Roskomnadzor blocked national access to LinkedIn for non-compliance with recent legislation on personal data storage.AFP/East News
At the end of November Russia's telecom regulator, Roskomnadzor, blocked national access to LinkedIn for non-compliance with recent legislation on personal data storage. Adopted by the State Duma in 2014, and enforceable since September 2015, the law requires companies operating in Russia to store the personal data of Russian users and clients on servers that are physically located in the country.
Critics say the Russian government has taken a hard line on digital media over the past several years, but the recent decision to block LinkedIn has little to do with politics or ideology. Russia’s new legislation may be perceived not only as a costly thorn in the side of global businesses, but also as a chance to prepare themselves for the new realities of tomorrow.
Russia's main requirements for managing personal data can be summarized as follows:
· Personal data may be collected, stored and used only with user consent, preferably in written form.
· Personal data, or at least an electronic copy of it, must be stored in databases that are physically located on Russian territory.
· Data operators storing personal data are liable for keeping such data confidential and are not permitted to transfer, share or disclose such data without user consent.
These rules apply specifically to personal data, which should not be confused with any other user-related data. According to Russian law the primary characteristic of “personal data” is the ability to identify among many persons a specific, unique individual. Thus, most social network content, for example, does not fall within the scope of this law.
At the same time, several issues concerning the law are still ambiguous. In particular, it is not entirely clear whether or not it is possible to transfer the personal data of Russian citizens who live abroad.
Though there have been several other cases of site blocking for non-compliance (such as the phone number database, Abonenty-chast2.pw, and the car-driver database, Autonum.info), Roskomnadzor has displayed a mild attitude towards international companies, giving violators extra time to comply with the law.
Thus many businesses — such as Alibaba, Apple, Booking.com
While Facebook and Twitter have not yet fully complied, they meet regularly with Roskomnadzor, and the measures they have undertaken are regarded as satisfactory.
LinkedIn was blocked only after failing to provide satisfactory answers to repeated Roskomnadzor inquiries. Access to the site was denied after two court rulings earlier this year – an initial hearing, and an appeal.
Strangely enough, while LinkedIn has not complied with Russian law it reportedly agreed to local Chinese legislation regarding the storage of personal data in local servers when it entered that country two years ago.
Russia is not the only state to have introduced restrictions on the storage and international use of personal data. Australia, Hungary, Indonesia, Panama, and other countries have also adopted specific measures against the illegal storage of personal data. Russian law, however, is arguably the most stringent because non-complying websites can simply be blocked.
Such moves may well illustrate the resurgence of national sovereignty in the digital sphere. This should not come as a surprise because many governments, both authoritarian and democratic ones, are trying to put an end to the lack of regulation of the borderless World Wide Web. This issue became especially relevant after Edward Snowden and others revealed that the lack of regulation allows a handful of powerful governments and corporations to wield an enormous amount of control in the digital realm.
First published by East-West Digital News