The new law on personal data, developed in the EU, has raised as many questions as Russian law.
Today, December 15, EU regulators must adopt a new law on the protection of personal data. In the EU, this law has been discussed for four years. It should replace the current system of 28 disparate European laws. Regulators claim that the new law will tighten the rules for the protection of Internet users and reduce the costly bureaucratic red tape for companies.
During the preparation of the draft law, IT companies managed to soften several of the most controversial provisions of the law. They relate to the mandatory consent of the user to use the data, as well as warnings about electronic surveillance by government organizations.
However, some companies (engaged in cloud computing, selling online advertising and other Internet businesses) fear that adopting the law will increase their risks and increase costs when working in Europe.
')
"Companies may decide that innovating in the European market is too risky," explains Alexander Valen, director of Digital Europe's policy association (which includes dozens of companies, including Microsoft and Google).
EU officials continue to discuss the procedure for imposing fines on violators of new rules.
It was originally proposed to establish a maximum fine of 2% of the global revenue of the offending company. Parliament insisted on raising the fine to 5% of revenue. The governments of individual countries initially approved the option of the commission, but then agreed to raise the amount to 4%. It is expected that this option will be adopted, write "Vedomosti".
“If a violation is revealed only in a small European division of a transnational company, the entire company will be punished, entirely. It would be more fair to impose a fine in proportion to the size of the company's local business and the scale of the damage caused, ”says René Summer, director of government and business interaction at Ericsson.
There are also disagreements on other points of the law, including provisions on companies obtaining the user's consent to use the data, as well as the allocation of responsibility for violations. It is assumed that now the responsibility will lie not only on the companies collecting and using data, but also on the data centers and cloud storages with which these companies work.
After the adoption of new rules, companies will have to bring their business in line with them within two years.
On September 1, the updated law on personal data in Russia entered into force . The changes also concern security issues. However, apparently, in our country, security is more interpreted as protecting domestic users from foreign companies. Foreign firms operating in Russia and with citizens of the Russian Federation obliged to transfer servers with personal data to the territory of our country.
At the same time, the law permits the processing of personal data abroad in cases where the activities of companies are governed by international agreements - Alexander Zharov announced this yesterday. Thus, visa centers, air carriers and the media were thus withdrawn from the operation of the law.
Roskomnadzor, on behalf of the Prosecutor General’s Office, may begin to check companies if they receive the corresponding appeals from citizens who believe that the services process user data in violation of the law.
According to the head of Roskomnadzor, Alexander Zharov, the check will proceed as follows: “The inspector of [Roskomnadzor] comes to the company that works with personal data and says:“ Please, present documents confirming that the server capacities that store this data located on the territory of the Russian Federation. " The company replies: "Please." And in 99.9% of cases, this test ends. ”
If a violation is discovered, Roskomnadzor is obliged to transfer the case to the court to determine the amount of damage caused to Russian citizens. The punishment for violating companies is provided in two types: fine and blocking of the site.
The new edition of the Russian law caused not just criticism, but statements that it was impracticable: “For example, in the case of distributed information storage systems, when information is not physically localized on one server, but distributed around the world. That is, even the presence of the company's servers in the country does not guarantee that something meaningful is stored on its territory at all, ” wrote the Megamind user.
During the preparation of the draft law, IT companies managed to soften several of the most controversial provisions of the law. They relate to the mandatory consent of the user to use the data, as well as warnings about electronic surveillance by government organizations.
However, some companies (engaged in cloud computing, selling online advertising and other Internet businesses) fear that adopting the law will increase their risks and increase costs when working in Europe.
')
"Companies may decide that innovating in the European market is too risky," explains Alexander Valen, director of Digital Europe's policy association (which includes dozens of companies, including Microsoft and Google).
EU officials continue to discuss the procedure for imposing fines on violators of new rules.
It was originally proposed to establish a maximum fine of 2% of the global revenue of the offending company. Parliament insisted on raising the fine to 5% of revenue. The governments of individual countries initially approved the option of the commission, but then agreed to raise the amount to 4%. It is expected that this option will be adopted, write "Vedomosti".
“If a violation is revealed only in a small European division of a transnational company, the entire company will be punished, entirely. It would be more fair to impose a fine in proportion to the size of the company's local business and the scale of the damage caused, ”says René Summer, director of government and business interaction at Ericsson.
There are also disagreements on other points of the law, including provisions on companies obtaining the user's consent to use the data, as well as the allocation of responsibility for violations. It is assumed that now the responsibility will lie not only on the companies collecting and using data, but also on the data centers and cloud storages with which these companies work.
After the adoption of new rules, companies will have to bring their business in line with them within two years.
On September 1, the updated law on personal data in Russia entered into force . The changes also concern security issues. However, apparently, in our country, security is more interpreted as protecting domestic users from foreign companies. Foreign firms operating in Russia and with citizens of the Russian Federation obliged to transfer servers with personal data to the territory of our country.
At the same time, the law permits the processing of personal data abroad in cases where the activities of companies are governed by international agreements - Alexander Zharov announced this yesterday. Thus, visa centers, air carriers and the media were thus withdrawn from the operation of the law.
Roskomnadzor, on behalf of the Prosecutor General’s Office, may begin to check companies if they receive the corresponding appeals from citizens who believe that the services process user data in violation of the law.
According to the head of Roskomnadzor, Alexander Zharov, the check will proceed as follows: “The inspector of [Roskomnadzor] comes to the company that works with personal data and says:“ Please, present documents confirming that the server capacities that store this data located on the territory of the Russian Federation. " The company replies: "Please." And in 99.9% of cases, this test ends. ”
If a violation is discovered, Roskomnadzor is obliged to transfer the case to the court to determine the amount of damage caused to Russian citizens. The punishment for violating companies is provided in two types: fine and blocking of the site.
The new edition of the Russian law caused not just criticism, but statements that it was impracticable: “For example, in the case of distributed information storage systems, when information is not physically localized on one server, but distributed around the world. That is, even the presence of the company's servers in the country does not guarantee that something meaningful is stored on its territory at all, ” wrote the Megamind user.
Source: https://habr.com/ru/post/297302/
All Articles