The law on the storage of personal data in simple words. Protection of personal data in Russia

Personal data is information about a particular individual. This information users enter on various Internet servers every day. In 2015, the law on the storage of personal data was signed. According to this act, information about citizens of the Russian Federation can be stored only in the territory of Russia. What does it mean? And what is the danger of non-observance of this law?

Prehistory

Back in the distant 2006, the Federal Law on Personal Data was adopted, designed to regulate the specific relations of individuals with so-called operators. Its goal was to protect Internet users from unwanted processing and transfer of personal data to a third party.

The operator is a rather broad concept. They can be a state body, a legal entity, and a physical body. The operator is someone who, for any purpose, makes personal information about a person in his database. He, of course, has no right to disclose the data and use it for purposes that are not known to the person who provided them. Such actions are unethical, and the last ten years they are also illegal.

Since September 1, 2015, after the law on the storage of personal data on the territory of Russia was signed, the operator no longer has the right to use foreign servers in his work. In order to understand who is affected in the first place by such changes and what effect they have, one should understand the basic concepts.

Personal Information

There is a misconception that this concept means information that is contained in the passport and other important documents. In fact, personal data are various information about a person. This may not necessarily be a number or series of passports. Such data are the name, surname, date of birth, e-mail address. Thus, if a business owner creates a corporate website containing a form for registering visitors, he becomes a personal data operator. It can only use this information to carry out the activities known to those who provided it. Disclosure of personal data implies administrative or criminal liability, depending on the severity of the crime.

Confidentiality of information

The operator can distribute data about a person only with his consent. Such actions are illegal. Non-disclosure of personal data is an important condition for processing information. Its main principles are contained in the second chapter of the law. Distribute the operator is entitled to only those information that are contained in publicly available sources, for example - address books and phone books.

Personal data can be divided into general, biometric and special. General are contained in a passport, diploma, military ticket, work record book. Information about race, religion, and political affiliation is classified as special.

Biometric data are biological and physiological characteristics of a person. They also include photos and videos. Thus, the transfer of such files to a third party can be identified as the disclosure of personal data. The exception are group photos.

Treatment

In legislative acts there are phrases, the meaning of which may not always be clear. One of them is the processing of personal data. This term refers to the actions that an operator makes on the information received, namely personal data. He accumulates, stores, specifies, uses, depersonalizes, blocks and destroys them. The operator has the right to do all this. It transgresses the law only when there is a disclosure of personal data, that is, the transfer of personal information to a third party.

Since September 1, 2015, significant restrictions have been introduced in this area of activity. The law on the storage of personal data does not allow, for example, the owner of a website to store the received data on foreign servers. Even if he uses them exclusively for good purposes.

Decontamination

This action is performed in order to hide the identity of the personal data of a person (in the legislative act, he is called a subject). This is a kind of protection of personal data. There are several ways of depersonalization:

• Replacement of information;
• Replacement of digital data:
• Reduction of information;
• Distribution of information on different servers.

Subject

A person has the right to access his personal data. The rights of the subject of personal data imply the possibility of an individual whose data is stored in the database, require the operator to update them, change, delete, if necessary. Everyone has the right to demand the provision of information in the event that they do not contain data from other entities.

Other concepts

All data about a person are stored in databases. With the help of certain means, they are processed and used by the operator. This technology is called the personal data information system. Today, everything is used by it, starting with small businessmen, ending with state executive bodies. They also have personal data protection. Monitoring compliance with the requirements provided for by law is exercised by Roskomnadzor, FSB and FSTEC.

Cross-border data transfer is the transfer of information to a natural or legal person of a foreign state.

FZ on personal data ensures the inviolability of the individual, his family and personal life. The new law pursues the same goals, but it creates certain inconveniences for many operators.

Data storage in Russia

In their activities, each operator should now use only those databases that are stored on the territory of Russia. Why are such restrictions created? The law mentioned above affects first of all the security of personal data. But nothing is said about the scope of his action.

All areas of activity on the territory of Russia must be carried out in compliance with the legislation of the Russian Federation. However, in the World Wide Web, any action is of a transboundary and virtual nature, which makes it difficult to control the work of operators. At the same time, the fact that the Internet site is available to Russian residents does not at all say that Russian legislation should apply to it. Storage of databases on Russian servers facilitates control over the activities of operators.

The law on the storage of personal data provides for the processing of personal data only on Russian Internet resources. But there are exceptions. They concern foreign servers aimed at the territory of the Russian Federation. This direction can indicate the Russian-language site or domain name. However, since the Russian language is quite common outside the Russian Federation, the following elements are additionally considered: the possibility of calculation in Russian rubles, the conclusion of contracts in the territory of the Russian Federation. Thus, foreign entrepreneurs include Russian consumers in their business strategy. And the law on personal data is directed to their activities.

Foreign servers

So, the law now allows the storage of personal data only on Russian servers. Data bases outside the Russian Federation can not be processed. The State Duma passed a law on this prohibition. However, this document gives rise to many problems. And first of all, the difficulties relate to entrepreneurial activity.

Specialists in the field of electronic communications believe that this can lead to the withdrawal of global Internet resources, and he, in turn, to significant economic losses. First of all, we are talking about air ticket booking sites.

Disadvantages for Entrepreneurs

Experts believe that the new law will negatively affect the activities of many Russian companies. Each of his offenders from September 1, 2016 falls into the black list of Roskomnadzor. This list today consists of pirate sites and sites that promote illegal activities or actions that do not correspond to moral and ethical standards (violence, suicide, child porn, extremism). The ban on these resources is quite understandable. But many enterprises that carry out absolutely legal activities may not be able to transfer their bases to Russian resources by the specified date.

Another goal of this law is to ensure the security of personal data from the actions of American special services. These government structures are required to provide foreign resources with all available information. However, ensuring the security of personal data from the penetration of foreign special services employees, the law creates many inconveniences and problems for small, medium and large Russian enterprises.

Data Storage Services

Most companies today are selling, resorting to Internet marketing. One of the main tools is email distribution. Owners of corporate websites use online services to inform their customers about the various activities that are held in their companies. This scheme is so common that without it today it is difficult to imagine the development of any kind of business. There is still the misconception that site owners are not operators, because they do not store personal data. This is for them to make special online services. But after all processes and forms the data about users the owner of a site. That is why he is the operator and in the near future is obliged to transfer all available information about Internet users to Russian resources. It is not easy to do this, and such actions, first of all, involve considerable financial costs.

The retroactive force of law

The established legal principles suggest that the personal data already available to operators, created before the date of signing the law, is not a violation. However, the use of personal data requires their updating and modification. The law says that the operator can now process this information only on the Russian server.

Collection of information

The operator is obliged to localize all data on the Russian server. And these actions, according to the wording in the law, are closely related to the collection of personal data. This term is used to refer to targeted information about individuals. It is usually provided by the user of the Internet. But often it happens that the data is accidental. For example, as a result of receiving various letters. The collection of information is also not information about one legal entity received by another organization. Such information is contact, and its processing is necessary for joint activities.

Data transfer outside the Russian Federation

The law does not affect cross-border data transmission. The provisions, which were formulated in 2006, have not lost their strength. Therefore, the operators, as before, have the right to transfer data entered into the database created on the territory of the Russian Federation to other ones located abroad. However, such actions require compliance with certain standards. First of all, the operator must make sure that the country to which the data transmission will be carried out has adequate protection of the personal information of Internet users.

The impact of the new law on the banking sector

Many purchases are now made via the Internet. The buyer often pays for the goods with a bank card. Cellular companies and payment systems are, as a rule, on foreign servers. The Russian payment system is not yet available. And without it, keeping the law will not be easy.

However, some large companies still store information on the territory of the Russian Federation. And by exchanging data with foreign partners, they resort to depersonalization.

Data center

At the moment, the Moscow Region is building a new data center, which will become the largest in Russia. Large companies invest in this project because they can not underestimate the importance of storing personal data. However, these works involve some difficulties. It is impossible to quickly build a data center.

Experts believe that the new law needs to be finalized. Otherwise, he will not be able to act at full strength. Its main drawback is a regular ban, from which small and medium-sized businesses can be particularly affected. And this area today is already in a rather deplorable state. Either way, the new law has many opponents, but there are those to whom it is not terrible.