Aug 32016

Russia announces new laws requiring telecoms, internet service providers retain personal data and increasing penalties for online hate speech

Colleen Theresa Brown and Tasha D. Manoranjan
, , , , ,

On July 7, Russian President Vladimir Putin signed a law amending existing anti-terrorism legislation that could affect U.S. telecom and internet service companies operating in Russia.  It will require that telecommunications operators and internet service providers (“ISPs”) retain up to 6 months of data, including personal data and communications content, as well as metadata, for periods up to 3 years.  Further, if any encryption is used to protect the data, the telecommunication or internet service provider must provide the Russian authorities the decryption technology.

Russia’s largest mobile phone operators and ISPs have criticized the legislation, saying it is unreasonably costly. A similar data retention law (the EU Data Retention Directive, 2006/24/EC) was invalidated by the EU Court of Justice in April 2014 because it was held to violate privacy and data protection rights.  Some EU countries subsequently annulled their national laws implementing the EU Data Retention Directive.

Another bill signed by President Putin on July 7 imposes tougher sentences for online commentary considered “an incitement to hatred or a violation of human dignity.” Critics say the laws are designed to help the Russian government monitor and crackdown on dissent online.

Sidley does not practice law in Russia, and this posting should not be construed as advice about Russian law.

Colleen Theresa Brown

Washington, D.C.

cbrown@sidley.com

Tasha D. Manoranjan

tmanoranjan@sidley.com

You might also like
UK GDPR Reform Is Back! Department of Science, Innovation and Technology Introduces New Data Protection and Digital Information Bill

On 8 March 2023, the newly created Department of Science, Innovation and Technology (“DSIT”) introduced the Data Protection and Digital Information (No. 2) Bill. The “Bill” is in substance a re-introduction of the previous Data Protection and Digital Information Bill which was withdrawn from Parliament on the same day as the new Bill was published. The Bill, which has been hailed by the UK Government as one that will “save billions” and “cut down pointless paperwork” is the UK’s latest attempt to create a more streamlined piece of data protection legislation for the UK whilst still “ensur[ing] data adequacy.” The Information Commissioner’s Office (“ICO”) also welcomed the re-introduction of the Bill, with the Commissioner stating that he would “support [the Bill’s] ambition.” While much of the Bill remains the same as its previous iteration, we set out the key provisions and notable amendments below.

UK’s New Pro-innovation Approach to Regulating Digital Technologies

On 15 March 2023, the UK Government published, alongside its Spring Budget, a report on the Pro-innovation Regulation of Technologies Review (the “Report”). The Report was led by the government’s Chief Scientific Advisor and National Technology Officer, Sir Patrick Vallance, who was tasked with “bringing together the best minds to advise how the UK can better regulate emerging technologies, enabling their rapid and safe introduction.” In response, the UK Government has accepted all of the Report’s recommendations, and set out some next steps for their implementation.

Substantial Changes to Hong Kong’s Privacy Laws Coming

In a briefing to the Legislative Council (Hong Kong’s legislative body) on February 20, 2023, the Privacy Commissioner (“the Commissioner”) announced that substantive amendments to the Personal Data (Privacy) Ordinance (“PDPO”) will take place.