Less than one year after the introduction of new restrictions on personal data collection, use and storage, and in parallel to recently adopted ‘anti-terrorist’ measures, Russian officials are considering yet additional moves to tighten state control over users’ digital data.
Speaking last month at the Saint Petersburg International Economic Forum, Alexander Zharov, who heads Russia’s telecom and Internet regulator Roskomnadzor, suggested that Russia create a “national big data operator” to control how the user data was being used.
Zharov stressed that big data use had to be regulated, as several types of data, though not personal, could still be used to identify users. He cited an experiment in which “a global social network” analyzed anonymized user data. Nevertheless, the use of smart algorithms allowed the network to identify all the users, according to Zharov.
Thus even data which seem totally impersonal may be transformed into personal data, said Zharov, as reported by business publication RBC.
Addressing “big risks at all levels”
“The government, businesses and society must determine the rules for big data use. Big data means big opportunities, but also big risks at all levels. So there should be a law about big data,” Zharov was quoted as saying.
Zharov suggested a public-private partnership to create a national data operator to manage the data which users share with companies and services, RBC reported.
Also speaking at the forum, President Putin’s aide, Igor Shchegolyev, stressed that at the moment, even the simplest app developers could gain unrestricted access to user data without user permission – a situation to which the considered new law should put an end.
Shchegolyev believes that it is essential to develop algorithms to define which types of data can be collected as well as the ways they can be collected and transferred to companies. The whole process has to take place with the consent of a userin insists the presidential aide.
“Every app should have the following information written in capital letters: beware, you’re sharing your data, it will be used in a certain way, but you can avert this,” RBC quoted Shchegolyev as saying.
The presidential aide made an analogy with the health information messages which which have been made mandatory on tobacco packages.
At the same time, the specific nature control mechanisms imposed by the state under such a law remains unclear.
Existing personal data legislation
Russia already has a demanding legislation on personal data collection, storage and use, the latest version of which came into force in September 2015. Under this law, Russian citizens’ personal data must be stored on servers located physcially on Russian territory.
Roskomnadzor has already inspected 600 companies for compliance with the data localization requirements, and found four that violated the law. The agency promises to inspect 900 more companies before the end of 2016, including Russia’s largest social network, VKontakte.
Zharov reminded that the regulator may inspect any company working with Russian Internet user data regardless of their jurisdiction or whether or not they have an office in Russia. He referred to such global companies Twitter and Facebook, whose compliance with the new Russian legislation is not clear.
“Should we find a violation of the data storage legistlation, we will deal with each situation individually and specifically. We will provide enough time to the company to comply rather than shutting it down immediately,” the regulator’s head stated, using an unsually mild tone in the current Russian context.
