New Russian law bans citizens’ personal data being held on foreign servers
All internet companies collecting personal information from Russian citizens are obliged to store that data inside the country, according to a new law. Its supporters cite security reasons, while opponents see it as an infringement of freedoms.
The law, passed Friday by the State Duma, the lower chamber of
the Russian parliament, would come into force Sept. 1, 2016. The
authors of the legislation believe that it gives both foreign and
domestic internet companies enough time to create data-storage
facilities in Russia.
The bill was proposed after some Russian MPs deemed it unwise that the bulk of Russians’ online personal data is held on foreign servers, mostly in the US.
“In this way foreign states possess full information, correspondence, photographs of not only our individuals, but companies as well,” one of the authors of the bill, Vadim Dengin of the Liberal Democratic Party (LDPR) told Itar-Tass. “All of the [internet] companies, including the foreign ones, you are welcome to store that information, but please create data centers in Russia so that it can be controlled by Roscomnadzor (the Federal Communications Supervisory Service) and there would be a guarantee from the state that [the data] isn’t going anywhere.”
Russian MPs believe the new law is in tune with the current European policy of trying to legally protect online personal data. Deputy chairman of the Duma’s committee on information policy, Leonid Levin, said the Russian law serves goals similar to those of the recent decision by European Court of Justice, which endorsed the so-called “right to be forgotten,” obliging Google to remove upon request links to personal data.
“The security of Russians’ personal data is one of the basic rights that should be protected, legally and otherwise,” Levin said, Russian Forbes reported.
Websites that don’t comply with the law will find themselves blacklisted by Roscomnadzor, which will then have the right to limit access to them.
Critics of the law believe it could be used by authorities for censorship, however.
"The aim of this law is to create ... [another] quasi-legal pretext to close Facebook, Twitter, YouTube and all other services," Internet expert and blogger Anton Nossik told Reuters.
Some are afraid two years could be not enough for certain companies to have their online data storage organized in Russia. Particular concern has been voiced in relation to online hotel and plane ticket booking services.
Leading Russian airlines Aeroflot and Transaero, for example, use the same GDS system for online ticket sales as most of the other airlines in the world. Developing the Russian system might take longer than the law allows.
“If the law is passed in its current version, then Russians won’t be able to take a plane not only to Europe, they won’t even be able to by an online ticket from Moscow to St Petersburg,” director general of internet payment provider ChronoPay, Aleksey Kovyrshin, said previously to RBC.
The Russian Association for Electronic Communications (RAEC), an NGO focused on Russian internet issues, has warned of the potential economic losses the law might entail.
“The law puts under question cross-border transmission of personal data," RAEC said in a statement. "Passing similar laws on the localization of personal data in other countries has led to withdrawal of global services and substantial economic losses.”