際際滷

際際滷Share a Scribd company logo

The New Russian Law on Personal Data. Latest Developments. Dmitry Marinichev

Download as PPTX, PDF
Galina Aristova
Galina Aristova

This presentation outlines the work that was done by the Russian Internet ombudsman Dmitry Marinichev to prepare and implement the official explanations to the Russian Law on personal data 242-FZ which requires to localize personal data of Russian citizens on the Russian territory.

1 of 20
Download to read offline
Dmitry Marinichev, Internet Ombudsman, Russian Federation Nordic Digital Business Summit 24th September 2015, Helsinki The New Russian Law on Personal Data: Overview of Issues and Official Clarifications Obtained
Content 1. Who is the Internet Ombudsman 2. The Russian Personal Data Legislation Overview and Latest Developments 3. Why so Much Worry: the Issues 4. The Timeline of the Dialogue between the Business and the State 5. The Achievements 6. The Next Steps
Who is the Internet Ombudsman The Law on Personal Data The Anonymous Access to Wi-Fi in Public Places E-Commerce Startups Other OBJECTIVE It is necessary to solve the current issues, when the entrepreneurs are facing the bureaucracy SCOPE OF ACTIVITY 1) Work on requests 2) Work on legislation
The Russian Personal Data Law 242-FZ The Federal Law from 21.07.2014 242-FZ specifies the order of processing of personal data in information and telecommunication networks: it requires to localize personal data of Russian citizens on the territory of the Russian Federation. The law was enforced on the 1st of September 2015 The regulatory agency on personal data protection ROSCOMNADZOR having received court decision will be able to block companys webpage unless a company complies with the new law. The authority will register entries in a special register of violators.
Why so Much Worry: The Issues Absence of clear mechanisms Unclear requirements for the changes of IT infrastructure and business processes Unclear volume of necessary investment Possibility of a very large interpretation of the Law Possibility of selected law enforcement E L A S T I C I T Y of compliance of enforcement Travel E-Commerce Banking Insurance etc
The Strategy of Internet Ombudsman Strategy of Protecting Business and Users of Internet Services of compliance of enforcement TO MINIMIZE EXPENSES TO MAXIMIZE CLARITY min max
What Steps Were Made The Timeline of the Dialogue between the Business and the State February 2015 The Internet Industry Situation Analysis May 2015 The Report to President Putin The Presidential Assignments to the Government June-July 2015 The Government Task Forces implement the Assignments August 2015 Result 1 achieved: Official interpretation of 242-FZ
Ombudsmans Work Results: The Official Interpretation of the 242-FZ The materials of the Official Interpretation were prepared as a result of consultations with the representatives of business community and of the government bodies (Federation Council, Ministry of Telecom and Mass Media, Roskomnadzor). They were also analyzed and discussed at the series of meetings with the participation of representatives of the Russian Telecom and Mass Media Ministry and of Roskomnadzor. The Official Interpretation of the 242-FZ on the Website of the Russian Telecom Ministry
The Official Interpretation of the 242-FZ on the Website of the Russian Telecom Ministry WHAT EXACTLY WAS DONE: THE ISSUES the operator of personal data must ensure the Russian citizens personal data collection, storage, accumulation, specification (renewal, change), retrieval using the databases located on the territory of Russia, with the exceptions of cases mentioned in the clauses 2, 3, 4, 8 of the Part 1 of the Article 6 of this Federal Law.
UNCLEAR DATABASE NOTION DEFINITION OF DATABASE CLARIFIED THE DATABASE MAY BE CREATED IN ANY FORMAT AT ANY CARRIER DOES IT MEAN THE NECESSITY TO CREATE NEW IT-ISYSTEMS? How to separate personal data from other data? Special software? Special infrastructure? How much it would cost? How much time would it take? What was the Issue and What is the Clarification
What was the Issue and What is the Clarification ONLY THOSE COMPANIES WHOSE ACTIVITY IS TARGETED AT RUSSIA (criteria available) DO THE NEW REQUIREMENTS COVER THE FOREIGN WEB- SITES? The world Internet is not more open for Russian users? Would the Russian users be not capable to legally use foreign Internet services which dont localize personal data? THE SCOPE OF THE LAW REGARDING THE TERRITORY AND THE SUBJECTS CLARIFIED UNCLEAR SCOPE OF THE LAW REARDING TERRITORY AND CIRCLE OF SUBJECTS
UNCLEAR CITIZENSHIP NOTION IDENTIFICATION OF CITIZENSHIP CLARIFIED AT THE DISCRETION OF THE PERSONAL DATA OPERATOR (or localizing all the data collected on the Russian territory) DOES IT MEAN THE NECESSITY TO CREATE COMPLICATED SYSTEMS OF CITIZENSHIP IDENTIFICATION? How to identify Russian citizens? By IP? By what? How much time and cost? What was the Issue and What is the Clarification
UNCLEAR COLLECTION OF DATA NOTION DATA COLLECTION DEFINITION CLARIFIED ONLY THE DATA RECEIVED DIRECTLY FROM PERSONS (Data collected from e-mails, or data collected for getting passes are not collection. Data put in the cloud is not collection) IS IT NECESSARY TO BE RESPONSIBLE FOR THE PERSONAL DATA THAT WAS COLLECTED BY ANOTHER COMPANY? What collection means? What was the Issue and What is the Clarification
UNCLEAR CROSS-BORDER DATA TRANSMISSION NOTION DATA TRANSMISSION AND PROCESSING ISSUE CLARIFIED THE PERSONAL DATA TRANSMISSION AND PROCESSING ON FOREIGN TERRITORY IS ALLOWED IS IT NECESSARY TO PROCESS THE DATA ALSO ON THE RUSSIAN TERROTORY? Once collected, where the data must be processed? To build own data centers in Russia? How much time and money? What was the Issue and What is the Clarification
UNCLEAR ISSUE OF THE SECONDARY LOCALIZATION SECONDARY LOCALIZATION ISSUE CLARIFIED NOT REQUIRED IS IT NECESSARY TO LOCALIZE AGAIN THE DATA THAT WERE ALREADY COLLECTED? What to do when the data are collected repeatedly? What was the Issue and What is the Clarification
THE TIME SCOPE OF EFFECT OF THE LAW CLARIFIED ONLY STARTING WITH 01.09.2015 (if there is no change in these data after 01.09.2015) IS IT NECESSARY TO LOCALIZE THE DATA THAT WERE COLLECTED BEFORE 01.09.2015? What to do with the data collected before 01.09.2015? How much it time and money it would take? What was the Issue and What is the Clarification UNCLEAR SCOPE OF THE LAW REARDING TIME
UNCLEAR ISSUE OF AIR CARRIERS AND THEIR AGENTS THE ISSUE OF AIR CARRIERS CLARIFIED THE EXCEPTION WHAT THE AIR CARRIERS SHOULD DO? What the air carriers should do with their distributed databases? How is it possible to separate personal data from such kind of a system? What was the Issue and What is the Clarification
The Summary: See Article in the Russian Magazine Dedicated to Russian DCs http://dcjournal.ru/eng/
QUESTIONS? www.iOmbudsman.ru If you want to write your question you can put it here
THANK YOU FOR ATTENTION!

More Related Content

The New Russian Law on Personal Data. Latest Developments. Dmitry Marinichev

  • 1. Dmitry Marinichev, Internet Ombudsman, Russian Federation Nordic Digital Business Summit 24th September 2015, Helsinki The New Russian Law on Personal Data: Overview of Issues and Official Clarifications Obtained
  • 2. Content 1. Who is the Internet Ombudsman 2. The Russian Personal Data Legislation Overview and Latest Developments 3. Why so Much Worry: the Issues 4. The Timeline of the Dialogue between the Business and the State 5. The Achievements 6. The Next Steps
  • 3. Who is the Internet Ombudsman The Law on Personal Data The Anonymous Access to Wi-Fi in Public Places E-Commerce Startups Other OBJECTIVE It is necessary to solve the current issues, when the entrepreneurs are facing the bureaucracy SCOPE OF ACTIVITY 1) Work on requests 2) Work on legislation
  • 4. The Russian Personal Data Law 242-FZ The Federal Law from 21.07.2014 242-FZ specifies the order of processing of personal data in information and telecommunication networks: it requires to localize personal data of Russian citizens on the territory of the Russian Federation. The law was enforced on the 1st of September 2015 The regulatory agency on personal data protection ROSCOMNADZOR having received court decision will be able to block companys webpage unless a company complies with the new law. The authority will register entries in a special register of violators.
  • 5. Why so Much Worry: The Issues Absence of clear mechanisms Unclear requirements for the changes of IT infrastructure and business processes Unclear volume of necessary investment Possibility of a very large interpretation of the Law Possibility of selected law enforcement E L A S T I C I T Y of compliance of enforcement Travel E-Commerce Banking Insurance etc
  • 6. The Strategy of Internet Ombudsman Strategy of Protecting Business and Users of Internet Services of compliance of enforcement TO MINIMIZE EXPENSES TO MAXIMIZE CLARITY min max
  • 7. What Steps Were Made The Timeline of the Dialogue between the Business and the State February 2015 The Internet Industry Situation Analysis May 2015 The Report to President Putin The Presidential Assignments to the Government June-July 2015 The Government Task Forces implement the Assignments August 2015 Result 1 achieved: Official interpretation of 242-FZ
  • 8. Ombudsmans Work Results: The Official Interpretation of the 242-FZ The materials of the Official Interpretation were prepared as a result of consultations with the representatives of business community and of the government bodies (Federation Council, Ministry of Telecom and Mass Media, Roskomnadzor). They were also analyzed and discussed at the series of meetings with the participation of representatives of the Russian Telecom and Mass Media Ministry and of Roskomnadzor. The Official Interpretation of the 242-FZ on the Website of the Russian Telecom Ministry
  • 9. The Official Interpretation of the 242-FZ on the Website of the Russian Telecom Ministry WHAT EXACTLY WAS DONE: THE ISSUES the operator of personal data must ensure the Russian citizens personal data collection, storage, accumulation, specification (renewal, change), retrieval using the databases located on the territory of Russia, with the exceptions of cases mentioned in the clauses 2, 3, 4, 8 of the Part 1 of the Article 6 of this Federal Law.
  • 10. UNCLEAR DATABASE NOTION DEFINITION OF DATABASE CLARIFIED THE DATABASE MAY BE CREATED IN ANY FORMAT AT ANY CARRIER DOES IT MEAN THE NECESSITY TO CREATE NEW IT-ISYSTEMS? How to separate personal data from other data? Special software? Special infrastructure? How much it would cost? How much time would it take? What was the Issue and What is the Clarification
  • 11. What was the Issue and What is the Clarification ONLY THOSE COMPANIES WHOSE ACTIVITY IS TARGETED AT RUSSIA (criteria available) DO THE NEW REQUIREMENTS COVER THE FOREIGN WEB- SITES? The world Internet is not more open for Russian users? Would the Russian users be not capable to legally use foreign Internet services which dont localize personal data? THE SCOPE OF THE LAW REGARDING THE TERRITORY AND THE SUBJECTS CLARIFIED UNCLEAR SCOPE OF THE LAW REARDING TERRITORY AND CIRCLE OF SUBJECTS
  • 12. UNCLEAR CITIZENSHIP NOTION IDENTIFICATION OF CITIZENSHIP CLARIFIED AT THE DISCRETION OF THE PERSONAL DATA OPERATOR (or localizing all the data collected on the Russian territory) DOES IT MEAN THE NECESSITY TO CREATE COMPLICATED SYSTEMS OF CITIZENSHIP IDENTIFICATION? How to identify Russian citizens? By IP? By what? How much time and cost? What was the Issue and What is the Clarification
  • 13. UNCLEAR COLLECTION OF DATA NOTION DATA COLLECTION DEFINITION CLARIFIED ONLY THE DATA RECEIVED DIRECTLY FROM PERSONS (Data collected from e-mails, or data collected for getting passes are not collection. Data put in the cloud is not collection) IS IT NECESSARY TO BE RESPONSIBLE FOR THE PERSONAL DATA THAT WAS COLLECTED BY ANOTHER COMPANY? What collection means? What was the Issue and What is the Clarification
  • 14. UNCLEAR CROSS-BORDER DATA TRANSMISSION NOTION DATA TRANSMISSION AND PROCESSING ISSUE CLARIFIED THE PERSONAL DATA TRANSMISSION AND PROCESSING ON FOREIGN TERRITORY IS ALLOWED IS IT NECESSARY TO PROCESS THE DATA ALSO ON THE RUSSIAN TERROTORY? Once collected, where the data must be processed? To build own data centers in Russia? How much time and money? What was the Issue and What is the Clarification
  • 15. UNCLEAR ISSUE OF THE SECONDARY LOCALIZATION SECONDARY LOCALIZATION ISSUE CLARIFIED NOT REQUIRED IS IT NECESSARY TO LOCALIZE AGAIN THE DATA THAT WERE ALREADY COLLECTED? What to do when the data are collected repeatedly? What was the Issue and What is the Clarification
  • 16. THE TIME SCOPE OF EFFECT OF THE LAW CLARIFIED ONLY STARTING WITH 01.09.2015 (if there is no change in these data after 01.09.2015) IS IT NECESSARY TO LOCALIZE THE DATA THAT WERE COLLECTED BEFORE 01.09.2015? What to do with the data collected before 01.09.2015? How much it time and money it would take? What was the Issue and What is the Clarification UNCLEAR SCOPE OF THE LAW REARDING TIME
  • 17. UNCLEAR ISSUE OF AIR CARRIERS AND THEIR AGENTS THE ISSUE OF AIR CARRIERS CLARIFIED THE EXCEPTION WHAT THE AIR CARRIERS SHOULD DO? What the air carriers should do with their distributed databases? How is it possible to separate personal data from such kind of a system? What was the Issue and What is the Clarification
  • 18. The Summary: See Article in the Russian Magazine Dedicated to Russian DCs http://dcjournal.ru/eng/
  • 19. QUESTIONS? www.iOmbudsman.ru If you want to write your question you can put it here
  • 20. THANK YOU FOR ATTENTION!