Twitter is reviewing whether to store some user data in Russia

Twitter is considering localizing the storage of some of its Russian users’ personal data in order to comply with data localization laws, TechCrunch has confirmed.

The Moscow Times reported earlier today that Russian communications regulator Roskomnadzor has secured an agreement from Twitter to transfer Russian users’ data to local servers by mid-2018 — with the agency’s chief, Alexander Zharov, briefing press to say Twitter is currently “in the process of determining what information about Russian citizens and organizations in commercial relations with Twitter in Russia can be stored in the Russian Federation”.

Twitter declined to comment on the newspaper’s report, but a source familiar with the matter confirmed the report to us, saying Twitter is reviewing its compliance with the law, and may move some user data to servers located in the country. Currently the company stores no data in Russia.

Specifically, we’re told that Twitter is reviewing where it stores the data of Russian users who have a commercial relationship as advertisers on the platform. At this stage it remains a review. No guarantees have yet been given by Twitter that any Russian user data will be localized, according to our source.

The Russian law was passed in 2014 and came into effect in September 2015. So cracking down on foreign tech companies’ compliance does not appear to have been an especially accelerated priority for Russian authorities. Although, in recent times, the local federal executive body responsible for policing data and digital comms issues has pursued a legal route against LinkedIn to try to enforce compliance in its case. That culminated in the professional social network being blocked in Russia last November.

The data localization law is controversial, with the Russian government saying the legislation is a way to protect its citizens’ personal data, while critics claim it offers an easier route for the Russian government to access the data for itself.

Setting aside the controversy question, there’s also the issue of plain old uncertainty: A Q&A about the law on the Russian Telecoms Ministry’s own website concedes there’s legal uncertainty for companies about how to comply, and more so for foreign Internet companies with no physical presence in Russia.

Even so, some big tech firms have complied — including Apple and Google — while others such as Facebook and Twitter held out.

Last month Roskomnadzor continued its block of LinkedIn after the professional network continued to refuse to comply with the data localization law. So it’s possible the ongoing LinkedIn block may be concentrating minds at Twitter HQ, and encouraging the company to look for ways to offer some compliance concessions to the Russians to head off similar action.

It’s worth noting that Twitter as a rule does not require users to hand over a lot of personal data when they sign up to use the service — only an email address is required (although users can also provide more personal data voluntarily, such as their real name, a phone number and tag their location and tweets if they choose).

Users who advertise via Twitter may therefore be more obvious compliance targets for the law, given they will inevitably have to provide Twitter with more personal data than just an email address given they are also paying for advertising services.