E@ECIPE
Start your weekend right and have a look at our new podcast episodes, webinars and more! ✉️ https://t.co/I4O8mlTIfz https://t.co/OGnB3mMG8CRT IIEA @iiea: 7 years on from the #Brexit vote we're continuing to analyse the impact of the UK's withdrawal from the #EU. Join… https://t.co/cYlxTquavgThe EU is taking charge in regulating data and the digital economy, launching new regulations like the #DMA, #DSA,… https://t.co/jfOuY6kaPNLet's talk about #AI regulations in the #EU! It is important to understand and enhance the benefits, but also min… https://t.co/OU6PEWlg6j🎧 New global economy podcast episode! We talk about the US trade policy and America's role in the world economic o… https://t.co/DHHvBdKZ4M
  • FOLLOW ECIPE
x
Browse

Database

Browse Database
Restrictions on data

RUSSIA

Since September 2014

Chapter Data policies  |  Sub-chapter Administrative requirements on data privacy
Draft order by Minsvyazi (Russian Ministry of Communications)
The Minsvyazi (Russian Ministry of Communications) drafted an order which forces telecom and internet providers to install equipment allowing data collection and retention on their servers for a minimum of 12 hours. This provides the Russian Federal Security Service (FSB) with direct access to a wider range of data - which include users’ phone numbers, account details on popular domestic and overseas online resources (like Gmail, Yandex, Mail.ru etc), IP addresses and location data - without a court order, for the purposes of national anti-terrorist investigations.
Coverage Internet Service Providers
Restrictions on data

RUSSIA

Since January 2007

Chapter Data policies  |  Sub-chapter Administrative requirements on data privacy
Federal Law no. 152-FZ “On Personal Data” (OPD-Law)
Data processors are required to notify both the subject and Roskomnadzor in case of a data breach.
Coverage Horizontal
Restrictions on data

RUSSIA

Since January 2007

Chapter Data policies  |  Sub-chapter Administrative requirements on data privacy
Federal Law no. 152-FZ “On Personal Data” (OPD-Law)
The data operator must take necessary and sufficient protective measures to comply with the data protection legislation, including appointing a data protection officer.
Coverage Horizontal
Restrictions on data

RUSSIA

Since January 2007

Chapter Data policies  |  Sub-chapter Administrative requirements on data privacy
Federal Law no. 152-FZ “On Personal Data” (OPD-Law)
The data operator must take necessary and sufficient protective measures to comply with the data protection legislation, including:
- performing internal control and/or audit to ensure data processing compliance with the data protection legislation and the data operator's policy/documents/local rules;
- evaluating the damages that may be caused to data subjects in the event of a breach of data protection legislation;
- disclosing the relevant provisions of the data protection legislation and data protection requirements that define the policy/documents/local rules of the data operator to the employees.
Coverage Horizontal
Restrictions on data

RUSSIA

Since January 2016

Chapter Data policies  |  Sub-chapter Personal rights to data privacy
Right to Be Forgotten Bill introducing Amendaments to Federal law on information, information technologies and protection of information
Russia passed a law on the right to be forgotten, which appears to set a regime which is more stringent than the European one. The main differences with the ECJ ruling on the right to be forgotten are that people that wish to have their name deleted will not have to provide a specific hyperlink, but they will only need to say which information they woud like to be deleted. Furthermore, contrary to the ECJ decision, public figures also can have their personal information deleted.
Coverage Horizontal
Restrictions on data

RUSSIA

Since 2001

Chapter Data policies  |  Sub-chapter Personal rights to data privacy
Chapter 14 of the Labor Code
The Russian Labor Code stipulates that employers must have the written permission of employees to share their data with third parties.
Coverage Horizontal
Restrictions on data

RUSSIA

Since January 2017

Chapter Data policies  |  Sub-chapter Data retention
Federal Law No. 208-FZ
Russian news aggregators are required to store the news disseminated, information about the news source, as well as information about the terms of its dissemination for six months, and to provide access to such information to the Roskomnadzor.
Coverage News aggregators
Restrictions on data

RUSSIA

Since July 2016
Since July 2018

Chapter Data policies  |  Sub-chapter Data retention
Federal Law No. 374 on Amending the Federal Law "on Counterterrorism and Select Legislative Acts of the Russian Federation Concerning the Creation of Additional Measures Aimed at Countering Terrorism and Protecting Public Safety"
Federal Law No 374-FZ, signed in July 2016, requires local storage of information confirming the fact of receipt, transmission, delivery and/or processing of voice data, text messages, pictures, sounds, video or other communications (i.e., metadata reflecting these communications). The storage period is of three years (with respect to telecom providers) or one year (with respect to ISPs and message exchange services). In addition, local storage for a period of six months is required for the content of communications, including voice data, text messages, pictures, sounds, video or other communications. While the first requirement entered into force in July 2016, the second requirement came into force starting from July 2018.
Coverage Telecommunication sector, ISPs and message exchange services
Restrictions on data

RUSSIA

Since August 2014

Chapter Data policies  |  Sub-chapter Data retention
Government Decree №758 of 31 July 2014 and №801 from 12 August 2014
The Russian Government has given instructions to require public Wi-Fi user identification. The government decrees require that:
- ISPs should identify Internet users, by means of identity documents (such as passport);
- ISPs should identify terminal equipment by determining the unique hardware identifier of the data network;
- all legal entities in Russia are required to provide ISPs monthly with the list of the individuals that connected to the Internet using their network.

The data should be stored locally for a period of at least six months.

Later in 2015, the authorities have proposed the following levels of fines for non-compliance:
- 5,000-50,000 rubles (approx. 60-140 USD) for individual entrepreneurs; and
- 100,000-200,000 rubles (approx. 1,400-2,600 USD) for legal entities.
The fines would be higher for repeating offenders.
Coverage ISPs providing public Wi-Fi
Restrictions on data

RUSSIA

Since September 2014

Chapter Data policies  |  Sub-chapter Data retention
Draft order by Minsvyazi (Russian Ministry of Communications)
The Minsvyazi (Russian Ministry of Communications) drafted an order which forces telecom and internet providers to install equipment allowing data collection and retention on their servers for a minimum of 12 hours. This provides the Russian Federal Security Service (FSB) with direct access to a wider range of data - which include users’ phone numbers, account details on popular domestic and overseas online resources (like Gmail, Yandex, Mail.ru etc), IP addresses and location data - without a court order, for the purposes of national anti-terrorist investigations.
Coverage Internet Service Providers (ISPs)
Restrictions on data

RUSSIA

Since January 2007

Chapter Data policies  |  Sub-chapter Restrictions on cross-border data flows
Federal Law no. 152-FZ “On Personal Data” (OPD-Law) of July 2006
According to the Federal Law no. 152-FZ “On Personal Data” (OPD-Law) the transfer of data outside Russia does not require additional consent from the data subject only if the jurisdiction that the personal data is transferred to ensures adequate protection of personal data. Those jurisditctions are the parties to the Convention 108 and other countries approved by the Russian Federal Service for Supervision in the sphere of Telecom, Information Technologies and Mass Communications (Roskomnadzor). Roskomnadzor's official list of countries includes Australia, Argentina, Canada, Israel, Mexico and New Zealand.
Coverage Horizontal
Restrictions on data

RUSSIA

Since July 2016
Since July 2018

Chapter Data policies  |  Sub-chapter Restrictions on cross-border data flows
Federal Law No. 374 on Amending the Federal Law "on Counterterrorism and Select Legislative Acts of the Russian Federation Concerning the Creation of Additional Measures Aimed at Countering Terrorism and Protecting Public Safety"
Federal Law No 374-FZ, signed in July 2016, requires local storage of information confirming the fact of receipt, transmission, delivery and/or processing of voice data, text messages, pictures, sounds, video or other communications (i.e., metadata reflecting these communications). The storage period is of three years (with respect to telecom providers) or one year (with respect to ISPs and message exchange services). In addition, local storage for a period of six months is required for the content of communications, including voice data, text messages, pictures, sounds, video or other communications. While the first requirement entered into force in July 2016, the second requirement came into force starting from July 2018.
Coverage Telecommunication sector, ISPs and message exchange services
Restrictions on data

RUSSIA

Since August 2014

Chapter Data policies  |  Sub-chapter Restrictions on cross-border data flows
Government Decree №758 of 31 July 2014 and №801 from 12 August 2014
The Russian Government has given instructions to require public Wi-Fi user identification. The government decrees require that:
- ISPs should identify Internet users, by means of identity documents (such as passport);
- ISPs should identify terminal equipment by determining the unique hardware identifier of the data network;
- all legal entities in Russia are required to provide ISPs monthly with the list of the individuals that connected to the Internet using their network.

The data should be stored locally for a period of at least six months.

Later in 2015, the authorities have proposed the following levels of fines for non-compliance:
- 5,000-50,000 rubles (approx. 60-140 USD) for individual entrepreneurs; and
- 100,000-200,000 rubles (approx. 1,400-2,600 USD) for legal entities.
The fines would be higher for repeating offenders.
Coverage ISPs providing public Wi-Fi
Restrictions on data

RUSSIA

From January 2015 until July 2017.

Chapter Data policies  |  Sub-chapter Restrictions on cross-border data flows
New provisions in the Federal law on information, information technologies and protection of information (often referred to as Blogger’s law)

Federal Law No. 276-FZ "On Amendments to the Federal Law "On Data, Information Technologies and Data Security"
The “Blogger’s law” was repealed in in July 2017 by the Federal Law No. 276-FZ. It required "organizers of information distribution in the Internet" (it is not clear which operators fall under this definition) to store on Russian territory information on facts of receiving, transfer, delivery and/or processing of voice information, texts, images, sounds and other electronic messages and information about users during six months from the end of these actions.

Blogs with more than 3,000 readers were required to register as "organizers of information distribution" and were therefore subject to this requirement. Platforms that did not comply with these requirements upon a second notice faced a fine of 500,000 rubles and could be blocked in Russia by Roscomnadzor. Russian services such as VKontakte, Yandex and Mail.Ru registered their activities.
Coverage "Organizers of information distribution in the Internet"
Restrictions on data

RUSSIA

Since June 2011, amended in October 2014

Chapter Data policies  |  Sub-chapter Restrictions on cross-border data flows
Federal Law No. 161-FZ “On the National Payment System” dated June 2011 (the NPS Law) as amended in October 2014 by the Federal Law No. 319-FZ “On Amendments to the Federal Law on the National Payment System and Certain Legislative Acts of the Russian Federation”
The amendments to the National Payment System Law require international payment cards to be processed locally. The law requires international payment systems to transfer their processing capabilities with respect to Russian domestic operations to the local state-owned operator (National Payment Card System) by 31 March 2015.

The amendments are reported to be a response to the international political sanctions which prohibited certain international payment systems (e.g., Visa and MasterCard) from servicing payments on cards issued by sanctioned Russian banks.
Coverage International payment systems