Zalo responds to backlash over updated terms of service in Vietnam

The platform sought to clarify several of the most pressing questions surrounding the changes, particularly those related to data collection, privacy, and user rights.

Regarding user data, Zalo said it requires ‘certain information’ during its operations in order to provide application features, ensure stable service performance, and protect user accounts.

The company emphasized that all purposes for data use are clearly outlined in the terms of service and that data is used strictly in line with those stated purposes.

Zalo explained that citizen identification information is collected only in limited circumstances, such as when necessary for account verification, fraud prevention, or account protection.

The processing of such information, the company said, fully complies with applicable laws.

In addition, Zalo noted that it is in charge of requesting information related to family relationships in order to verify guardianship and safeguard the rights of users under the age of 16.

On the issue of sharing data with third parties, Zalo stated that any such sharing must be explicitly approved by users in accordance with legal requirements.

For example, when users access third-party applications through Zalo, the platform displays a consent screen allowing users to decide whether to share their information with those applications.

Zalo also affirmed that users can review and withdraw data-sharing permissions at any time via the ‘Permissions Management’ section within the app.

Notably, Zalo reiterated its commitment to user privacy by stating that it does not store the content of personal messages or calls.

“We do not use the content of private messages or calls between individuals for any purpose,” according to Zalo.

Account deletion for users who disagree

In response to questions about user control over personal data and privacy, Zalo said users can view, update, and adjust privacy-related settings directly within the app by navigating to Personal > Privacy.

Users may also contact Zalo for support regarding personal data issues.

As for data protection measures, Zalo highlighted its compliance with the international ISO/IEC 27001:2022 standard on information security, which has been assessed and certified by the British Standards Institution.

The company underlined that it also adheres to Vietnamese legal regulations on information security and personal data protection.

Zalo further disclosed that it is in the process of seeking approval from relevant authorities to implement end-to-end encryption (E2EE), a step aimed at strengthening the security of personal conversations on the platform.

However, Zalo confirmed that users who do not agree with the updated terms of service will no longer be able to use the platform.

In such cases, the company will terminate the service and delete the user’s account.

In accordance with personal data protection laws, Zalo stated that it is obligated to delete the user’s previously stored data.

Zalo had previously required millions of users to accept its updated terms of service, raising concerns over privacy and data security just days before Vietnam’s Law on Personal Data Protection takes effect on January 1.

Under the new terms, Zalo, operated by VNG Corporation, one of Vietnam's leading tech firms, seeks to expand the collection of user data, including phone numbers, full names, gender, and family relationships, as well as sensitive information such as citizen ID numbers, location data, usage behavior, and interaction content.

Users must accept all terms or face account deletion after 45 days, with no option for partial consent.

The move has sparked widespread criticism online.