Russian police man metal detectors at the entrance to Moscow’s Red Square, 4 November 2023. Photo: EPA-EFE / MAXIM SHIPENKOV
Russia’s Ministry of Digital Development, Communications and Mass Media has drawn up a draft decree outlining the circumstances in which the authorities can access staff and customer data held by businesses operating in Russia, Forbes has reported.
According to the decree, the authorities will be empowered to demand that individual businesses hand over the anonymised personal data of customers and employees to protect the population in the event of an emergency, to prevent terrorism and to prevent the spread of infectious diseases, as well as for the purposes of economic and social research.
The draft decree, which is expected to come into force in September 2025, was drawn up after amendments were made to the law On Personal Data, which was adopted on 8 August. That law created a State Information System to which, upon request, businesses and state agencies are required to upload the personal data of their staff and customers.
The Big Data Association, a nonprofit engaged in developing standards for processing, storing, transmitting and using Big Data and whose members include major Russian firms such as Yandex, VK, and Gazprombank, warned that the draft decree would allow the Russian authorities to request personal data from businesses “for virtually any reason”
“This creates legal uncertainty and places an unreasonable regulatory burden on anyone processing personal data, which is practically any company or organisation,” the nonprofit said in a statement.
