Russia Will Fine Companies That Don’t Post Privacy Notices

Bloomberg Law: Privacy & Data Security brings you single-source access to the expertise of Bloomberg Law’s privacy and data security editorial team, contributing practitioners,...

By Sergei Blagov

Russia’s privacy regulator July 13 reiterated the legal obligation for companies to publicly publish their privacy policies to avoid fines.

Companies that control the collection and uses of personal data, including online businesses, are subject to fines if they don’t make privacy policies publicly available, the Federal Service for Oversight of Communications, Information Technology, and Mass Media (Roskomnadzor) said in a statement.

However, only the failure to publish policies is subject to fines, Roskomnadzor said. The policies’ content isn’t subject to administrative penalties. An advisory body will work on recommendations for content compliance standards under the Russian personal data protection law, the regulator said.

New, higher privacy fines took effect July 1. Failure to publish privacy policies may result in fines of 15,000-30,000 rubles ($247-$494) for businesses, and 3,000-6,000 rubles ($49-$98) for company executives.

Other newly increased fines cover a variety of violations, including:

  •  unlawful processing of personal data—30,000-50,000 rubles ($508-$846) for businesses, and 5,000-10,000 rubles ($85-$169) for corporate executives;
  •  processing personal data without consent—15,000-75,000 rubles for businesses ($254-$1,269), and 10,000-20,000 rubles ($169-$338) for executives; and
  •  failure of companies that control data to meet data protection requirements—20,000-50,000 rubles ($338-$846) for businesses, and 3,000-10,000 rubles ($51-$169) for executives.

To contact the reporter on this story: Sergei Blagov in Moscow at

To contact the editor responsible for this story: Donald Aplin at

Copyright © 2017 The Bureau of National Affairs, Inc. All Rights Reserved.

Request Bloomberg Law: Privacy & Data Security