Burger King Russia facing probe over reports of unsolicited user data collection
“We have included Burger King into our inspections plan for the next year. All consumers’ complaints that did not fall under our responsibilities were forwarded to our colleagues from the agency responsible for the Russian citizens’ security,” reads a Roskomnadzor statement posted to the Russian social network Vkontakte on Thursday.
“We don’t have an opportunity to quickly initiate out-of-schedule inspections. Even in cases like this one that draw a lot of public attention. But in 2019 we will definitely check the work of Burger King under the law on personal data,” it continues.
The statement comes after Russian internet users started posting alarmed messages in online forums in early July saying that Burger King’s mobile phone application was secretly recording everything that appeared on the screen while it was active. The users alleged that this way Burger King could even get access to numbers and passwords of their bank cards.
In response to the accusations, Burger King’s press office admitted that the unauthorized recording of data did take place, but emphasized that the analysis did not include the actual names of users and that information about bank cards was deliberately excluded from the prepared data arrays.
Russia’s Law on Personal Data, introduced in 2015, requires all companies offering internet services to store users’ personal information inside the country. Websites that refuse to comply with the new rules can be blacklisted by Roskomnadzor and users’ access to them can be limited. However, the personal data collected before September 1, 2015 can remain on foreign servers in its unchanged form. Some exceptions are made for cases mentioned in various international treaties, such as foreign embassies’ online visa services.
Like this story? Share it with a friend!