Data privacy laws have become more prominent in recent years. As the amount of personal information available online has grown substantially, there has been an enhanced focus on the processing of personal data, as well as the enforcement of such laws.
Russia has a number of laws relating to the collection and use of personal data. Federal Law of July 27, 2006 No. 152-FZ “On Personal Data” (Personal Data Law) sets the general rules and principles of personal data processing in the country. The Labour Code of the Russian Federation No. 197-FZ of December 30, 2001 includes rules relating to processing employee data.
There are also related regulations and state authority guidance relating to personal data protection, including:
Russia also uses international instruments relating to data protection and is a party to the Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data dd. 1981 (Convention 108). On October 10, 2018, Russia signed a Protocol modernizing Convention 108. Once this Protocol goes into effect, Russia will have to incorporate the amendments and ensure their enforcement.
____________________________________
There is no single authority responsible for data protection in Russia. Current authorities responsible for enforcement of data privacy law and regulations include the:Federal Service for Supervision of Communications, Information Technology, and Mass Media (Roskomnadzor): This is the supervisory data protection authority, which carries out functions through central and regional offices who supervise data controllers in their respective regions.
Russian Ministry of Digital Development, Communications, and Mass Media: This authority is generally responsible for state policies in data protection, communications and information technology.
Russian Federal Service for Technical and Export Control: This is the authority responsible for supervising the protection of confidential information with use of technical tools.
Russian Federal Security Service: This authority is responsible for supervising the protection of confidential information with use of encryption tools.