Header graphic for print
HL Chronicle of Data Protection Privacy & Information Security News & Trends

Tag Archives: Russia

Posted in International/EU Privacy

Russia Increases Fines for Violations of Data Protection Laws

On 7 February 2017, the Russian President signed into law a bill introducing amendments to the Russian Code on Administrative Offences that increases the amount of the fines imposed for violating Russian data protection laws and differentiates the relevant offences’ types. The greatest increase raises maximum fines for certain violations from RUB 10,000 to 75,000 (approx. USD 170 to 1,260).The law will come into force on 1 July 2017.

Posted in International/EU Privacy

Russia Releases 2017 Data Privacy Inspection Plans; Microsoft Passes 2016 Inspection

At the end of 2016, territorial divisions of the Russian Data Protection Authority, Roskomnadzor, published their 2017 plans for conducting inspections of local companies’ compliance with Russian data privacy requirements, including data localization. The inspection plans contain a number of prominent multi-national and Russian companies.

Posted in International/EU Privacy

Moscow Court Upholds Ruling to Block LinkedIn in Russia for Non-Compliance with Data Localization Law

In a case with major significance for foreign online businesses that do business in Russia, on Thursday, 10 November the Moscow City Court sustained a lower court ruling that granted the request of the Russian Data Protection Authority to block access to social network LinkedIn within Russian territory. Although the data localization requirement took effect in September 2015, this is the first case of Russia blocking access to a foreign online business due to non-compliance with the Russian data localization requirement. There had been some doubt regarding how rigorously the data localization requirement would be applied, and this case indicates that at least in some circumstances, Roskomnadzor will aggressively push for websites to be blocked. Similar online services should examine their compliance with the data localization requirements in light of this decision.

Posted in International/EU Privacy

Russian Court Decrees LinkedIn Blocked in Russia for Non-Compliance with Data Localization Law

Media reports this week broke the news that a Russian court of first instance ruled this past August to block LinkedIn from Russian Internet users for violating Russia’s data localization law, which requires websites and other businesses that collected personal data from Russian citizens to store that data within the territory of Russia. According to the available court ruling, an appeal was filed and a hearing is scheduled for that appeal on 10 November 2016.

Posted in International/EU Privacy

Russian Data Localization Update: A Year In

It has been a year since Russia’s data localization requirement came into force in September 2015, requiring companies to store within Russia databases containing personal data they collect from Russian citizens. Exactly one year later, the Russian Data Protection Authority, Roskomnadzor, issued a news release on the first year of enforcement.

In the update, Roskomnadzor stated that an absolute majority of the inspected companies comply with the data localization requirement and that noncompliance is low.

Posted in International/EU Privacy

Russia Imposes New Data Storage Requirements for Telecoms and ISPs

Yesterday, Russian President Vladimir Putin signed the law “On introducing amendments to the Federal law ‘on fighting terrorism’ and other legislative acts of the Russian Federation related to establishment of additional measures against terrorism and ensuring public security.” Specifically, the Law introduces amendments to the Russian Law on Communications and the Russian Law On Information, Information Technologies and Protection of Information.

Posted in International/EU Privacy

Russia Data Localization Update: Results from Regulatory Inspections Clarify Enforcement Approach

We last reported on Russia’s data localization law earlier this year when the Russian data protection authority, Roskomnadzor, released its inspection plan for 2016. Since then, Roskomnadzor has been conducting compliance inspections both according to the plan and in individual cases when it has reason to do so. The results of those inspections and recent […]

Posted in Consumer Privacy, International/EU Privacy

Russian “Right to be Forgotten” Law: Update

The Right to be Forgotten Law imposes an obligation on search engines that disseminate adverts targeted at consumers located in Russia to remove search results listing information on individuals where such information is unlawfully disseminated, untrustworthy, outdated, or irrelevant (i.e. the information is no longer substantially relevant to the individual in question due to subsequent events or the actions of individuals). The Law includes exemptions where a search engine does not have to comply – (i) information on events reporting a crime where the limitation period for criminal liability has not expired; as well as (ii) crimes committed by an individual where their conviction record has not been erased.

Posted in International/EU Privacy

Russian Data Localization: Two Months In

We are now almost two months into the era of Russia’s Data Localization Law, which came into force on 1 September. While some expected immediate enforcement, the Russian Data protection Authority, Roskomnadzor, has not yet taken any action for a violation of data localization requirements. Last month, Roskomnadzor did take formal enforcement action to block a website and add it to register of violators of data subject rights for maintaining an illegal Internet database containing the contact details of over 1.5 million Russian citizens. This enforcement, however, was not for violation of the data localization law, but rather for the illegal collection and dissemination of personal data under other Russian data protection laws.

Posted in International/EU Privacy

Hogan Lovells Partner Highlights Compliance Goals with Russia’s Data Localization Law

On 1 September 2015, Russia’s much anticipated data localization law came into force. In recent interviews with European CEO and The Financial Times, Natalia Gulyaeva, partner in Hogan Lovells’ Moscow office, highlighted some key elements for multinationals to consider when doing business in Russia. In the interviews, Natalia explains that Roskomnadzor is not likely to conduct compliance audits on large multinational companies for some time and will allow for the transfer of data out of Russia as long as the primary database is inside Russia. She also highlighted that because Russia’s definition of “personal data” is very broad, companies should treat all information used to assist in the identification of individuals as “personal data.”

Posted in International/EU Privacy

Russian Data Localization Law: First Day in Force and Schedule for Compliance Inspections

Today, on 1 September 2015, the Russian Data Localization Law came into force. So far there have been no unexpected developments or reports of any unplanned inspections by Roskomnadzor, the Russian Data Protection Authority. Existing planning documents, however, provide some predictability for organizations subject to the law about the schedule under which Roskomnadzor plans on conducting compliance inspections.

Posted in International/EU Privacy

Russia Introduces a Right to be Forgotten

With the aim of keeping pace alongside European practice, on July 13th 2015, the Russian President signed into law a bill amending the Federal Law “On Information, information technologies and on protection of information” No. 149-FZ of 27 July 2006. This law introduces in Russia the so-called “right to be forgotten” or “right to oblivion” and will take effect on January 1st 2016.

Posted in International/EU Privacy

Russia Update: Regulator Publishes Data Localization Clarifications

As we reported last week, on 3 August 2015 the Russian Ministry of Communications, the agency that oversees the Russian data protection authority which will be enforcing Russia’s Data Localization Law, published unofficial clarifications on its website that provide a view into how the Ministry believes organizations must comply with the law. While these clarifications are non-binding, they constitute the only written regulatory guidance that has been published to date about the law, which takes effect on 1 September and requires organizations that collect personal data from individuals located in Russia to store that data within Russian territory. The Ministry’s website also provides a mechanism to ask further questions online. In this blog post, we summarize the main issues raised in the published clarifications, and the possible impact on global businesses seeking to comply with the law.

Posted in International/EU Privacy

Russian Regulator Publishes Data Localization Clarifications One Month Before Sept. 1 Effective Date, Plus Other Developments

In September 2015 the Russian Data Localization Law will come into force, requiring organizations that collect personal data from individuals located in Russia to store that data within Russian territory. In this blog post, we summarize recent developments on how the law will be applied, including the unexpected publication of regulatory guidance issued by the government this week.

Posted in International/EU Privacy

Recording and Deck from Webinar: Update on New Russia Data Localization Law

Thank you to everyone who participated in the Hogan Lovells webinar “Russia Data Localization Update: New Details Emerge from Meetings with Russian Regulator” on 2 April 2015. This update follows an October 2014 presentation by Hogan Lovells that outlined Russia’s newly enacted Data Localization Law. In this webinar, Hogan Lovells privacy and data protection Natalia Gulyaeva and Bret Cohen provided insight into the expectations of Russian regulators as the September 2015 implementation deadline approaches.

Posted in International/EU Privacy

Russia Data Localization Law Update and Webinar: New Details Emerge from Meetings with Russian Regulator

With the September 2015 effective date of Russia’s Data Localization Law less than six months away, the Russian data protection authority, Roskomnadzor, has still not issued any formal guidance on how it interprets the law’s broad requirement that companies must process and store the personal data of Russian citizens within Russia. Roskomnadzor has, however, recently held a series of meetings with different industry groups about the law. While Roskomnadzor’s views as expressed in these meetings do not constitute a formal position, they provide insight into how the regulator is likely to interpret the law.

Posted in International/EU Privacy

Russia Plans to Increase Fines for Violating Data Protection Laws

On 24 February, the Russian State Duma (the lower chamber of the Russian Parliament) adopted in the first reading a draft law introducing amendments to the Russian Code on Administrative Offences that would increase the amount of the fines imposed for violating Russian data protection laws and introducing a differentiation of the relevant offences’ types. Notably, the Draft Law does not introduce any separate fine for violating Russia’s new Data Localization Law, although there is still a possibility that this could be modified as the legislative process progresses.

Posted in International/EU Privacy

Russian Data Localization Law May Now Come into Force One Year Ahead of Schedule, in September 2015

On 17 December, the State Duma (the lower chamber of the Russian Parliament) passed legislation that would change the effective date of Russia’s new law requiring the local storage in Russia of the personal data of Russian citizens (Data Localization Law) from 1 September 2016 to 1 September 2015. The legislation currently is subject to the Federation Council’s (the upper chamber of the Russian Parliament) and president’s approvals.

Posted in International/EU Privacy

Insights from the Russian Data Protection Authority’s Conference on Personal Data Protection

In a recent client alert, partner Natalia Gulyaeva and associate Maria Sedykh from the Hogan Lovells Moscow Office joined associate Bret Cohen from the Hogan Lovells Washington, D.C. office to highlight key insights from the fifth annual conference on “Personal Data Protection” hosted by Roskomnadzor, Russia’s Data Protection Authority.

Posted in International/EU Privacy

Recording and Deck from Webinar on New Russia Data Localization Law

Thank you to everyone who attended our webinar last Tuesday on the new Russian law introducing rules requiring the local storage of the personal data of Russian citizens. For those who were unable to make it, linked to this blog post are a recording of the entire webinar and a copy of the slide deck.

Posted in International/EU Privacy, News & Events

Upcoming Webinar on Russian Data Localization Law

On Tuesday, October 28, Natalia Gulyaeva of Hogan Lovells’ Moscow office and Bret Cohen of our Washington, D.C. office will host a complimentary webinar outlining implications for businesses of the new Russian Data Storage Law. The law, which may come into effect as early as January 2015, requires that data “operators” – organizations that process personal data of Russian citizens, including providers of Internet-based services – to store the personal data of Russian citizens on databases located in the country.

Posted in International/EU Privacy

Russia Enacts Data Localization Requirement; New Rules Restricting Online Content Come into Effect

Two developments in Russian law this summer could significantly limit the ability of cloud and other online services to publish online content and to make Russian data remotely available online. The first is the advancement of legislation requiring data operators to store locally in Russia information of Russian citizens. The second is the countdown to the effective date of new rules that impose onerous registration, content, and censorship requirements on certain website operators and electronic communication services. We address each here in turn.