Russian govt cuts the term of required data storage for telecom providers from 6 months to 1
The Russian government has approved legislation requiring telecom providers to store records of client traffic for 30 days, instead of the original length of 6 months. Internet companies say compliance will still be difficult.
The government order, published on the official state website on Friday, states that the new rules for the storage of users’ text messages, voice information, images, sounds, videos, and other messages by communications providers will come into force on July 1, 2018. However, from the initial launch date, providers must store client data only in “zero volume,” while storage in “full volume” will be required starting October 1. The initial term of obligatory storage is set at 30 days, down from the initially proposed six months. Data providers must gradually increase this period until it reaches six months by July 2023.
In 2016, Russian President Vladimir Putin signed a broad package of bills dubbed the ‘Yarovaya package’ after its main sponsor, MP Irina Yarovaya, then-head of the Lower House Committee for Security.
The package included a provision requiring communications companies, including internet providers, to retain information about their clients’ data traffic for three years (one year for messengers and social media networks) and also to keep records of phone calls, messages, and transferred files. The law also orders communications companies to hand over encryption keys to state security agencies on demand, allowing them to read encrypted data. Non-compliance would be punishable by fine.
The new law orders the amendments concerning data storage and security to come into force in 2018 to give data companies time to restructure and prepare the necessary hardware. Still, internet business owners and the communications sector have protested the new rules, saying that they will need major hardware and software upgrades that could be prohibitively expensive, though the state has not proposed any compensation for the costs.
President Putin issued a separate decree ordering measures to be taken so that the financial risks of the law would be minimal. The changes in Friday’s decree are part of these measures.
Soon after the decree was released, the press service of Russian state telecom corporation Rostelecom told TASS that it considers its execution complicated because the market is currently experiencing a lack of certified hardware for data storage.
One of the leading Russian mobile service providers – Megafon – called the new rules a compromise, and said that earlier estimations of the cost of their execution remains the same, at a hefty 35-40 billion rubles (between $574 million and $656 million).
