News Archives

Sunday, April 5, 2015

Russian Ombudsman Challenges Data Localization Law

As the clock ticks down towards the September 1 implementation of Russia's data localization law, the country's Internet Ombudsman, Dmitry Marinichev, sent a letter to President Putin proposing that foreign online companies be allowed to store Russians' personal data in a third country if consent from the user is obtained.  Marinichev suggested allowing these companies to store the data in one of the 46 countries that, like Russia, have signed the Council of Europe's Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data (Convention No. 107).   While the Russian DPA, Roskomnadzor, has yet to issue formal guidance on the new law, it has been meeting with various industry groups to explain its approach.  Key take-aways from these meetings include the assertions that the new law will apply to all data operators, including foreign businesses, collecting personal data directly from Russian citizens; that the primary databases involved must be located in Russia; that cross-border transfers may continue to occur if compliant with previous requirements (such as obtaining the consent of data subjects); that any structured set of personal data is subject to the law irrespective of the format and means of processing (including data found in spreadsheets and card files).

No comments:

Post a Comment