Russian Duma Passes Measure to Set New Deadline for Companies to Use Local Servers

Bloomberg Law: Privacy & Data Security brings you single-source access to the expertise of Bloomberg Law’s privacy and data security editorial team, contributing practitioners,...

Dec. 17 — In a move that would remove some pressure on international companies that process personal data of Russian citizens, the State Duma, the lower chamber of the Russian Parliament, Dec. 17 approved legislation to set a new deadline—Sept. 1, 2015—for companies to store all personal data of citizens of the Russian Federation in databases located inside Russia.

If enacted, the deadline would back off from the threat of a Jan. 1, 2015, compliance deadline for the data localization law that analysts had said would be “impossible” to meet.

In July, President Vladimir Putin signed into law a measure to require data operators to store all personal data of citizens of the Russian Federation in databases located inside Russia by Sept. 1, 2016.

The new law “will practically mean that the companies operating in Russia and dealing with individuals’ data (for example, retailers, social networks, those operating in international transportation, banking and other similar spheres) will be forced to place their servers within Russia if they plan to continue making business in the market,” Irina Anyukhina, a partner with the ALRUD law firm in Moscow, said in a Dec. 17 statement.

In a move some saw as a reaction to U.S. sanctions for Russia's actions in the Ukraine, the Duma Sept. 19 passed a previous bill that would have moved the compliance deadline to Jan. 1, 2015. That measure didn't clear Parliament.

The new bill will now be considered by the upper chamber of Parliament, the Council of the Federation.