Russian data localisation requirement tested in courts
27 April 2017
The Russian data protection authority (Federal Service for Supervision of Communications, Information Technology and Mass Media or Roskomnadzor) has recently initiated a case against LinkedIn Corporation in a Russian court.
According to the court materials available (although very limited), the Russian DPA claimed that the Company as the domain name owner of http://www.linkedin.com and http://linkedin.com breached the Russian personal data regulations (including the data localisation requirement effective from 1 September 2015) and, on that ground, the public access to the Websites needs to be blocked in Russia by including the Websites in the Russian Register of Offenders against Rights of Personal Data Subjects.
The Company did not send its representatives to participate in trials. The Russian court of first instance upheld the claim of the Russian DPA. The Company filed an appeal against the court decision, and the appeal is to be considered by the court on 10 November 2016. Since the court decision has been appealed, the public access to the Websites is still possible in Russia.
This case is the first attempt by the Russian DPA to enforce the Russian data localisation requirement and impose a penalty for its violation and, therefore, should be carefully monitored by other international market players.