March 2021 brought two significant amendments to Russia’s Personal Data Law: one related to processing of publicly available personal data, and another increasing fines for violations of various data privacy requirements. This article provides a summary of the amendments.
Special requirements for processing publicly available personal data
Russia’s Personal Data Law was amended with new requirements for the processing of publicly available personal data. The amendments came into force on 1 March 2021, except for one provision related to a new information system maintained by the Russian data protection authority (discussed below). According to Russian data protection authority there is no need to re-execute consents for personal data dissemination obtained in compliance with law before 1 March 2021.
The new requirements are intended to protect published personal data against uncontrolled distribution by creating a default presumption that publicly available personal data cannot be further disseminated by third-party readers. They also give data subjects the possibility to indicate which of their personal data may become publicly available and how the published data may be processed by third-party “readers.”
Read more on Engage.