Russia

Summary

Law: Federal Law of 27 July 2006 No. 152-FZ on Personal Data (as amended 2022) (available in Russian here; an unofficial English version as of 2019 is available here) ('the Law on Personal Data')

Regulator: The Federal Service for Supervision of Communications, Information Technology, and Mass Media ('Roskomnadzor')

Summary: Data protection in Russia is governed by several laws including the Law on Personal Data, which entered into force in 2006 and follows a similar approach to the EU's Data Protection Directive (Directive 95/46/EC). Other notable laws include Federal Law of 27 July 2006 No. 149-FZ on Information, Information Technologies and Protection of Information (only available in Russian here) ('the Law on Information').

Since its adoption, the Law on Personal Data has been amended on numerous occasions to include new data localisation requirements and to clarify the rules on consent, among other things. Most recently, the Federal Law of 14 July 2022 No. 266-FZ on Amending the Federal Law on Personal Data (only available in Russian here) ('the Amendment Law') was adopted to impose stricter obligations on domestic and foreign data operators in terms of how they interact with data subjects as well as processors, and demonstrate their compliance generally and specifically in the case of data transfers. The majority of the Amendment Law's provisions entered into effect on 1 September 2022, while others entered into effect on 1 March 2023.

Browse more content in Russia

All Guidance Notes

All News

All Insights

News

19 April 2024

Russia: Central Bank publishes information on elimination of personal data recorded during its inspections

16 April 2024

Russia: Government approves new consent forms for processing of personal data in unified biometric, identification, and authentication systems

05 April 2024

Russia: President announces instructions for national digital transformation project

05 April 2024

Russia: President issues amendments to the National AI strategy

14 March 2024

Russia: Roskomnadzor adds Discord and Yappy to the register of social networks

05 March 2024

Russia: Duma announces amendments to Code of Administrative Offences and Criminal Code regarding liability for personal data breaches

05 March 2024

Russia: Duma announces amendments to Code of Administrative Offences regarding penalties for unlawful processing of biometric data

02 February 2024

Russia: Roskomnadzor announces unregistered hosting providers are prohibited from offering hosting services

05 December 2023

Russia: New requirements for foreign web hosting providers enter into effect

04 December 2023

Russia: Roskomnadzor fines foreign social media platforms for lack of content moderation and other violations

23 November 2023

Russia: Roskomnadzor issues recommendations on online advertising

30 October 2023

Russia: Roskomnadzor bans foreign hosting service providers from search engines

Insights

September 2022

Russia: Cybersecurity

August 2022

Russia: Amendments to the Law on Personal Data - strengthening privacy compliance

Russia's privacy landscape is set to change on 1 September 2022, with the entry into force of the Federal Law of 14 July 2022 No. 266-FZ on Amending the Federal Law on Personal Data ('the Amendment Law'). Amending the Federal Law of 27 July 2006 No. 152-FZ on Personal Data ('the Law on Personal Data'), the Amendment Law introduces new provisions which will enhance data protection for Russian citizens. It also imposes stricter obligations on domestic and foreign data operators in terms of how they interact with data subjects and vendors and, more importantly, how they demonstrate and document their compliance generally and specifically in the case of data transfers. OneTrust DataGuidance breaks these new provisions down, highlighting the key differences between the existing law.

May 2022

EU - Russia: GDPR v. Russian Law on Personal Data

In this report, OneTrust DataGuidance provides a means of analyzing and comparing data protection requirements and recommendations under the General Data Protection Regulation (GDPR) and the Federal Law of 27 July 2006 No. 152-FZ on Personal Data (the Law on Personal Data).

The report examines and compares the scope, main definitions, legal bases, data controller and processor obligations, data subject rights, and enforcement capacities of the Law on Personal Data with the  GDPR.

You can access the latest version of the report here.

January 2022

Russia: Health and Pharma Overview

September 2021

Russia: Data Protection in the Automotive Sector

July 2021

Russia: Data Protection in the Financial Sector

June 2021

Russia: A new law to target foreign entities within the Russian infosphere

The Russian Parliament adopted Bill No. 1176731-7 on Activities of Foreign Undertakings in the Information Telecommunication Network in the Territory of the Russian Federation, dated 17 June 2021 ('the Law'), aimed at establishing a specific regulatory and legal framework for the activities of foreign (non-Russian) companies operating in the information network (internet) within the Russian Federation. Maxim Boulba and Elena Andrianova, from CMS Russia, provide an overview of the scope of the Law's application, as well as the requirements and sanctions introduced by the Law.

Russia

Summary

Browse more content in Russia

News

Insights

Get the Latest News

Thanks for signing up!

Company

Our Policies

Your Rights

Follow us