Processing of children’s personal data: a comparative study of the EU legal framework and Vietnamese law

Children are the future of every nation and constitute a vulnerable group, as they lack the capacity to fully protect themselves. Therefore, the regulations of various countries emphasize the protection of children’s legitimate rights. Especially in the digital age, protecting the personal data of this group has become more complex and presents numerous challenges for nations. In this article, the authors analyze and compare the legal frameworks of the EU and Vietnam regarding the protection of children’s rights in the processing of personal data. The article provides an overview of EU regulations, particularly the 2016 General Data Protection Regulation (GDPR), which includes strict rules on the collection and processing of children’s data, requiring explicit consent from parents or guardians. In Vietnam, ‘Decree No. 13/2023/ND-CP’ is the primary legal mechanism analyzed and discussed by the authors, with the aim of highlighting the similarities and differences between the two legal systems. The analysis identifies key shortcomings, including the lack of a “best interests of the child” criterion, the absence of provisions on the “right to be forgotten” in Vietnamese law and the significant discrepancy in fines imposed for personal data violations between Vietnam and the EU. In this spirit, some recommendations are proposed to protect children’s data rights in Vietnamese law based on EU experiences.