The ABD (its members include Yandex, VK, Sberbank, Gazprombank,
Posted: Wed Jan 22, 2025 6:33 am
and suggests the possibility of imprisonment for up to 10 years for illegal collection or use of personal data.
In the current version of the document, the wording of the crime is vague and allows even a company employee responsible for security to be put behind bars, since his job description involves working with leaks of personal data, the ABD points out. According to experts, the amendments to the Criminal Code allow the owner of any website or AI developer to be held criminally liable
"Grave consequences"
Tinkoff Bank, Rosselkhozbank, finland whatsapp number database MegaFon, Rostelecom, Qiwi, Beeline, MTS, the Skolkovo Foundation, the Analytical Center under the Government of the Russian Federation, VTB, Avito, the Center for Strategic Research) proposed that deputies clarify the text of amendments to the Criminal Code that toughen penalties for data leaks and even establish criminal liability for violators for collecting or storing illegally obtained personal data. This is stated in the Association's letter dated December 26, 2023 to the State Duma Committee on State Building and Legislation (available to Forbes).
Amendments to the Criminal Code were submitted to the State Duma on December 4, 2023, by senators Andrei Turchak, Sergei Klishas, head of the Information Policy Committee Alexander Khinshtein and other deputies. According to them, the use, transfer, collection or storage of illegally obtained personal data is proposed to be punished with fines from 300,000 to 700,000 rubles or imprisonment for four to five years. If the investigation reveals "selfish interest", causing major damage, abuse of official position or the actions are committed by a group of people, the fine may be up to 1 million rubles, and the maximum term is up to six years. Strict measures are envisaged for those who risk transferring illegally obtained personal data abroad (meaning the export of an electronic medium with such information from the country). This is punishable by imprisonment for up to eight years with a fine of up to 2 million rubles.
If the use, transfer, collection or storage of illegally obtained personal data is carried out by a criminal group or this entails serious consequences, then the maximum term of imprisonment increases to 10 years, and the fine - up to 3 million rubles. By "serious consequences" legislators understand the disruption of the work of the organization, as well as the dissemination of personal data "with the purpose of causing harm to the life, health, property, rights and legitimate interests of a person and citizen, damage to defense, state security, law enforcement and other values protected by federal laws." At the same time, the amendments do not apply to cases of processing personal data "exclusively for personal and family needs."
The adoption of the document, according to its authors, will allow "effectively bringing to criminal responsibility criminals who commit crimes in the sphere of personal data." According to the estimates given in the explanatory note, as of December 2021, more than 20,000 databases with a total volume of more than 10 TB were circulating in the "darknet", containing personal data on 80% of the Russian population: "The black market for personal data is constantly growing, and the main sources of leaks are third-party criminals or employees of companies themselves who sell or give away their clients' confidential data for free."
In addition, the State Duma is currently considering amendments to the Code of Administrative Offenses, which provide for turnover fines for leaks of personal data.
Is there intent? What if I find it?
In the current version of the document, the wording of the crime is vague and allows even a company employee responsible for security to be put behind bars, since his job description involves working with leaks of personal data, the ABD points out. According to experts, the amendments to the Criminal Code allow the owner of any website or AI developer to be held criminally liable
"Grave consequences"
Tinkoff Bank, Rosselkhozbank, finland whatsapp number database MegaFon, Rostelecom, Qiwi, Beeline, MTS, the Skolkovo Foundation, the Analytical Center under the Government of the Russian Federation, VTB, Avito, the Center for Strategic Research) proposed that deputies clarify the text of amendments to the Criminal Code that toughen penalties for data leaks and even establish criminal liability for violators for collecting or storing illegally obtained personal data. This is stated in the Association's letter dated December 26, 2023 to the State Duma Committee on State Building and Legislation (available to Forbes).
Amendments to the Criminal Code were submitted to the State Duma on December 4, 2023, by senators Andrei Turchak, Sergei Klishas, head of the Information Policy Committee Alexander Khinshtein and other deputies. According to them, the use, transfer, collection or storage of illegally obtained personal data is proposed to be punished with fines from 300,000 to 700,000 rubles or imprisonment for four to five years. If the investigation reveals "selfish interest", causing major damage, abuse of official position or the actions are committed by a group of people, the fine may be up to 1 million rubles, and the maximum term is up to six years. Strict measures are envisaged for those who risk transferring illegally obtained personal data abroad (meaning the export of an electronic medium with such information from the country). This is punishable by imprisonment for up to eight years with a fine of up to 2 million rubles.
If the use, transfer, collection or storage of illegally obtained personal data is carried out by a criminal group or this entails serious consequences, then the maximum term of imprisonment increases to 10 years, and the fine - up to 3 million rubles. By "serious consequences" legislators understand the disruption of the work of the organization, as well as the dissemination of personal data "with the purpose of causing harm to the life, health, property, rights and legitimate interests of a person and citizen, damage to defense, state security, law enforcement and other values protected by federal laws." At the same time, the amendments do not apply to cases of processing personal data "exclusively for personal and family needs."
The adoption of the document, according to its authors, will allow "effectively bringing to criminal responsibility criminals who commit crimes in the sphere of personal data." According to the estimates given in the explanatory note, as of December 2021, more than 20,000 databases with a total volume of more than 10 TB were circulating in the "darknet", containing personal data on 80% of the Russian population: "The black market for personal data is constantly growing, and the main sources of leaks are third-party criminals or employees of companies themselves who sell or give away their clients' confidential data for free."
In addition, the State Duma is currently considering amendments to the Code of Administrative Offenses, which provide for turnover fines for leaks of personal data.
Is there intent? What if I find it?