Russia maintains one of the world’s more stringent data localization laws, Federal Law No. 242-FZ, which applies to website operators both established in Russia and outside of Russia–if conducting business “aimed at the territory of Russia.” The latter criteria may be found where a website has a Russian-associated domain name (e.g., “.ru”), and demonstrates other intent to target the Russian market such as by accepting payment in rubles or advertising in Russia.
In June 2019 a bill to amend the localization law was submitted to the lower house of the Russian Federal Assembly. The bill seeks to establish the maximum fines for violations and repeated violations of the law (the latter being set to nearly 250,000 euros), which is seen by some as intending to further compel foreign companies’ compliance with the law. At present, the only appreciable consequence of non-compliance with the data localization law for such companies is the Russian data protection regulator, the Roskomnadzor, applying for a court order to effectively block access to the company’s website.
This alone is a serious threat, as LinkedIn discovered in November 2016 when the regulator succeeded in ordering major Russian ISPs to block access to the professional networking site–as remains the case–for non-conformance with the law. In light of the current law and its proposed changes, in-scope website operators (i.e., those targeting the Russian market) should ensure that any Russian residents’ personal data that they collect is processed through databases located in Russia. For more information and original sources for the draft localization law amendment, see here.
This update was provided by the TrustArc Privacy Intelligence News and Insights Service, part of the TrustArc Platform. To learn how you can get full access to the daily newsfeed, contact us today!
By Chris Babel
Two years ago we announced we were re-branding our company to TrustArc, to reflect our transformation into a comprehensive provider of technology solutions to automate and simplify privacy management.
Over the past two years, we have continuously enhanced our Privacy Technology Platform to help manage GDPR, CCPA, LGPD and other compliance requirements. Recent additions have been the Dashboard – a centralized location to manage privacy program KPIs; and the Privacy Profile – a streamlined resource to identify and manage the laws and regulations applicable to your organization. Both of these solutions are powered by the TrustArc Intelligence Engine and delivered in a visual, easy to use interface.
Today we are excited to announce we have received a $70 million Series D growth investment led by private equity firm Bregal Sagemount to further advance our leadership position in the privacy market. Our existing investors Accel Partners, Baseline Ventures, DAG Ventures, Icon Ventures and Industry Ventures will continue to retain significant stakes in our business.
We are very excited to bring on Bregal Sagemount as a strategic and financial partner. Given their prior success investing in market-leading, high-growth technology companies, we believe they are the right partner for the next phase of our growth. We have been building on our two decades of privacy leadership to design cutting edge technology solutions, and this significant growth investment will allow us to further help enterprises around the world navigate the rapidly evolving data privacy regulatory landscape.
We couldn’t have accomplished this without the help and assistance of others. To our customers who use our products and push us to improve every day, thank you. To our partners who integrate to make our products better or work with us in supporting customers, thank you. To our investors who have supported us to get this far, thank you. Most importantly, thank you to the TrustArc employees who push forward every day to make us a better and more successful company!
Stay tuned for many more exciting product announcements coming soon. If you have any questions, or would like to learn more about how the TrustArc can help you manage compliance and risk, please visit TrustArc Platform.