New Russian law bans citizens’ personal data being held on foreign servers
All internet companies collecting personal information from Russian citizens are obliged to store that data inside the country, according to a new law. Its supporters cite security reasons, while opponents see it as an infringement of freedoms.
The law, passed Friday by the State Duma, the lower chamber of
the Russian parliament, would come into force Sept. 1, 2016. The
authors of the legislation believe that it gives both foreign and
domestic internet companies enough time to create data-storage
facilities in Russia.
The bill was proposed after some Russian MPs deemed it unwise
that the bulk of Russians’ online personal data is held on
foreign servers, mostly in the US.
“In this way foreign states possess full information,
correspondence, photographs of not only our individuals, but
companies as well,” one of the authors of the bill, Vadim
Dengin of the Liberal Democratic Party (LDPR) told Itar-Tass.
“All of the [internet] companies, including the foreign ones,
you are welcome to store that information, but please create data
centers in Russia so that it can be controlled by Roscomnadzor
(the Federal Communications Supervisory Service) and there would
be a guarantee from the state that [the data] isn’t going
anywhere.”
Russian MPs believe the new law is in tune with the current
European policy of trying to legally protect online personal
data. Deputy chairman of the Duma’s committee on information
policy, Leonid Levin, said the Russian law serves goals similar
to those of the recent decision by European Court of Justice,
which endorsed the so-called “right to be forgotten,”
obliging Google to remove upon request links to personal data.
“The security of Russians’ personal data is one of the basic
rights that should be protected, legally and otherwise,”
Levin said, Russian Forbes reported.
Websites that don’t comply with the law will find themselves
blacklisted by Roscomnadzor, which will then have the right to
limit access to them.
Critics of the law believe it could be used by authorities for
censorship, however.
"The aim of this law is to create ... [another] quasi-legal
pretext to close Facebook, Twitter, YouTube and all other
services," Internet expert and blogger Anton Nossik told
Reuters.
Some are afraid two years could be not enough for certain
companies to have their online data storage organized in Russia.
Particular concern has been voiced in relation to online hotel
and plane ticket booking services.
Leading Russian airlines Aeroflot and Transaero, for example, use
the same GDS system for online ticket sales as most of the other
airlines in the world. Developing the Russian system might take
longer than the law allows.
“If the law is passed in its current version, then Russians
won’t be able to take a plane not only to Europe, they won’t even
be able to by an online ticket from Moscow to St
Petersburg,” director general of internet payment provider
ChronoPay, Aleksey Kovyrshin, said previously to RBC.
The Russian Association for Electronic Communications (RAEC), an
NGO focused on Russian internet issues, has warned of the
potential economic losses the law might entail.
“The law puts under question cross-border transmission of
personal data,"
RAEC said in a statement. "Passing similar laws on the
localization of personal data in other countries has led to
withdrawal of global services and substantial economic
losses.”