databases developing e-government.

Article 12. List of national database and maintenance of national database

1. In case of adding, revising or removing national databases from lists of national databases, agencies that preside the databases shall submit request together with explanation for the request to Ministry of Information and Communications and propose the Government for consideration and decision on revising list of national databases.

2. In case of requesting to add databases to the list of national databases, agencies submitting the request shall send explanation to Ministry of Information and Communications which includes following basic information:

a) Name of national databases;

b) Purposes of developing national databases;

c) Scope of data in national databases; information on master data of national databases for storage and share;

d) Subjects and purposes of use and utilizations;

dd) Information sources which will be developed and updated in national databases;

e) Methods of sharing data from national databases.

3. National databases added to the list must satisfy following requirements:

a) Data must have legal value equivalent to physical documents containing information provided by competent agencies;

b) Containing master data of the Government which will be used as a basis for databases of ministries, sectors and local governments to refer to and synchronize;

c) Data shall be shared and used for many ministries, sectors and local governments to handle administrative procedures and administrative reform, simplify administrative procedures for people and enterprises;

4. List of national databases must be updated according to demands of information technology of each development phase of e-Government or at request of ministries, ministerial agencies, Governmental agencies and agencies of provinces and central-affiliated cities.

Article 13. National portal

1. Shall act as contact point of regulatory agencies providing open data on cyber environment to promote transparency in Government operation, creativity and socio-economic development.

2. Act as contact point providing technical support, monitoring connection and data share among information systems in regulatory agencies.

3. Regulatory agencies are responsible for monitoring, registering and providing information about data and open data; open data management; ability to share data and data utilization demands on the national portal.

4. Data sharing services management system shall be a part of the national portal.

5. Satisfy other requirements regarding data administration of regulatory agencies.

Section 2. DATA ADMINISTRATION, DATA SHARING AND UTILIZATION ADMINISTRATION

Article 14. Data administration and data sharing and utilization administration

1. Data administration and data sharing and utilization administration activities include

a) Develop data strategies, data and database development plans to ensure ability to connect, share and use data within regulatory agencies;

b) Develop legislative documents and policies on utilization and use of shared data of databases; regulations and standards on structure of exchanged data; technical documents on data exchange;

c) Organize, provide, utilize, share and use data serving operation of regulatory agencies and share data for organizations and individuals as per the law;

d) Cooperate, examine, monitor and handle complaints during connection and data sharing process;

dd) Examine, assess and maintain data; manage data quality;

e) Integrate data, analyze and consolidate data serving state management and develop long-term development strategies.

2. Ministries, ministerial agencies, Governmental agencies, People’s Committees of provinces and central-affiliated cities are responsible for organizing implementation and implementing regulations under Clause 1 of this Decree with respect to data under their management, and complying with regulations and law.

Article 15. Inspection, examination and supervision of connection and data share

1. Ministry of Information and Communications are responsible for inspecting and examining connection and data sharing activities within their competence; providing guidelines for inspecting and examining connection and data share in regulatory agencies.

2. Ministers, ministerial agencies and Governmental agencies are responsible for directing, inspecting and examining connection and data share within their management; Chairpersons of People’s Committees of provinces and central-affiliated cities are responsible for directing, inspecting and examining data management, connection and share in provinces.

Article 16. Data examination, assessment and maintenance    

1. Data must be examined, assessed and maintained on a year basis.

2. Contents of data examination and assessment include:

a) List all data contents;

b) Assess compliance with standards and regulations on data;

c) Assess data quality including: accuracy and intactness of data, unusual data;

d) Assess data maintenance, operation and update, data update and utilization record;

dd) Assess data share, users and sharing purposes according to regulations and policies on utilization and use of shared data;

e) Other contents according to instructions of competent agencies specialized in information technology suitable for each time period.

3. Assessment results must be made into physical documents and include necessary activities to maintain data (if any).

4. Agencies that preside database are responsible for organizing data self-assessment on a periodic basis and submitting reports to entities specialized in information technology of ministries, ministerial agencies, governmental agencies and agencies of provinces and central-affiliated cities before December 31 of each year.

5. Within their management, entities specialized in information technology of ministries, ministerial agencies, governmental agencies and agencies of provinces and central-affiliated cities are responsible for:

a) Instructing agencies presiding databases shall examine and assess their data;

b) Preparing programs and plans for examining and assessing data, presenting ministers, heads of ministerial agencies, governmental agencies and Chairpersons of People’s Committees of provinces and central affiliated agencies for approval and implementation of data assessment and examination programs and plans.

6. Entities presiding database are responsible for adopting measures to maintain data according to results of data examination and assessment.

Section 3. OPEN DATA OF REGULATORY AGENCIES

Article 17. Rules of providing open data of regulatory agencies

1. Provision of open data of regulatory agencies for organizations and individuals must satisfy following requirements:

a) Open data must be complete and fully contain data provided by regulatory agencies;

b) Provided open data must be the latest data;

c) Open data must be accessible from the cyber environment;

d) Open data must be sent, received, stored and processed digital devices;

dd) Organizations and individuals shall be able to freely access and use open data without declaring identification during utilization and use process;

e) Open data must be open format;

g) Open data shall be free to use;

h) Prioritize providing open data which people and enterprises have high demands for.

2. Ministers, heads of ministerial agencies and governmental agencies, Chairpersons of People’s Committees of provinces and central-affiliated cities are responsible for issuing list of open data of regulatory agencies, developing plans and publicizing open data of regulatory agencies within their management.

Article 18. Rules of using open data of regulatory agencies

1. Agencies, organizations and individuals may freely copy, share, exchange, use or integrate open data with other data; use open data in their commercial or non-commercial products and services.

2. Agencies, organizations and individuals must specify reference for any information extracted from open data used in their products and documents.

3. Open data of regulatory agencies shall be at its original state as when it is publicized which does not include methods of presentation and information arising from the provided open data.

4. Agencies, organizations and individuals must not sell open data extracted in its original form from regulatory agencies to other organizations and individuals. When using open data in commercial products and services, fully provide the open data along with said commercial products and services.

5. Regulatory agencies shall not be responsible for any loss or damage done to agencies, organizations and individuals due to using open data.

Article 19. Plans and implementation of open data of regulatory agencies

Within their management, ministerial agencies, governmental agencies, People’s Committees of provinces and central-affiliated cities are responsible for implementing following activities:

1. Developing and implementing plans regarding open data, including publicizing open data and minimum completion in each phase of the plans.

2. Determining methods of collecting and analyzing feedback of individuals and organizations regarding use of open data; allocating contact point to receive feedback of individuals and organizations regarding quality, usability, format and compliance with regulations and law on open data.

3. Adopting necessary preventive measures to maintain construction and publicizing open data directly related to protecting safety of humans and assets affected by open data implementation within their units.

4. Adopting measures to encourage organizations and individuals to use open data:

a) Receive feedback of organizations and individuals to determine order of priority and publicize open data according to demands;

b) Assist organizations and individuals in constructing and contributing to expand open data.

Article 20. Requirements in publicizing open data of regulatory agencies

1. Do not reveal personal information; assess and limit risks of exposing personal information when combining with other information.

2. Ensure safety and security when using open data including risks caused by the open data alone or the open data combining with other data.

3. List of data shall be examined and revised (if any) on a periodic basis, at least once every 6 months; data publicized under the list must be updated or revised (if any) within at least 3 months from the date on which the data is publicized.

4. Complying with relevant regulations and law.

Article 21. Methods of publicizing open data of regulatory agencies

1. Open data of regulatory agencies shall be provided via following methods:

a) Provide packed data and allow organizations and individuals to download;

b) Provide data via data sharing services.

2. Open data must be publicized on the national portal.

Section 4. ENSURING AVAILABLE CONNECTION AND DATA SHARE

Article 22. Rules for utilizing and using shared data

1. Connect, share and use data of regulatory agencies in a manner that complies with regulations on data utilization and use issued by presiding agencies. Regulations on data utilization and use shall be classified depending on topics or databases.

2. Regulations on data utilization and use must be publicized.

Article 23. Methods of sharing data

1. Methods of sharing data include:

a) Connect and share data on the internet between information systems of agencies providing data and agencies utilizing data;

b) Connect and share data on the internet by synchronizing the entire or part of data between databases of agencies providing data and agencies utilizing data;

c) Shared data shall be packed and stored on information storage devices.

2. Encourage application of methods of sharing data specified in Point a Clause 1 of this Article.

3. With respect to methods of sharing data specified in Points a and b Clause 1 of this Article, sharing data shall be determined continuously periodically or indefinitely from the date on which agencies providing data agree to share data following regulations on data utilization and use.

4. Agencies providing data must publicize methods of sharing and connection availability according to regulations under this Decree when publicizing data sharing services.

Article 24. Data sharing services

1. Connection, data provision and utilization between information systems must be conducted via data sharing services.

2. Agencies presiding databases are responsible for establishing and publicizing data sharing services and necessary technical documents serving access to data unde their management.

3. Information regarding data sharing services includes:

a) List of data sharing services and attached necessary technical specifications and documents;

b) Structure of exchanged data must comply with applicable technical regulations and standards;

c) Other necessary information regarding data sharing services which agencies providing data must provide for agencies utilizing data to facilitate access, connection and use of data sharing services.

Article 25. Publicizing information on data sharing services

1. Agencies providing data sharing services shall be responsible for uploading information regarding their data sharing services on data sharing services management systems within 1 working day from the date on which data sharing services are ready to connect and share data.

2. In case of changing or updating data sharing services, agencies providing data sharing services must immediately update information about data sharing services on the data sharing service management system upon any change or update.

3. Information regarding data sharing services must be fully uploaded, promptly and accurately updated.

4. Agencies providing data services are responsible for managing list of data sharing services, information and documents relating to their data sharing services; receiving and handling request, proposition and recommendation of agencies utilizing data regarding data sharing services publicized on the data sharing service management system.

5. Entities specialized in information technology of ministries, ministerial agencies and governmental agencies are responsible for assisting regulatory agencies within their competence in uploading, updating and managing information regarding data sharing services if necessary.

Article 26. Data sharing service management system

1. Data sharing service management system is an information system jointly managing lists of data sharing services of regulatory agencies developed and managed by Ministry of Information and Communications to enable regulatory agencies to utilize and use.

2. Roles and functions of the data sharing service management system:

a) Jointly manage information regarding national data sharing services;

b) Assist agencies providing data in declaring and updating information regarding data sharing services;

c) Assist regulatory agencies in searching, accessing and utilizing data sources and data services shared by regulatory agencies;

d) Assist in receiving request for connection and utilization of data sharing services;

dd) Provide other functions to facilitate connection and data share between regulatory agencies.

3. Regulatory agencies shall look up information regarding data sharing services on the data sharing service management system to connect, share and utilize available data sources of regulatory agencies.

Article 27. Connection and data sharing infrastructure

1. Agencies providing and using data are responsible for ensuring infrastructure conditions serving connection and data share, including:

a) Information system and appropriate network connection infrastructure to provide and utilize data;

b) Tools and measures to protect data and verify data during data sharing and using process;

c) Other technical conditions serving connection, data share, utilization and use.

2. Develop information systems and databases in regulatory agencies and ensure connection and data share, including:

a) Develop structure of shared data and data utilized by sharing;

b) Develop connection components and services to share data;

c) Manage, operate and maintain connection and data share.

3. Ministry of Information and Communications shall take charge and cooperate with relevant agencies in developing basis for integrating and sharing national data serving connection and data share between ministries, ministerial agencies, governmental agencies and agencies in provinces and central-affiliated cities.

4. Entities specialized in information technology of ministries, ministerial agencies, governmental agencies and agencies in provinces and central-affiliated cities shall take charge, develop and maintain infrastructure for connection and data share serving internal connection and data share of ministries, ministerial agencies, governmental agencies and agencies of provinces and central-affiliated cities and connect and share data with other ministries, ministerial agencies, governmental agencies and agencies of provinces and central-affiliated cities.

Article 28. Ensuring safety in connection and data share

Connection and data sharing must comply with regulations and law on cyber information safety, cyber security and following regulations:

1. Entities presiding information systems upon participating in connection and data share shall be responsible for ensuring information safety and security when data is managed, stored, processed and transmitted on their systems.

2. Agencies utilizing data are responsible for ensuring data safety and security when connecting and receiving shared data as specified by agencies providing data and regulations and law.

Article 29. Expenditure on connection and data share

1. With respect to expenditure on investing in infrastructure for connection and data share; platform for integrating and sharing data on a ministerial level, provincial level and national database, funding sources provided by central and local budgets must satisfy following requirements:

a) Central budget shall ensure expenditure for ministries, ministerial agencies, governmental agencies and assist provinces with financial hardships;

b) Local budget shall ensure expenditure for provinces receiving state budget or having drastic income; use remaining budget exceeding budget balance or other legal mobilized sources (if any);

c) Prioritize and encourage investment in form of cooperating with private sectors, especially hiring information technology services, utilize sources of investment economic sectors to develop systems, state budget shall pay for annual service rental.

2. With respect to individual tasks and projects of ministries, sectors and local governments (other than ministerial and provincial platforms for data integration and share):

a) Ministries, sectors and local governments shall subtract from estimates to implement or hire information technology with respect to projects generating revenues or funding sources guaranteed by the revenues of the projects;

b) With respect to provinces in mountain regions facing particular hardships, central budget shall partially assist expenditure upon approved by competent authorities.

3. Expenditure on maintaining and operating connection and data share shall be included in estimates for management, operation and maintenance of information systems and databases and taken from annual concurrent expenditure of state budget depending on budget classification (expenditure on non-concurrent tasks, non-autonomous) of regulatory agencies.

Article 30. Personnel for connection and data share

1. Personnel for connection and data share shall be taken from on-site personnel managing and operating information systems; hiring information technology services and other sources as per the law.

2. Regulatory agencies providing and using data are responsible for satisfying personnel-related requirements to enable management, connection and share.

Chapter III

CONNECTION, DATA SHARE AND USE

Section 1. ORGANIZING CONNECTION AND DATA SHARE

Article 31. Connection and data share between ministries, ministerial agencies, Governmental agencies and agencies in provinces and central-affiliated cities

1. Prime Minister shall be responsible for directing data management, connection and share between ministries, sectors and local governments; promptly dealing with difficulties and complaints that arise during implementation of this Decree.

2. Ministry of Information and Communications is responsible for:

a) issuing legislative documents providing guidelines related to data management, connection and share;

b) expediting, assessing and examining connection and data share, compliance with regulations and law on connection and data share, acting as consultant for Prime Minister to deal with difficulties and complaints regarding data management, connection and share;

c) coordinating connection and data share between ministries, ministerial agencies, governmental agencies and agencies of provinces and central-affiliated cities on national data integration and sharing platform;

d) consolidating and publicizing statistical information on data sharing status of ministries, ministerial agencies, Governmental agencies and agencies of provinces and central-affiliated cities.

3. Ministries, sectors and local governments shall actively prepare necessary requirements, connect, provide data and utilize data to fulfill connection requirements and implement connection.

Article 32. Connection and data share within ministries, ministerial agencies, Governmental agencies and agencies of provinces and central-affiliated cities

1. Heads of ministries, ministerial agencies, Governmental agencies, Chairpersons of People’s Committees of provinces and central-affiliated cities are responsible for directing data management, connection and share within their ministries, sectors and local governments.

2. Entities specialized in information technology of ministries, ministerial agencies, Governmental agencies and agencies of provinces and central-affiliated cities are responsible for:

a) guiding data management, connection and share within their management;

b) monitoring, expediting, assessing and examining connection and data share between agencies and entities within ministries, ministerial agencies, Governmental agencies and agencies of provinces and central-affiliated cities; acting as consultants for heads of said bodies to deal with difficulties and complaints regarding data management, connection and share;

c) coordinating data share, instructing and assisting agencies and entities in connecting outside of ministries, ministerial agencies, Governmental agencies and agencies in provinces and central-affiliated cities under their management.

3. Agencies and entities in ministries, ministerial agencies, Governmental agencies and agencies in provinces and central-affiliated cities are responsible for organizing connection and preparing necessary requirements to satisfy connection conditions and implement connection and data share.

Section 2. DEFAULT DATA SHARE METHOD

Article 33. Preparation and implementation of data provision

Agencies providing data shall:

1. Determine and standardize data provided via default data share method.

2. Identify list of data shared in default method.

3. Develop data sharing services and documents guiding connection and data utilization.

4. Publicize data sharing services according to Article 25 of this Decree.

5. Receive connection request for using data sharing services and data utilizing services from agencies having the need to use data sharing services.

6. Implement connection and data share.

Article 34. Data shared in default share method

1. Data shared in default share method includes following data type:

a) Master data in national database;

b) Master data in databases of ministries, sectors and local governments;

c) Common schedule data;

d) Other data used by many regulatory agencies in the same data format, structure, standards and regulations.

2. Ministers, heads of ministerial agencies, Governmental agencies, Chairpersons of People’s Committees of provinces and central-affiliated cities must issue and review at least once every 6 months to update list of data shared in default method and consider gradual transition from sharing on a case-by-case basis to sharing in default method upon eligible.

Article 35. Submission of connection and data utilization request

1. Agencies and entities shall submit request for connection and data utilization online via the data sharing service management system. In case the data sharing service management system is not ready, submit request in appropriate form accepted by agencies providing data.

2. Contents of request for connection and data use:

a) Identity and name of requesting agencies and entities;

b) Identity and name of connection and data utilization applications (if necessary);

c) Purpose and solution to using data after utilization;

d) Contents of data requested for provision; specify name and quantity of information articles requested;

dd) Identification code, name of data sharing service;

e) Frequency of utilizing shared data;

g) Other necessary information (if any).

3. Within 5 working days from the date on which request is received, agencies providing data are responsible for creating accounts for connection and informing requesting agencies and entities. In case of rejection, provide written explanation.

Section 3. DATA SHARE ON A CASE-BY-CASE BASIS

Article 36. Rules of sharing data on case-by-case basis

1. Only share data by this method in case of unable to share data by default method.

2. Agencies providing data and agencies utilizing data must exchange and agree on details of connection, data share and utilization.

3. Agreed details on data share must be recorded in physical form, electronic form or on assisting information systems (if any).

4. Agencies that have not participated in sharing and utilizing data by following valid agreed details regarding sharing data shall have the rights to apply for participation and become parties to said details.

5. Agreed details regarding sharing data must be publicized for parties participating connection and data share and sent to competent agencies upon request.

Article 37. Preparation procedures for connection and data share

Agencies providing data and agencies utilizing data are responsible for cooperating in:

1. Reviewing demands, regulations, necessary conditions and activities to connect and share data.

2. Developing drafts of agreed details regarding sharing data.

3. Confirming (signing) agreed details regarding sharing data.

4. Implementing agreed details regarding sharing data.

Article 38. Agreed details regarding data sharing

1. List of agencies providing data and agencies utilizing and using data.

2. Data that shall be shared between agencies.

3. Location of data share and use.

4. Period of connection and data use.

5. Methods of sharing data.

6. Methods of handling after receiving data.

7. Conditions and restrictions in sharing and using shared data.

8. Commitments between agencies shall comply with regulations and law on protecting data and agreed details regarding sharing data.

9. Adopt security and verification measures applied to data transmission, storage and access.

10. Requirements related to storing data after sharing; data that arise from data processing after sharing during and after implementation period of agreed details regarding sharing data.

11. Methods of erasing and disposing data after sharing or erasing and disposing data at the time on which data sharing period terminates.

12. Other issues affecting data share agreed by agencies participating in sharing data.

Article 39. Connection, data share and use

Connection, data share and use shall comply with details regarding sharing data agreed upon by agencies. Any changes regarding agreed details during implementation shall be updated to serve as the basis for monitoring, supervising and handling difficulties.

Section 4. CONNECTION AND DATA SHARE MANAGEMENT

Article 40. Accounts and management of accounts for connection

1. Except for cases of sharing data without verifying agencies utilizing data (specified in issued policies on data utilization and use), connecting and data sharing with agencies utilizing data shall use accounts for connection with identification and verification methods suitable for agencies and organizations having the need for connection as per the law.

2. In case of connecting and sharing data via intermediate systems, bodies presiding database may authorize entities managing intermediate systems to manage and issue accounts for connection and data.

3. Issuance and verification of accounts for connection and data share must comply with regulations on data utilization and use related to shared database.

Article 41. Use period of data after utilization

1. Data utilized via sharing from databases has definite use period. Use period must be clearly displayed in regulations on utilizing and using data shared from said databases.

2. Use period of data shall be prescribed as follows:

a) Data utilized via methods specified in Point a Clause 1 Article 23 of this Decree may be used immediately after being utilized unless otherwise specified by the law;

b) Data utilized via methods specified in Point b Clause 1 Article 23 of this Decree may be used within definite period. Data use period shall start from the point of last synchronization from source databases to target databases. Upon expiration of data use period, data in target databases shall have no use value or be synchronized with source databases;

c) This data utilized following method specified in Point c Clause 1 Article 23 of this Decree shall be used multiple times within definite period. Upon the designated period expires, data shall no longer be usable.

Article 42. Data storage upon connection and utilization

Agencies utilizing data may store and use data in any of following cases:

1. To use data within period specified in Article 41 of this Decree.

2. To ensure efficiency of data utilization and use systems.

3. In case permitted by the law.

Article 43. Suspension of connection and data provision on cyber environment provided by agencies

1. Agencies providing data shall suspend providing data sharing services for all agencies utilizing data in following cases:

a) Upgrade, expansion or maintenance of information systems and information infrastructure;

b) In case force majeure interrupts services, connection or impacts operation of information system and data safety.

2. Agencies providing data shall suspend providing data for one or many agencies utilizing data in following cases:

a) The agencies utilizing data have violated regulations on data utilization and use;

b) Data connection is identified to potentially infringe safety or security.

3. In case of suspending connection or service provision according to Point a Clause 1 of this Article, agencies providing data must publicize on website at least 7 days before actively suspending provision of data sharing services, while announcing estimated period of restoring service provision after maintenance, upgrade or expansion of the information infrastructure. Upgrade, expansion and maintenance of systems must be conducted in the shortest period possible and impose minimum risks on agencies utilizing and using data due to interruption and suspension of data sharing service provision.

4. In case of force majeure specified in Point n Clause 1 of this Article, agencies providing data sharing services must announce in appropriate form and immediately adopt corrective measures.

5. With respect to cases specified in Clause 2 of this Article, agencies providing data shall inform agencies utilizing data within 1 day from the date on which violations are detected about following information:

a) Violations against regulations and actions to be taken against violations;

b) Necessary requirements to be taken to maintain or restore connection.

Article 44. Terminating connection and data share on cyber environment

1. Competent agencies providing data shall terminate connection and data share on cyber environment in following cases:

a) Current purpose of using data if agencies utilizing data no longer agrees with the original purpose;

b) Connection cannot be restored due to accidents incidents or objective conditions and agencies providing data can no longer continue to maintain data sharing services;

c) At request of competent agencies according to regulations and law;

d) Agencies utilizing data no longer wishes to continue connection and data utilizing or agreed details regarding sharing data expire.

2. Agencies utilizing data are responsible for fully fulfilling obligations (if any) in termination of connection and data share.

3. Agencies providing data are responsible for informing agencies utilizing data and relevant agencies about results of terminating connection and data share.

Article 45. Storing data share diary

1. Agencies providing data must record history of data request of agencies utilizing data and contents of data shared for agencies utilizing data to serve as the basis for comparing and handling issues relating to use of data after utilization.

2. Contents of recorded history include:

a) Time and method of requesting data and providing data;

b) Identity of agencies requesting data utilization;

c) Contents of request;

d) Ability to satisfy request; contents of shared data (if necessary);

dd) Other necessary information to serve as the basis to deal with complaints regarding using data.

3. Period of storing diary shall comply with regulations on data utilization and use.

Article 46. Form of connection and data share

Connecting and sharing data between information systems and databases shall comply with following order of priority:

1. Connection via intermediate systems: national platform for integration and data sharing; infrastructure for connection and data share in ministerial and provincial levels according to Electronic Government Structure Frame, structure of of electronic government and electronic authorities approved by competent authorities.

2. Connection between information systems and databases when intermediate systems are unavailable or presiding agencies of intermediate systems determine that the intermediate systems cannot satisfy connection and data share requirements.

Section 5. HANDLING DIFFICULTIES IN CONNECTION AND DATA SHARE

Article 47. Difficulties in connection, data share and utilization

Difficulties in management, connection and data share include:

1. Difficulties regarding rights and obligations in sharing and utilizing data as per the law.

2. Difficulties regarding infrastructure for connection and share.

3. Difficulties regarding application and compliance with standards and regulations on data.

4. Difficulties regarding quality of shared data and data use after being shared.

5. Difficulties regarding solutions of connecting and sharing data.

6. Other issues that affect management, connection and data share.

Article 48. Entitlement for receiving and dealing with difficulties

1. Agencies providing data are responsible for receiving and dealing with difficulties that arise during connection and use of data.

2. Ministers, heads of ministerial agencies, Governmental agencies and Chairpersons of People’s Committees are responsible for dealing with data share within the ministries, sectors and local governments.

3. Ministry of Information and Communications shall receive and deal with difficulties related to technical fields, technology and application of technical standards and regulations

4. Prime Minister shall direct to deal with difficulties regarding connection and data share between ministries, sectors and local governments.

Article 49. Procedures for dealing with difficulties

Except for cases in which handling difficulties has been specified in documents of competent authorities, procedures for dealing with difficulties shall be as follows:

1. Agencies utilizing data having difficulties in connection and data share shall request agencies providing data to guide dealing with difficulties. Within 7 working days from the date on which the request for solutions is received, agencies providing data must respond and provide guidance on dealing with difficulties.

2. In case difficulties are not dealt with after following Clause 1 of this Article, agencies having difficulties shall inform entities specialized in information technology of ministries, ministerial agencies, Governmental agencies and agencies of provinces and central-affiliated cities for consideration and solutions.

Within 7 working days from the day on which request for solution is received, entities specialized in information technology must instruct relevant agencies to adopt measures to deal with difficulties under their management or cooperate with relevant agencies in proposing measures and reporting to ministries, heads of ministerial agencies, Governmental agencies and Chairpersons of People’s Committees of provinces and central-affiliated cities.

3. In case of difficulties regarding connection and data share between ministries, sectors and local government or difficulties that cannot be dealt with after following Clause 2 of this Article, depending on the difficulties, ministers, heads of ministerial agencies, Chairpersons of People’s Committees of provinces and central-affiliated cities shall request Ministry of Information and Communication in writing to handle or report to Prime Minister for solutions.

Article 50. Solutions and compliance with solution

1. Principles of dealing with difficulties:

a) Ensure compliance with relevant law provisions;

b) Respect agreed details regarding sharing data of signing agencies (if any);

c) Ensure harmony in benefits of regulatory agencies, mutual interest and respect for solutions of relevant parties.

2. Relevant parties are responsible for complying with solutions provided by competent agencies.

3. Competent agencies capable of dealing with difficulties are responsible for examining compliance with the solutions.

Chapter IV

RIGHTS AND RESPONSIBILITIES IN CONNECTION AND DATA SHARE

Article 51. Rights and responsibilities of agencies providing data

1. Agencies providing data shall have following rights to:

a) Reject request for data share if the request does not conform to regulations under this Decree and relevant law provisions. In this case, agencies providing data must specify reasons for rejection and inform competent agencies capable of receiving and dealing with difficulties under Article 48 of this Decree;

b) Request agencies and entities using data to provide information about use of share data in case of signs of using data against regulations on data utilization and use and regulations and law;

c) Suspend or terminate connection and data share according to Article 43 and 44 of this Decree.

2. Agencies providing data are responsible for:

a) developing information infrastructure to be ready for connection and data share;

b) developing and improving documents providing guidelines for data share;

c) managing and publicizing data according to regulations and law; ensuring data management of the agencies satisfactory to practical data management;

d) ensuring quality of provided data; updating data promptly; rectifying and calibrating in case of discrepancies;

dd) reviewing and assessing information infrastructure, limiting restrictions regarding information infrastructure and data sharing services; assessing difficulties and proposing solutions for dealing with difficulties in sharing data; reporting to competent authorities and regulatory agencies about data share;

e) reporting to competent agencies about data provision and exchange upon request;

g) cooperating with agencies utilizing data and competent agencies in dealing with difficulties and conflicts while using and sharing data;

h) sharing data under management relating to individuals and organizations for other regulatory agencies upon request.

Article 52. Rights and responsibilities of organizations and individuals utilizing and using data

1. Organizations and individuals utilizing and using data shall have rights to:

a) utilize and use data for appropriate purposes;

b) request competent agencies to deal with difficulties that affect their rights to utilize and use shared data.

2. Organizations and individuals utilizing and using data shall be responsible for:

a) complying with this Decree and regulations of competent authorities on connection and data share;

b) utilizing and using data within the correct permissible scope according to regulations on data utilization and use and agreed details regarding sharing data and relevant documents;

c) promptly informing agencies providing data about errors of shared data;

d) cooperating with competent agencies and agencies providing data in dealing with difficulties in sharing and using data.

Article 53. Responsibilities of ministries, ministerial agencies and Governmental agencies

1. Ministry of Information and Communications shall be responsible for:

a) developing and requesting competent authorities to issue national data strategy; guiding implementation of data management, data share and utilization administration in regulatory agencies; monitoring implementation of data administration, data share and utilization administration and data utilization of national database under Article 14 of this Decree;

b) developing and operating national portal;

c) collecting and publicizing list of agencies providing data and list of provided data to enable regulatory agencies to utilize and use. Collecting and managing common schedule data provided for agencies;

d) collecting and assessing connection in form of data sharing on a case-by-case basis to request agencies providing data to change to default data share method;

dd) adopting solutions assisting data share and entities following online public administrative procedures on the basis of connecting and sharing data.

2. Ministry of Planning and Investment shall be responsible for:

Allocating expenditure on investing in construction and upgrade of information systems satisfying requirements regarding data management, connection and share according to this Decree and relevant law provisions.

3. Ministry of Finance shall be responsible for

a) instructing ministries, ministerial agencies, Governmental agencies, People’s Committees of all levels and relevant organizations and individuals to balance and allocate expenditure on investing in information infrastructure and systems serving data sharing;

b) allocating concurrent expenditure for managing, connecting and sharing data according to Law on State Budget and guiding documents.

4. Ministry of Public Security shall be responsible for

Guiding and adopting measures to ensure cyber security during connection and digital data share.

5. Ministries, ministerial agencies and Governmental agencies shall be responsible for

a) implementing and directing entities specialized in information technology to implement tasks specified under this Decree. Organizing implementation and implementing tasks as agencies that provide data for data under their management according to this Decree;

b) developing regulations or technical regulations regarding structure of exchanged data, regulations and procedures for sharing specialized data under their management; issuing regulations on data utilization and use for national database under their management, data bases of ministries and sectors under their management;

c) allocating expenditure for connection and data share;

d) based on practical situations, adjusting and proposing to adjust legislative documents to simplify administrative procedures and specialized administrative on the basis of utilizing shared data.

Article 54. Responsibilities of People’s Committees of provinces and central-affiliated cities

1. Implementing and directing entities specialized in information technology to implement tasks assigned under this Decree. Organizing implementation and implementing tasks as agencies that provide data for data under their management according to this Decree.

2. Issuing regulations on data utilization and use for provincial databases under their management.

3. Requesting provincial People’s Councils to allocate expenditure on managing, connecting and sharing data according to Law on State Budget and relevant guiding documents.

4. Directing affiliated agencies and entities to develop connection and data use measures; developing compatible information system to be ready for connecting and sharing data with national database; databases of ministries, sectors and information systems serving operation of regulatory agencies.

Chapter V

IMPLEMENTATION

Article 55. Transitional clauses

1. Presiding bodies of national databases approved by competent agencies are responsible for examining and sending information specified in Clause 2 Article 12 of this Decree within 3 months from the effective date of this Decree to Ministry of Information and Communications to enable the Ministry to develop list of national databases and present the Government for approval.

2. With respect to databases of ministries, sectors and local governments specified in Article 11 of this Decree, ministers, heads of ministerial agencies, Governmental agencies and Chairpersons People’s Committees of provinces and central-affiliated cities are responsible for organizing review and issuing list of databases of ministries, sectors and local governments within 6 months from the effective date of this Decree and updating in case of any changes.

3. Connection and data share implemented before the effective date of this Decree shall continue to be implemented. Presiding agencies of information systems and databases are responsible for reviewing and ensuring compliance with this Decree when upgrading or expanding (if any).

4. Ministries, ministerial agencies, Governmental agencies and People’s Committees of provinces and central-affiliated cities within their competence are responsible for reviewing documents and regulations that limit connection and data share to amend and request competent authority to amend, replace or annul satisfactory to this Decree.

Article 56. Entry into force

This Decree comes into force from May 25, 2020. In case legislative documents and regulations referred to in this Decree are amended, added or replaced, the new legislative documents shall prevail.

Article 57. Responsibilities for implementation

1. Ministry of Information and Communications are responsible for guiding, examining and expediting implementation of this Decree.

2. Ministers, ministerial agencies, Governmental agencies, Chairpersons of People's Committees of provinces and central-affiliated cities and relevant agencies, organizations and individuals are responsible for implementation of this Decree.

3. Agencies at all levels affiliated to the Communist Party, National Assembly, Office of the President, People’s Councils, People’s Procuracy, People’s Court and other socio-economic organizations shall refer to this Decree to issue appropriate regulations on implementation in their agencies and organizations./.