Russia Topic Page

On this topic page, you can find the IAPP’s collection of coverage, analysis and resources related to privacy in Russia.

Featured Resources


Russia amends data protection law to increase personal data subjects’ rights

Russia enhanced personal data subjects’ rights by changing fines and extending the limitation period for data-related breaches. Nikita Maltsev breaks down the revamped slate of fines and new limitation period under the federal law.
Read More


Look but don’t touch — Russia to restrict processing of public data

Gorodissky & Partners Senior Lawyer Stanislav Rumyantsev, CIPP/E, has the details on the new rules and how data controllers should prepare for them.
Read More


Encrypt your data to make GDPR and Russian Data Localization Law compatible

Oleg Blinov suggests encryption could be “a strategy that would be in formal compliance with Russian personal data law while maintaining a high level of protection of data subject’s rights and interests.”
Read More

Additional News and Resources

Russian ransomware group claims to publish Costa Rican government data on dark web

A Russian-linked ransomware group stole more than a terabyte of Costa Rican government data, Tech Monitor reports. Conti took credit for the attack, which targeted six Costa Rican governmental departments, including tax and customs administration and finance ministry. Conti demanded a $10 million payment by April 23. Following Costa Rica’s refusal to pay, the group claimed to release 80% of the stolen data on the dark web. The Costa Rican government website has been down since the attack took pl... Read More

Moscow metro launches facial recognition payment system

The city of Moscow launched "Face Pay," a facial recognition fare system for their network of more than 240 metro stations in the city, Reuters reports. "Moscow is the first city in the world where this system is operating on such a scale," Maxim Liksutov, head of the the city's transport department, said. The Moscow metro system serves a population of 12.7 million people in Moscow. Using "Face Pay" as a way to pay your fare is not required, Liksutov added, and the previous payment methods will ... Read More

UK, US say Russian hackers carried out SolarWinds attack

ZDNet reports U.K. and U.S. intelligence agencies accused hackers from a Russian foreign intelligence service of executing various cyberattacks, including the SolarWinds data breach. In the U.S., the accusation was included in a joint advisory from the National Security Agency, Cybersecurity and Infrastructure Security Agency, and Federal Bureau of Investigation, also noting five ongoing system vulnerabilities that need patching. The U.K. National Cyber Security Centre issued its own claim placi... Read More

Proposed Russian privacy law amendments curb data sales

Russia's Ministry of Digital Development unveiled proposed amendments to the Federal Law on Personal Data that would prohibit the sale of personal data by telecommunications companies without prior consent. The ministry indicated the changes come as a response to increased violations of legislation related to spam advertising by telecoms. However, telecoms would still be able to share data with government agencies on a case-by-case basis via anonymization practices.Full Story ... Read More

Russian hackers compromised US agencies

The Washington Post reports Russian government hackers compromised U.S. agencies, including the departments of the Treasury and Commerce. Hackers known by nicknames APT29 or Cozy Bear are believed to have breached email systems in some cases. The extent of the breaches is unknown but may have begun as early as spring and are under investigation by the Federal Bureau of Investigation. Cyber firm FireEye said victims include government, technology, and oil and gas companies in North America, Europ... Read More

Russian State Duma to adopt biometrics law

A law on the use of biometrics in financial services could be adopted by the Russian State Duma next month. Financial Market Committee Chairman Anatoly Aksakov told the Federal Assembly of the Russian Federation that second and third readings of the bill will be held in June. “Instructions have already been given on how to prescribe the relevant standards,” he said. (Original post is in Russian.)Full Story... Read More

Human Rights Watch: Russian federal database threatens privacy

Human Rights Watch reports that a law creating a “uniform federal database” would threaten the right to privacy and weaken personal data protections in Russia. The database would contain birth certificates, passport details, gender changes, taxpayers’ information and more of the entire population. It would be run by the Federal Tax Service, and data could be shared with election commissions and law enforcement. The law was adopted by Parliament’s lower chamber May 21.  Full Story ... Read More

When the GDPR is not quite enough: Employee privacy considerations in Russia, Belarus, and Ukraine 

Software developers from Russia, Belarus, and Ukraine have become well known outside their countries for delivering high-quality IT products and services. The strong education system, wide pool of tech graduates, and moderate pay rates in these countries produced attractive destinations for the technology industry. Despite the proximity to Western Europe, the business and legal environment in Russia, Belarus, and Ukraine is very different from the one established in the EU and is often perceive... Read More

Why Russia blocked four messengers

Last week, Russian Federal Service for Supervision of Communications, Information Technology and Mass Media ("Roskomnadzor") included into the so-called "registry of prohibited websites" such messengers as BlackBerry Messenger (BBM), LINE,, and audio-visual chat service Vchat. Roskomnadzor announced that not only the access to the websites of these platforms would be blocked but also access to their applications. Currently, all these platforms are unavailable within the territory of Russi... Read More

Why LinkedIn was banned in Russia

On Nov. 17, 2016, Roskomnadzor (the Russian data protection authority) included LinkedIn within the database on the Register of Personal Data Infringers as a violator of data subjects’ rights and sent an order to telecommunications companies to block access to LinkedIn within Russia. The order (in Russian) was issued according to a Moscow District Court decision (in Russian) from August, 4 2016, to block LinkedIn, and was followed by the formal opinion of Moscow City Court from November 10 to up... Read More