Data protection regulation in Russia
Written by
Lina Gevorgyan (See all posts from this author)
24 de July de 2017
Today IRIS starts a series of publications written by external guests. At the opening of this space, we start with the Russian expert in copyright law and Internet regulation Lina Gevorgyan, about data protection in Russia:
Data protection regulation in Russia is covered by the Federal Law #152-FZ whichrequires data operators to protect gathered personal data. Under personal data the legislator understands any information related to a person or any information that allow to identify a person, including without limitation person’s last name, given name, date, month, year and place of birth, address, family, profession, income, address, e-mail address and any other information.
From July 1, 2017 administrative liability for violation of data protection law has been tightened. Before this recent amendment, data operators under the p.13.11 of the Russian Administrative Code were liable for non-compliance with the data protection regulation and maximum liability was 10 000 rubles fine. From now on p.13.11 has been broadened (from absence of Terms of Use, Terms of Confidentiality to absence of automated collection of data) and fine can amount up to 295 000 rubles.
One of the most interesting clauses of the Federal Law #152-FZ came into force in 2015. It obliges data operators to store personal data of Russian citizens on servers and databases physically located in Russia. Many experts are concerned with some uncertainties of this law, e.g. if it is acceptable to make copies of personal data and store the copies outside of Russia or encrypt this data, etc.
In some cases, Russian government is taking extra measures to protect data and if data operator is not compliant with regulation, the consequences can be severe. One of the high profile cases on data localization is the case of Linkedin which decided not to comply with requirements of Russian authorities and has been blocked in Russia for non-compliance by the Federal Service for Supervision in the Sphere of Telecom, Information Technologies and Mass Communications (Roskomnadzor – Russian governmental body responsible for Internet and Data Regulation and protection). After this illustrative case, in accordance with Roskomnadzor’s information, a number of foreign companies (AliExpress, PayPal, Uber, etc.) made public statements with assurances that they are going to be compliant with Russia data protection regulation.
In light of expanding data protection regulation we can come to a conclusion that for the Russian authorities, control of information is a high priority issue.