Russian state officials are concerned about big data. More specifically, the personal data of Russian Internet users. And they believe more legislation regulating how this data is collected, stored, and protected will help make Russians using the Internet safer.
Head of Russian state Internet regulator Roscomnadzor Aleksandr Zharov suggested Russia could create a “national big data operator” that would control how the RuNet users’ data was being used. Speaking at the Saint Petersburg international economic forum this week, Zharov stressed that big data use had to be regulated, as a lot of the information, even though it wasn't personal, could still be used to identify users.
Государство, бизнес и общество должны определить правила обращения больших данных. Большие данные – большие возможности, но и большие риски на всех уровнях. Поэтому закон о больших данных должен быть.
The state, the business [sector], and the society must determine the rules of big data use. Big data means big opportunities, but also big risks at all levels. So there should be a law about big data.
The RBC news agency reports that while there isn't an immediate plan for a big data law, it could see light in the near future.
President Putin'd aide, Igor Shchegolyev, who was also at the forum in Saint Petersburg, stressed that at the moment, even the simplest app developers could gain unrestricted access to user data, and said that under the new law any collection and transmission of user data would only happen with the users’ permission. At the same time, the specific nature control mechanisms imposed by the state under such a law remains unclear.
Existing user data legislation
Russia already has an existing law that regulates how Russians’ personal data is stored and processed. The data localization law came into power on September 1, 2015 and mandates that Russian and international companies must store the data of Russian users on Russian territory. The law also obligates Internet services to store user data for at least six months. Some institutions, like foreign embassies and consulates, as well as airline ticket sales services and mass media, are exempt from the requirement to store user data on Russian soil.
Roscomnadzor has already inspected 600 companies for compliance with the data localization requirements, and found four that violated the law. The agency promises to inspect 900 more companies before the end of 2016, including Russia's largest social network, VKontakte.
Roscomnadzor head Zharov said the regulator has the power to inspect any companies working with Russian Internet user data, regardless of their jurisdiction or whether they have an office in Russia, referring to ongoing negotiations with websites such as Twitter and Facebook.
Если мы найдем нарушение закона, то мы будем в каждой ситуации разбираться индивидуально и предметно. И будем давать достаточный срок для того, чтобы компания начала движение в сторону локализации персональных данных, а не сразу ее «закрывать».
If we find a violation of the [data localization] law, we will deal with each situation individually and specifically. And we will provide a long enough term for the company to begin moving towards localizing personal data, and not “shut it down” immediately.
Zharov stressed that the state regulator would only take matters to court if a company “outright refused” to comply with the data localization law. While some companies, like PayPal and Booking.com, have announced they plan to comply with data localization demands, others, including Facebook and Twitter, have been more tightlipped about how they plan to deal with new legal restrictions in Russia. Human rights and free speech advocates have said the data retention legislation presents more opportunities for state surveillance on Russian users and have called on international companies to refuse to store user data on Russian territory.