Kartik Sharma

Russian Federation

Gwalior Glory High School

THE RIGHT TO PRIVACY IN THE DIGITAL AGE

1. Almost every single country in the world operates a secretive arm of government
consisting of intelligent agencies of varying degree of organization, staffing,
sophistication and impact on world affairs. One of the most important country is
RUSSIAN FEDERATION with its intelligence agency namely, Foreign Intelligence
Service-SVR. Russian federation is seems to be one of the most focused country because
of its power and role in the UNITED NATIONS.
Russian Federation is always being concerned about its technology and surveillance
program going in its country as well as around the globe and some of the surveillance
technologies which Russian Federation uses are-
 Voice Recognition;
 Face Spotting;
 Data Grabbing;
 Mobile Phone Interception;
 Bus Tracking.

2. Russian Federation’s policies in relation to the issue:

In 2005, Russia ratified the 1981 Council of Europe Convention for the Protection of
Individuals with regard to Automatic Processing of Personal Data (the 1981 Convention).
Russia adopted its Federal Law on Personal Data, which is a primary source of legislation
in the sphere of data protection and in many respects is similar to the EU data privacy
legislation, in 2006. With the Federal Law on Personal Data having only an 11-year history,
Russian data privacy regulation is still quite young.

Personal data has not been a primary interest of the government, business and media, but just an
accompaniment to some larger topics. This situation was compounded by the fines for non-
compliance with the personal data rules having always been very insignificant.

The situation greatly changed in 2014, when Russia adopted personal data localization rules,
requiring all operators that collect and process the personal data of Russian citizens to use
databases located in Russia. New requirements applying to the personal data of all Russian
citizens, irrespective of their legal relations with the personal data operators, immediately
received a very negative response from the business community. Although the new rules have
not banned the cross-border transfer of personal data, many foreign businesses believe that the
requirement for primary data processing via Russian databases is excessive.
The new rules also introduced the option to block non-compliant websites on the Russian
territory. The supervising authorities have also become significantly more proactive and have
proceeded with numerous audits of major Russian companies and local branches of major
multinational companies.

Russia also adopted a set of counter-terrorism amendments requiring ‘organizers of distribution

of information on the internet’ to retain data on internet communications on the Russian territory
for six months and to disclose it to the Russian authorities. This further set of even more
burdensome counter-terrorism amendments were adopted in 2016 and 2017.The new rules have
seriously impacted some foreign businesses, especially online services. Now, three years
having passed following the adoption of the localization rules, a lot of major foreign
companies operating in Russia have rerouted their data flows to comply with these new
requirements. At the same time, some foreign companies are still searching for the most
feasible compliance options.

Russia is also looking for solutions to apply in the future to protect privacy in a more
critical way and at the same time those solutions which could also improve the business
with foreign companies without violating the privacy rights.
3. Russian Federation thinks that the following solutions/suggestions can be the best way to
solve the problem:

 MAKE SECURITY A PART OF EVERY DECISION: Start with security. Factor it

into the decision making in every department of your business—personnel, sales,
accounting, information technology, etc. Collecting and maintaining information ‘just
because’ is no longer a sound business strategy. Savvy companies think through the
implication of their data decisions. By making conscious choices about the kind of
information you collect, how long you keep it, and who can access it, you can reduce the
risk of a data compromise down the road.
 IMPLEMENT EFFECTIVE CYBERSECURITY: Many resources are available that
outline the basics of cybersecurity, including the “Beginner’s Guide to Product and
System Hardening” and “Recommendations for Initiating an Enterprise
Cybersecurity Strategy,” both from the Security Industry Association’s Cybersecurity
Advisory Board.
 HAVE A PLAN IN PLACE TO RESPOND TO BREACHES: An incident response
plan enables organizations to contain damage and costs by reacting to security
incidents in as timely and effective a manner as possible. Thinking about each
scenario helps the organization to evaluate the potential impact, planned response
activities, and resulting recovery processes long before an actual cyber event takes place.
These exercises help identify gaps that can be addressed before a crisis situation,
reducing their business impact.
 PROPER DATA MANAGEMENT: Most of the governments, companies and special
agencies fail to manage the data properly which leads to data leaks. Managing each every
data of the citizens is next to impossible but dividing the data in accordance to their
context among each department makes it easier to manage the data as well as lessen the
chances of data leaks.