Russia
| OVERVIEW | Privacy and data protection are new issues for Russia. The legislation is modeled on the EU Data Protection Directive but does not meet all of its requirements. |
| ENACTED | 2006 |
| GENERAL PRIVACY LAWS |
Federal Law of the Russian Federation of 27 July 2006 No. 152-FZ On Personal Data This law is intended to be an omnibus law and applies to all kinds of personal data in the Russian Federation. The Criminal Code imposes criminal liability for the invasion of privacy, which includes violating the secrecy of communications and unauthorized access to legally protected computer information. |
| PERSONAL DATA PROTECTION LAWS AND REGULATIONS | Federal Law of the Russian Federation of 27 July 2006 No. 152-FZ On Personal Data |
| TYPE OF DATA PROTECTED | Personal Data |
| WORKPLACE PRIVACY LAWS | The Russian Labor Code does not specifically address monitoring by an employer. |
| TRANSBORDER TRANSFERS |
The Federal Law on Personal Data legislates what is permissible regarding the transfer of data outside of Russia. The Law ensures that data shall not be transferred to any country that provides less protection to personal data than Russia. If this is demonstrated, the data subject's consent is not needed. The Law also allows the owner of a database to transfer data from a database in Russia to another country if certain conditions are met. One of the conditions is if the data subject has given his or her written consent for the transfer. |
| FINES AND SANCTIONS | Civil and criminal sanctions. |
| OTHER PRIVACY LAWS AND REGULATIONS |
Under the Federal Law, data operators are required to notify the Federal Service on Control of Communications before personal data are processed. This is not required in certain cases, including: In some instances concerning employment relations with an individual, where the data are strictly necessary for the purposes of employment; and Contractual relations with an individual. The Federal Service for Supervision of Mass Media, Communications and Protection of Cultural Heritage made an Order on 28 March 2008, requiring owners and operators of certain databases which process personal data to submit their details to a register. Federal Law on the Central Bank of the Russian Federation mandates confidentiality of customer financial information. “On Banks and Banking Activities” Act limited the application of banking secrecy laws. |
