We turn to Russia in our data localization series. Russia’s 2015 personal data protection law requires “data operators” to collect and keep information about Russian residents within Russia. It forces them to keep personal data about its citizens on a Russian located server, which must at all times keep at least as much data as is kept on a company’s servers outside Russia. This law resulted in LinkedIn’s being blocked from the Russian internet in 2016 for failing to do this.
In 2019 Russia expanded the authority of its regulator, Roskomnadzor, to levy fines instead of being limited to blocking for violations. While the fines are modest in amount, this lets regulators allow popular sites into Russia while insisting on data localization Russian style. In July 2021, Russia began requiring giant social media companies to establish a Russian presence to connect with Russian citizens.
It’s believed that more than 600 foreign companies have registered with Russian authorities to participate in the Russian market and comply with Russian data laws. These include giants such as Microsoft, Apple, and Samsung. If they fail to comply with Russian law regarding the data of Russian citizens, they can face advertising bans or blocking of access.
Russia’s approach lies between the stricter regimen of China and the globally open approach of the United States. Russia’s Government would argue that its laws are there to protect Russian citizens from data abuse by foreign companies. But tech protectionism and Russian sovereignty over its citizens’ internet use are also at work. Podcast Episode 75 asks what Russia’s data localization means for the original internet dream of communications and commerce across borders. Tune in for the conversation.
If you have ideas for more interviews or stories, please email info@thedataprivacydetective.com.