Russian Government Will Force Companies To Store Citizen Data Locally

From 2016, if you don’t have servers in Russia, you won’t be able to do business in Russia

The law which bans online businesses from storing personal data of Russian citizens on servers located abroad  today passed its third and final reading in the State Duma – the Russian parliament.

According to ITAR-TAAS, the changes to existing legislation will come into effect in September 2016, and apply to email services, social networks and search engines, including the likes of Facebook and Google.

Domain names or net addresses not complying with regulations will be put on a blacklist maintained by Roskomnadzor (the Federal Supervision Agency for Information Technologies and Communications), the organisation which already has the powers to take down websites suspected of copyright infringement without a court order.

In the case of non-compliance, Roskomnadzor will be able to impose “sanctions”, and even instruct local Internet Service Providers (ISPs) to cut off access to the offending resource.

Russians did WHAT?!

Under the changes to the law about personal data protection, email addresses and messages are now considered personal data. Any organisation that stores or processes such data will have to maintain physical servers in Russia, and tell Roskomnadzor where exactly those servers are located.

in-soviet-russia-internet“While collecting personal data, including by means of the Internet, an operator should provide recording, systematization, storage and update of the Russian citizen’s personal data using databases located in the territory of the Russian Federation,” reads the new law.

The implementation of the law will be managed by Roskomnadzor. The evidence of just how much power this organisation has was seen last year, when it threatened Facebook with a blanket ban over accidental advertising of ‘legal highs’. However, Roskomnadzor will have to go through court if it wants a website to be taken down for non-compliance with the new rules.

The legal measure is widely seen as a response to reports about the intrusive surveillance practices of the US National Security Agency (NSA) and the UK’s GCHQ. Edward Snowden, who revealed sensitive data about the operations of both, is currently residing in Russia, with his asylum application up for a review in a couple of months.

The change in legislation could provide a massive boost for Russia’s data centre industry, although a spokesman for Yandex, one of Russia’s largest technology companies, told KM.ru that the foreign businesses could be facing a lot of technical difficulties.

There are also fears it will prevent Russians from using certain online services altogether, for example booking flights or hotels.

What do you know about IT in Russia? Take our quiz!