Russia Considers Improving its Data Protection Law
The Russian Federation is considering amending the country’s data protection law, according to BNA’s Privacy Law Watch. Businesses have long complained that the law contains restrictions on data processing that are extremely difficult to meet. For example, the law requires affirmative written consent for most types of data processing. In the online context, this provision has been interpreted to require a consumer’s digital signature. A check box, which is an acceptable mechanism for expressing consent in the EU, for example, is deemed unacceptable in Russia. In practice, this and other requirements of the data protection law have been widely ignored, even by Russia’s biggest Internet businesses. Not surprisingly, Russia’s data protection regulator – the Russian Federal Service for Oversight of Communications, Information Technology and Mass Media (“Roscomnadzor”) – has found the rate of noncompliance with the law to be high. Roscomnadzor has reported that over 400 audits conducted in 2009 revealed 86 incidents of noncompliance. In connection with the proposed amendments to the law, the regulator already has received over 100 recommendations from businesses and data protection professionals aimed at improving the law and implementing regulations.
