London Tech Week: What does the new Russian data law mean?
Data Center Management

London Tech Week: What does the new Russian data law mean?

Last year, Russian president Vladimir Putin passed a number of measures in order to restrict foreign involvement in Russian media. He signed a controversial law requiring bloggers with more than 3,000 unique daily visitors to register with Roskomnadzor, the mass media regulator.

Now, starting from 1st September 2015, Russia’s Data Localization Law will require data operators to ensure that the “personal data of Russian citizens be processed via servers located within the territory of Russia”. The aim behind this law is to prevent security services in other countries from accessing Russian private data.

How will this new law affect foreign companies? This is what the panellists have come to discuss at law firm Simmons & Simmons in London.

Speaker Marcus Clayden, Associate at Simmons & Simmons explains:

“[This law] will apply unilaterally across the board not just to consumer-facing data-driven companies but to all companies that touch Russian personal data. If you’ve got a ‘dot ru’ domain name and your website is translated into Russian and you’re targeting Russian nationalists then it is highly likely that any enforcement action may well come your way.”

The enforcement action Clayden is referring to is fines up to 10,000 RUR (approx. $185 dollars). But this could be raised considerably depending on the type of breach. As Tatiana Menshenina, Counsel at Simmons & Simmons explains, the “Russian authorities also have authority to close websites if storage of data breaches the law”. Companies will only be given three days to comply if found to be in breach.   

Clayden warns that many of the IT infrastructures in multinational companies are set up in a “non-compliant way with the incoming requirements”.

“Many multinational companies will have their data repositories in the States or the EU with an outpost operation in Russia. That kind of mechanism where the ‘master copy’ is retained outside Russia is not going to be compliant with the new requirements. That’s certainly a point of concern and something that companies will need to look at when trying to re-jig their current setups.”

Clayden also says that the identification of Russian citizens data will be problematic for companies as it will be difficult or nearly impossible to work out who is and isn’t a Russian citizen. But it’s best to assume that if you are collecting data on Russian citizens then these will be subject to these new requirements.

But the panellists note that there are many ambiguities in the law. For instance, what if there’s a technical breach in relation to disaster recovery systems?

“It’s important that the ‘master copy’ of data is not stored outside of Russia. But say the database in Russia gets corrupted and wiped and your backup system exists outside Russia? [This could be problematic.]”, says Clayden.

Clayden recommends that companies do an internal audit and start working on how the system can be re-jigged to meet the new requirements.

Guy Wilner, CEO of IXcellerate has on the ground experience of building a datacentre in Moscow.  According to Wilner, Russia is the “fastest growing internet market in Europe and is a great source of income for the west.”

“What the Russia law is also trying to do is build a bit more internet infrastructure in Russia. So what I put is, they are encouraging companies to house their sensitive data.”

How fast will companies rush to comply with the new law? Re-jigging an entire infrastructure in just a matter of a few months is no easy task. Wilner warns that the Russian authorities will clamp down on anyone that doesn’t comply.

“What we can see is anecdotal evidence on the ground. When the smoking ban was due to come in Russia a couple of years back, people were joking and saying it was going to be like France where [you could still get away with smoking in certain parts of the restaurant]. Well no, in Russia it was [implemented immediately].”

Plus we are also seeing examples of data localisation from tech companies already. Wilner explains how Microsoft had to bow down to Canada’s requests for data localisation.

“The Canadian government was upset that everything they did in the cloud with Microsoft was not in Canada. All the data was going out to San Jose and probably going through the NSA on its route. So the Canadian government said no to more government contracts until Microsoft complied. So now we have a localised instance of Microsoft Azure Connect. China has also localised a cloud system with Microsoft Azure. We already have two localised instances of the cloud. “

“Data is the new oil. [Companies] don’t want all their oil shipped out and have somebody else make money from it,” Wilner adds.

The general feeling from the panel is, come September, high-profile incidents of non-compliance by companies will be “used as examples” by Roskomnadzor as a warning to multinational companies and also set a clearer precedent to air out the ambiguities. Wilner makes the comparison of Roskomnadzor with Ofcom, the UK’s media regulator. He says that whilst Ofcom merely “makes suggestions”, Roskomnadzor has “limitless powers” so needs to be taken seriously. But Wilner admits that so far, Roskomnadzor has not been “overly aggressive”.

But the warning to multinational companies is clear: companies need to start looking at their internal IT infrastructures now or risk the wrath of Roskomnadzor. According to Wilner, Roskomnadzor can easily block a company’s website within 48 hours - and for a company that relies massively on its online presence for its revenue this could prove to be devastating.

PREVIOUS ARTICLE

«Mellanox: What does faster Ethernet mean?

NEXT ARTICLE

NASA's vision for IT's future»
author_image
Ayesha Salim

Ayesha Salim is Staff Writer at IDG Connect

  • twt
  • Mail

Add Your Comment

Most Recent Comments

Our Case Studies

IDG Connect delivers full creative solutions to meet all your demand generatlon needs. These cover the full scope of options, from customized content and lead delivery through to fully integrated campaigns.

images

Our Marketing Research

Our in-house analyst and editorial team create a range of insights for the global marketing community. These look at IT buying preferences, the latest soclal media trends and other zeitgeist topics.

images

Poll

If it were legal, would your organization hack back?