Man
Professional
- Messages
- 3,070
- Reaction score
- 606
- Points
- 113
Roskomnadzor has proposed new standards for the protection of personal data.
Roskomnadzor proposed to develop and legislate mandatory standards for working with personal data, which all participants in the circulation of this data will have to comply with. This was announced by a representative of the department in an interview with RBC, noting that the initiative is still at the stage of proposal.
According to Roskomnadzor's explanations, organizations will be able to collect only the data that is necessary to perform specific tasks, and such collection will be possible only on the basis of the law, and not with the consent of citizens, as is the case now. Instead of receiving data directly from citizens, organizations will be able to contact authorized bodies if this is required to perform their functions. The representative of the department also noted that at present, personal data is often collected "just in case", without a clear purpose for their use.
The data controller is any person or organization that processes such data. According to the head of the State Duma Committee on Information Policy, Alexander Khinshtein, there are more than 5 million legal entities in Russia, including individual entrepreneurs, who process personal data. However, as Khinshtein noted, not all of them can provide reliable protection of this data. In this regard, the deputy proposed to create an institute of trusted operators who will be able to store personal data for those organizations that cannot do it on their own. Trusted operators will be under the control of the state, and other market participants will be able to access the stored data through secure channels, he explained.
Personal data, according to Russian law, is divided into several categories: general data (full name, date of birth, address), special data (e.g. race, religion, health information), biometric data (fingerprints, DNA) and others, such as location and memberships in organizations. To date, the main basis for data collection is the user's consent, although it is also possible to collect data on the basis of legislation or for the performance of contractual obligations.
Serious sanctions are provided for violation of the rules for processing personal data. Fines for individuals can reach 300 thousand rubles, and for legal entities - up to 1 million rubles. Criminal liability is also provided, up to imprisonment for up to five years. In 2024, the State Duma will consider amendments that could strengthen both administrative and criminal liability for personal data leaks, which has already caused criticism from business representatives.
Roskomnadzor's proposal to introduce mandatory standards for working with personal data may have a significant impact on the business community. According to the existing rules of standardization in Russia, national standards are voluntary, and only those included in technical regulations can be mandatory. In order for the new standards for the processing of personal data to become mandatory, it will be necessary either to amend the legislation or to create a special technical regulation.
In addition, Roskomnadzor, as a supervisory body, does not have the authority to develop such standards, which implies the need to involve other authorized bodies in the creation and implementation of relevant standards.
Representatives of the IT industry point to the complexity of a universal approach to data processing. Different companies work with completely different volumes and types of information: from small online stores to large tech giants serving millions of users. Unifying standards for such different market participants can lead to problems with the introduction of new services and limit the ability of businesses to work with data.
In addition, the introduction of mandatory standards can significantly complicate the work of companies and increase their costs for compliance with new requirements. This can be especially true for small and medium-sized businesses, which may not have sufficient resources to provide the required level of data protection.
However, Roskomnadzor's initiative to create data processing standards fits into the global trend of strengthening the protection of personal data. The introduction of stricter rules, similar to those used in European legislation (GDPR), can lead to a decrease in the risks of data breaches and increased transparency in the activities of companies.
At the same time, it is important to take into account that adapting to the new rules will require time and effort on the part of the business. Minimizing the amount of data collected can be particularly challenging, as it requires a careful assessment of what data is needed for a particular business task.
Source
Roskomnadzor proposed to develop and legislate mandatory standards for working with personal data, which all participants in the circulation of this data will have to comply with. This was announced by a representative of the department in an interview with RBC, noting that the initiative is still at the stage of proposal.
According to Roskomnadzor's explanations, organizations will be able to collect only the data that is necessary to perform specific tasks, and such collection will be possible only on the basis of the law, and not with the consent of citizens, as is the case now. Instead of receiving data directly from citizens, organizations will be able to contact authorized bodies if this is required to perform their functions. The representative of the department also noted that at present, personal data is often collected "just in case", without a clear purpose for their use.
The data controller is any person or organization that processes such data. According to the head of the State Duma Committee on Information Policy, Alexander Khinshtein, there are more than 5 million legal entities in Russia, including individual entrepreneurs, who process personal data. However, as Khinshtein noted, not all of them can provide reliable protection of this data. In this regard, the deputy proposed to create an institute of trusted operators who will be able to store personal data for those organizations that cannot do it on their own. Trusted operators will be under the control of the state, and other market participants will be able to access the stored data through secure channels, he explained.
Personal data, according to Russian law, is divided into several categories: general data (full name, date of birth, address), special data (e.g. race, religion, health information), biometric data (fingerprints, DNA) and others, such as location and memberships in organizations. To date, the main basis for data collection is the user's consent, although it is also possible to collect data on the basis of legislation or for the performance of contractual obligations.
Serious sanctions are provided for violation of the rules for processing personal data. Fines for individuals can reach 300 thousand rubles, and for legal entities - up to 1 million rubles. Criminal liability is also provided, up to imprisonment for up to five years. In 2024, the State Duma will consider amendments that could strengthen both administrative and criminal liability for personal data leaks, which has already caused criticism from business representatives.
Roskomnadzor's proposal to introduce mandatory standards for working with personal data may have a significant impact on the business community. According to the existing rules of standardization in Russia, national standards are voluntary, and only those included in technical regulations can be mandatory. In order for the new standards for the processing of personal data to become mandatory, it will be necessary either to amend the legislation or to create a special technical regulation.
In addition, Roskomnadzor, as a supervisory body, does not have the authority to develop such standards, which implies the need to involve other authorized bodies in the creation and implementation of relevant standards.
Representatives of the IT industry point to the complexity of a universal approach to data processing. Different companies work with completely different volumes and types of information: from small online stores to large tech giants serving millions of users. Unifying standards for such different market participants can lead to problems with the introduction of new services and limit the ability of businesses to work with data.
In addition, the introduction of mandatory standards can significantly complicate the work of companies and increase their costs for compliance with new requirements. This can be especially true for small and medium-sized businesses, which may not have sufficient resources to provide the required level of data protection.
However, Roskomnadzor's initiative to create data processing standards fits into the global trend of strengthening the protection of personal data. The introduction of stricter rules, similar to those used in European legislation (GDPR), can lead to a decrease in the risks of data breaches and increased transparency in the activities of companies.
At the same time, it is important to take into account that adapting to the new rules will require time and effort on the part of the business. Minimizing the amount of data collected can be particularly challenging, as it requires a careful assessment of what data is needed for a particular business task.
Source
