As this publication is going to print, a new law, which comes into force on the first of September, 2015, will mandate that the personal data (PD) of Russian citizens be stored only in Russia. Or maybe it doesn’t. Or maybe it does, but not only in Russia. Or maybe not stored. Let’s try to understand.
The law was passed unexpectedly. Further, it was approved not in a version that matches the opinion of Russia’s relevant agencies and its business community. According to some unofficial comments, the Act targeted major Internet companies, such as large social networks and search engines, who hold and own a vast array of information about Russia’s citizens. Initially the law’s purpose, as announced, sounded quite noble and necessary – to ensure that every citizen of Russia, in providing their personal data, would be able to demand the data’s deletion. To do this, every citizen must be able to call upon the controller of the personal data, and so this data should be in Russia and there should be a Russian address to which a request for deletion can be made. Continue Reading