Russia Moves To Ban Online Services That Don’t Store Personal Data In Russia

The Russian government has moved one step closer towards a “China-like” approach towards Internet services.

Last night, the Russian State Duma (parliament) passed the first bill requiring that the personal data of all Russians should be stored inside the country.

The effects of the bill, if passed, would be wide-ranging, touching just about every international service used by Russians. Essentially, it would mean that Facebook, Google or any other international online service — including apps — used by people in Russia would need to have physical servers inside Russia’s borders.

Furthermore, these non-Russian companies would not be allowed to send data outside the country unless they can provide certain guarantees on data storage inside the country. For those who do not, the state telecommunications agency Roskomnadzor will require carriers to restrict access to those services.

The bill also proposes amendments to laws covering personal information and data protection.

A rough Google translate version of the key part of the bill says:

“When collecting personal data, including through information and the internet telecommunications network, the operator is required to provide a record that the systematization, accumulation, storage, updating and retrieval of personal data of citizens of the Russian Federation, is held on databases located in the territory of the Russian Federation.”

If this law is enforced to the letter — it would take effect in September 2016 — it could mean a fundamental change to how both international and Russian tech companies use international hosting services, not to mention huge costs for implementing the changes.

We have reached out to Google, Facebook and other companies for their response to the ruling.

“We do not have any comment that we can share at this point,” a Google spokesperson told us in an emailed response.

The move to store data in Russia part of an ongoing, wider move by the country’s government to tighten the reigns around how the Internet is used.

Some of the moves have been made in the name of combatting piracy — as in the case of proposals that would allow for sites to be blocked over take-down requests from rightsholders.

And some of this is in the name of national security. Russia, as we all know, is where NSA whistleblower Edward Snowden is currently residing. His efforts have heightened awareness globally of how government agencies track average internet users’ data, unbeknownst to them, and raised questions of how other countries have proceeded on this front.

At the same time, Russian President Vladimir Putin’s government has been gaining a reputation for putting a tighter rein on the movement of free speech in the country, with allegations that some of those moves have been made specifically against those who hold positions contrary to the Kremlin’s.

In that context, it’s hard to parse what the real motivation is for this latest piece of legislation.

Other countries allow personal data to be stored on U.S. servers via “safe harbor” agreements, letting U.S. companies operate freely in Europe and vice versa.

Online companies have until September, 2016, when the bill is supposed to take effect, to meet the requirement, according to the legislation submitted by Communist lawmaker Alexander Yushchenko, and Liberal Democrats Andrei Lugovoi and Vadim Dengin.