Database

It is reported that, rather than following internationally recognized standards, Russia is developing its national communication standard on the basis of NG1 mobile broadband standard. NG1 provides the usage of unpaired frequency bands not suitable for GSM, UMTS, CDMA and LTE. Only China and India have experience in manufacturing equipment for NG1.

Firms selling telecommunications equipment are required to have scientific equipment manufacturing located within Russia. In this regard, it is possible that the firms’ inputs of electronic equipment and machinery and equipment should come from domestic sources.

It is reported that Russia has a complex and non-transparent licensing regime in place that impedes the importation of telecommunication equipment that incorporates encryption technology. Russia committed to reform its import licensing regime for products with cryptographic functionalities (“encryption products”) in its WTO accession protocol, but it continues to limit the importation of encryption products through the use of import licenses or one-time “notifications”.

Additionally, the process for importing consumer electronic products considered to be “mass market” has been aggravated. Theoretically, a simple notification process is supposed to apply to “mass market” products as defined under the Wassenaar Arrangement on Export Controls for Conventional Arms and Dual-Use Goods and Technologies. However, the definition of “mass market” products in the regulation of Russia's customs union diverges from this definition and does not accurately reflect the definition of these products under the Wassenaar Arrangement or Russia’s WTO protocol.

Therefore, imports of encryption products and particularly common consumer electronic products continue to be inhibited and cannot be imported via a simple notification.

It is reported that, in order to implement the measures contained in Law No. 139-FZ, the Russian government has implemented online filtering protocols such as the Deep Packet Inspection surveillance system.

According to a rights group organization (Agora), incidents of bans on online content issued by courts as well as similar decisions by government agencies that do not require court approval soared from 1,019 in 2014 to 9,022 in 2015. The same source cites that Russia has also prosecuted and sentenced to prison a growing number of individuals for posting information online. In 2017, Agora reported that Russia had seen more than 115,000 online censorship cases, 110,000 of which related to websites being blocked. The group has estimated that the Russian regime blocked an average of 244 websites a day in 2017 alone.

Reportedly, Roskomnadzor (Russia's communication watchdog) has blacklisted the NoBlock service, which enables users to access international websites which are censored by Russian officials. The decision follows a court ruling in Anapa (Russia) in April 2015, which judged that allowing NoBlock to operate allows users “to have full access to all banned websites through anonymous browsing and user IP masking”.

Roskomnadzor has also ordered the blocking of a Euronews video published on YouTube following a user's comment was deemed extremist by a local court. Additionally, in April 2017, a Moscow court banned the popular messaging application Telegram, on the ground that the firm refused to give Russia’s Federal Security Service (FSB) encryption keys that would grant access to user messaging data.

The Law No. 139-FZ establishes a blacklist of Internet sites that contain drug-related material, extremist material and other content recognized as illegal in Russia that internet service providers within Russia are required to block. IKEA has closed its webiste fearing that the content which was advertising could be interpret by Russian officials as gay propaganda. Additionally, in August 2015, the Russian government briefly blocked access to Reddit, GitHub and Wikipedia for featuring content related to suicide and drugs.

Another example is Wikipedia, which was blocked over a report about a drug. Roskomnadzor, the country's communications watchdog, ordered Wikipedia to delete a certain page, stating it contained information on drugs. A few hours later, Roskomnadzor removed Wikipedia from its official list of banned sites, saying that the page had been edited to its approval.

In addition to the provisions of the Law No. 139-FZ, telecommunication operators and Internet Service Providers are allowed to block different types of traffic over their networks provided that they comply with the relevant legislation and agreements with users/beneficiaries.

ISPs that do not block banned sites according to the rulings of the state regulator Roskomnadzor will be required to pay up to a 100,000 Ruble (approximately USD 1,700) penalty. Public officials and entrepreneurs will face fines of 5,000 Rubles (USD 86) and 30,000 rubles (USD 519), respectively, for failing to implement Roskomnadzor’s instructions.

Under the “Anti-Piracy” Law, the owners of any work protected by copyright or neighboring rights (with the exception of photographs) can apply for preliminary blocking injunctions with the Moscow City Court. If the injunction is granted, website owners will have one business day to address the injunction.

If the website operator does not restrict access to the allegedly infringing materials within one day after getting the notice, the hosting provider has three days to block access to that website. If this is not done, the internet service providers must restrict access to the website after adding the information about the website to the special registry kept by Roskomnadzor (the authorized media regulator).

Failure to prompty meet copyright takedowns will result in cash fines penalties of between 3,000 rubles (approx. USD 40) for individuals, increasing to a maximum of 500,000 rubles (approx. USD 6,600) for businesses in addition to 90 day business suspensions and confiscation of servers.

ISPs are required to restrict the user’s access to the instant messaging applications within a day if they suspect that messages contain information that violates Russian legislation. ISPs that fail to meet this requirement will be blocked by the authorities.

Federal Law No. 276 prohibits internet intermediaries from providing access to websites and information resources that are designated as “resources with restricted access” by Roskomnadzor. The Law requires Roskomnadzor to create a national information database of online resources and services to which access is prohibited in Russia. Internet service providers (ISPs) will be required to identify those owners of resources who do not block access to prohibited online resources and report them to the Roskomnadzor within three days. Operators of online search engines are required to block links to websites included in the database of prohibited online resources. If the owner of the network or information resource continues to ignore the requirement to block access to restricted websites, its Internet connection can be terminated by the ISP within 24 hours.

It has also been reported that Roskomnadzor is drafting a regulation that would establish the registration of owners and operators of information networks and search engines. Only registered owners and operators would have access to the database of prohibited resources. Owners of search engines, VPNs, and proxy servers would receive daily information on resources added to the list of banned content and would be required to block access to such resources within one day.

There is no explicit requirement for monitoring. However, Article 1253 (3)(1) of the “Anti-Piracy Law” provides that hosting providers are not liable for third-party content unless they “knew or ought to have known” that infringing material was being used illegally on their service. In other words, the article contains a “constructive knowledge” clause, that may incentivise intermediaries to monitor their services in order to locate “illegal” material.

Federal Law No. 241 prohibits the anonymous use of instant message (“IM”) services. Providers are obliged to identify users by their phone numbers based on the agreement with the communications provider.

The Russian Government has given instructions to require public Wi-Fi user identification. The government decrees require that:
- ISPs should identify Internet users, by means of identity documents (such as passport);
- ISPs should identify terminal equipment by determining the unique hardware identifier of the data network;
- all legal entities in Russia are required to provide ISPs monthly with the list of the individuals that connected to the Internet using their network.

The data should be stored locally for a period of at least six months.

Later in 2015, the authorities have proposed the following levels of fines for non-compliance:
- 5,000-50,000 rubles (approx. 60-140 USD) for individual entrepreneurs; and
- 100,000-200,000 rubles (approx. 1,400-2,600 USD) for legal entities.
The fines would be higher for repeating offenders.

In Russia, non-compliance with data protection laws can be punishable with: civil sanctions, administrative sanctions and criminal sanctions.

It is reported that Russian data protection laws have been enforced quite heavily in recent years and data subjects have sent many complaints to Roskomnadzor.

There has also been a growing number of appeals by data operators against the orders and decisions of Roskomnadzor imposing different sanctions on data operators and blocking their Internet resources.

As of 2017, Russia diversified how it fines breaches of data processing legislation, and increased overall fines. Now, illegal data processing can be fined between RUB 15,000 (approx. USD 260) and RUB 70,000 (approx. USD 1,230).

Additionally, Law No. 374 amends the Code of Administrative Violations to establish fines of up to RUB40,000 (approx. USD 700) for encryption which goes beyond mandated levels and for the use of previously uncertified encryption equipment. Furthermore, the Law imposes on distributors of information via the Internet the obligation to report to the Federal Security Service “all information required for the description of received, transferred, or delivered electronic communications.” The refusal to provide such information will be punishable by a fine in the amount of RUB 1,000,000 (approx. USD 16,000).

Under a provision of the Federal Law 374 effective in July 2018, the exact text of transmitted messages, records of telephone communications (“voice information”), and content of other communications must be preserved by telecommunications network operators for a period of six months. This information must be forwarded to the security services upon their request.