Janrain Privacy Update - Russian Personal Data Localization
Here at Janrain, we want to keep you up to speed on the shifting landscape of customer identity laws. We track customer data legislation across the globe, and, where needed, maintain compliance on your behalf through updates to the Janrain infrastructure. We have been following the Russian Personal Data Law (Federal Law No. 242-FZ) for more than a year. Here’s a brief update on the current status of the law:
On September 1, Russia’s Personal Data Law took effect. One of the requirements of the law is personal data localization. Since the law was originally passed in 2014, we - and many others - have been stymied by the language, which is quite broad and quite vague.
To date, most international companies have taken a “wait and see” approach in response to the data localization requirements and given the recent guidance provided by Russian authorities, that approach has been justified.
In August, with the explicit aim of reducing tensions, the Russian Ministry of Communications and Mass Media (Minkomsvyaz) provided the following clarifications regarding the data localization requirements:
Although the individual facts and circumstances of individual companies may no longer be comfortable taking a wait and see approach, indications are that those companies continuing to be deliberate in their analysis before acting are in good company. At this time, Janrain does not plan to establish hosting facilities in Russia and we believe that the current approach of Facebook, LinkedIn, Google and others in also not doing so is a prudent course of action. We will continue to carefully monitor the official proclamations as well as the practical aspects of compliance and will keep you up to date as things develop.
If you have any questions, please reach out to your Account Manager who can coordinate with the appropriate additional Janrain resources.
Resources:
Here at Janrain, we want to keep you up to speed on the shifting landscape of customer identity laws. We track customer data legislation across the globe, and, where needed, maintain compliance on your behalf through updates to the Janrain infrastructure. We have been following the Russian Personal Data Law (Federal Law No. 242-FZ) for more than a year. Here’s a brief update on the current status of the law:
On September 1, Russia’s Personal Data Law took effect. One of the requirements of the law is personal data localization. Since the law was originally passed in 2014, we - and many others - have been stymied by the language, which is quite broad and quite vague.
To date, most international companies have taken a “wait and see” approach in response to the data localization requirements and given the recent guidance provided by Russian authorities, that approach has been justified.
In August, with the explicit aim of reducing tensions, the Russian Ministry of Communications and Mass Media (Minkomsvyaz) provided the following clarifications regarding the data localization requirements:
- The requirements do not apply to a non-resident company located and operating outside of Russia unless circumstances indicate that the company is conducting Russia-oriented business activities.
- Merely providing Russian citizens with access to a foreign-based web site or mobile property does not by itself subject the data operator to the requirements.
- The requirements do not apply to a company sharing employee data with another business as part of a legal business activity.
- The transfer of Russians’ personal data to a secondary database outside the country is permitted so long as the primary database used for collection is within Russia.
- Databases with Russians’ personal data created before September 1, 2015 are not subject to the requirements unless they are updated on or after September 1.
Although the individual facts and circumstances of individual companies may no longer be comfortable taking a wait and see approach, indications are that those companies continuing to be deliberate in their analysis before acting are in good company. At this time, Janrain does not plan to establish hosting facilities in Russia and we believe that the current approach of Facebook, LinkedIn, Google and others in also not doing so is a prudent course of action. We will continue to carefully monitor the official proclamations as well as the practical aspects of compliance and will keep you up to date as things develop.
If you have any questions, please reach out to your Account Manager who can coordinate with the appropriate additional Janrain resources.
Resources:
- Ministerial clarification in Russian regarding the data localization requirements. (The translation via the Google Chrome browser is fairly straightforward.)
- August 10, 2015 Bloomberg BNA article regarding the ministerial clarifications.
- September 1, 2015 Moscow Times Op-ed piece decrying the law and opining that its enforcement would only deepen Russia’s isolation.
- Wall Street Journal article (updated on August 31, 2015) regarding
This email was sent to loopholing@gmail.com. You are receiving this email because you have had previous contact with Janrain. If you no longer wish to receive these emails, you may change your email preferences or opt-out from all Janrain communications.
No comments:
Post a Comment