The Russian Federation Council information policy committee said that the data use policy used by the Facebook company did not meet the standards of the European convention for the protection of individuals.
"We have determined considerable violations of the current Russian and international legislations [in the framework of the legal analysis of the data use policy]. In particular, Facebook does not have an official office in our country and is managed by the Facebook Inc. corporation registered in the United States. But the aspect of fundamental importance is that Facebook's data use policy does not comply with the standards of the European convention ratified by Russia," the committee's head, senator Ruslan Gattarov told Interfax on Wednesday.
Due to this, Gattarov has sent a statement to Russian Prosecutor General Yury Chaika and Head of the Federal Service for Supervision in the Sphere of Telecom, Information Technologies and Mass Communications, Alexander Zharov.
Facebook's data use policy does not comply with the existing Russian law On Personal Data, Gattarov said.
In particular, the data use policy stipulates that the company would never transfer the user's data to a third party, excluding a number of cases, in particular with the user's permission and having notified him or her in advance, Gattarov said.
"So this part literally stipulates getting the user's permission and notifying of transfer as equal grounds to transfer personal data," Gattarov said. Thus, Facebook gets the opportunity to transfer personal data of users to thirds parties legally, he said.
"It is simply enough to notify the user of this fact and to give personal data of the citizen to a third party without getting the permission. Such practice contradicts the standards of the existing Russian law, which clearly says that it is necessary to obtain the permission of a person to process and transfer his personal data to other parties," Gattarov said.
Gattarov said he asked due to this to check the Facebook company regarding its data use policy and if the cases of violations of existing law were confirmed, to take necessary measures.
Facebook's data use policy does not clearly determine the purpose of gathering personal data, which is rigorously required by the European convention.
"The text of Facebook's policy contains parts, which are abstractly formulated from the legal point of view and which allow to base virtually any actions with personal data as the necessity to process it in the framework of administrating the law," he said.
The convention also requires stipulating purposes of processing personal data, Gattarov said. "The existing form of the data use policy purposes can be regarded as not meeting the criteria of adequacy, relevancy and sufficiency," he said.
If the check confirms the facts found, then it will be necessary to react to them accordingly, including by taking necessary legislative measures, Gattarov said.
All rights reserved by Rossiyskaya Gazeta.