January 16, 2015:
“We would like to keep you informed on progress of the amendments to the Federal Law № 242-FZ introducing amendments to the Federal Law “On personal data” and to the Federal Law “On information, information technologies and protection of information” (hereinafter – the “Law”) that has been adopted earlier on July 21, 2014. The new bill proposed anticipation of the term of coming into force of the Law. According to the bill the Law enactment date is moved to September 1, 2015. The bill has been finally signed by the President of the Russian Federation and published early this year.
As noted in our previous newsletters the Law introduces obligation of operators to store personal data of Russian nationals in the databases located in Russia. The introduced obligation will practically mean that the companies operating in Russia and dealing with natural persons (for example, retailers, social networks, those operating in international transportation, banking and other similar spheres) will be forced to place their servers within Russia if they plan to continue making business in the market.
Pursuant to the Law the competent state authority (Roskomnazdzor) is entitled to restrict the access to the web-site which proceed personal data in violation of the requirements set forth by the Law “On personal data” on the ground of the application filed by a natural person. The application may be filed if there is respective decision of the court which confirms that processing of personal data is not in line with the related Russian law. On the ground of the application Roskomnadzor includes the conflicting web-site into the Registry of infringers of regulation on personal data unless the infringement is removed from the web-site. If the administrator or the owner of the conflicting web-site does not remove the infringement Roscomnazdor may take measures aimed at prohibition of access to the web-site, its domain name and other indicators which may address to the web-site.
According to the explanatory note attached to the bill such amendment is required for more operative and effective protection of rights of Russian nationals to safety of their personal data and ensuring privacy of correspondence in information-telecommunication networks.
Although the Law has met strong resistance from the business community and various IT experts reported lack of the required IT infrastructure for implementation of the Law by the set deadline, businesses should carefully analyze their data flows and put them in the way that personal data processing activities comply with the localization requirements from September 1, 2015. This involves not only technical aspects, but also legal restructuring of the relations between operators and processors both within group of companies and with independent contractors.”
[ORIGINALLY PUBLISHED AS ALRUD’S NEWSLETTER – REPRODUCED WITH PERMISSION BY ALRUD Law Firm, 17 Skakovaya street, Building 2, 6th Floor, 125040 Moscow, Russia, http://www.alrud.com]