Brother
Professional
- Messages
- 2,590
- Reaction score
- 526
- Points
- 113
The Association appealed to the deputies with a request to correct a number of provisions of the draft law.
The Big Data Association (ABD), which includes the largest Russian technology and financial companies, has asked State Duma deputies to clarify the text of amendments to the Criminal Code that toughen penalties for data leaks and even establish criminal liability for violators for collecting or storing illegally obtained personal data. This is reported by Forbes with reference to the letter of the association dated December 26, 2023 to the State Duma Committee on State Construction and legislation.
Amendments introduced on December 4, 2023 by a group of senators, provide for tougher penalties for leaks of personal data, up to criminal liability. According to the proposed amendments, for the use, transfer, collection or storage of illegally obtained personal data, it is proposed to introduce fines from 300,000 to 700,000 rubles or imprisonment for a term of four to five years. In case of detection of self-interest, major damage, use of official position or actions committed by a group of persons, the fine may reach up to 1 million rubles, and the term of imprisonment-up to six years). Particularly tough measures are provided for the transfer of illegally obtained data abroad (meaning the export of electronic media with such information from the country) - up to eight years in prison and a fine of up to 2 million rubles.
In the case of crimes committed by a criminal group or if this leads to serious consequences, the maximum term of imprisonment can be increased to 10 years, and the fine-up to 3 million rubles. "Grave consequences" means disruption of the organization's work and dissemination of personal data for the purpose of harming the life, health, property, rights and legitimate interests of a person and citizen, damage to defense, state security, law enforcement and other values protected by federal laws."
According to estimates provided in the explanatory note, as of December 2021, more than 20,000 databases containing personal data of about 80% of the Russian population were circulating on the darknet. The main sources of leaks are third-party attackers and employees of companies that sold or transmitted data.
In addition, the State Duma is also considering amendments to the Administrative Code that provide for turnover penalties for personal data leaks.
The DB supports the very idea of introducing responsibility for the collection and storage of personal information, but stressed that the composition introduced in the Criminal Code should be unambiguous, and hackers and those who sell databases should bear responsibility. In the current version of the draft law, the composition is formal and provides for penalties for collecting and storing personal data and does not depend on the presence of intent, the ABD explained. The Association proposes to introduce in the wording of the draft law a penalty for knowingly illegal collection, storage and use of personal data. This will eliminate cases of bringing to criminal responsibility persons who accidentally gained access to personal data, follows from the letter of the ABD.
It is also necessary to exclude the introduction of liability for employees of information security departments or expert institutions that study leaks or the resources on which they are hosted. They do this strictly for the purpose of monitoring security and preventing computer attacks on their own information resources.
The Ministry of Digital Development supported the bill. The State Duma Committee on Information Policy declined to comment. The State Duma Committee on State Construction and Legislation did not respond to a request from Forbes.
Experts interviewed by the publication generally support the concerns of the ABD. In their opinion, criminal liability can apply to any aggregator of user data, and the phrase " personal data obtained illegally "can be interpreted"extremely broadly".
In their opinion, the amendments make it possible to bring to criminal responsibility the owner of almost any site or AI developer — since he can use data for training without making sure whether he has legal grounds for this.
ABD unites the largest companies in the digital economy, such as Yandex, VK, Sberbank, Gazprombank, Tinkoff Bank, Rosselkhozbank, Megafon, Rostelecom, Qiwi, Beeline, MTS, the Skolkovo Foundation, the Analytical Center under the Government of the Russian Federation, VTB, Avito, the Center for Strategic Research and Development. others.
The Big Data Association (ABD), which includes the largest Russian technology and financial companies, has asked State Duma deputies to clarify the text of amendments to the Criminal Code that toughen penalties for data leaks and even establish criminal liability for violators for collecting or storing illegally obtained personal data. This is reported by Forbes with reference to the letter of the association dated December 26, 2023 to the State Duma Committee on State Construction and legislation.
Amendments introduced on December 4, 2023 by a group of senators, provide for tougher penalties for leaks of personal data, up to criminal liability. According to the proposed amendments, for the use, transfer, collection or storage of illegally obtained personal data, it is proposed to introduce fines from 300,000 to 700,000 rubles or imprisonment for a term of four to five years. In case of detection of self-interest, major damage, use of official position or actions committed by a group of persons, the fine may reach up to 1 million rubles, and the term of imprisonment-up to six years). Particularly tough measures are provided for the transfer of illegally obtained data abroad (meaning the export of electronic media with such information from the country) - up to eight years in prison and a fine of up to 2 million rubles.
In the case of crimes committed by a criminal group or if this leads to serious consequences, the maximum term of imprisonment can be increased to 10 years, and the fine-up to 3 million rubles. "Grave consequences" means disruption of the organization's work and dissemination of personal data for the purpose of harming the life, health, property, rights and legitimate interests of a person and citizen, damage to defense, state security, law enforcement and other values protected by federal laws."
According to estimates provided in the explanatory note, as of December 2021, more than 20,000 databases containing personal data of about 80% of the Russian population were circulating on the darknet. The main sources of leaks are third-party attackers and employees of companies that sold or transmitted data.
In addition, the State Duma is also considering amendments to the Administrative Code that provide for turnover penalties for personal data leaks.
The DB supports the very idea of introducing responsibility for the collection and storage of personal information, but stressed that the composition introduced in the Criminal Code should be unambiguous, and hackers and those who sell databases should bear responsibility. In the current version of the draft law, the composition is formal and provides for penalties for collecting and storing personal data and does not depend on the presence of intent, the ABD explained. The Association proposes to introduce in the wording of the draft law a penalty for knowingly illegal collection, storage and use of personal data. This will eliminate cases of bringing to criminal responsibility persons who accidentally gained access to personal data, follows from the letter of the ABD.
It is also necessary to exclude the introduction of liability for employees of information security departments or expert institutions that study leaks or the resources on which they are hosted. They do this strictly for the purpose of monitoring security and preventing computer attacks on their own information resources.
The Ministry of Digital Development supported the bill. The State Duma Committee on Information Policy declined to comment. The State Duma Committee on State Construction and Legislation did not respond to a request from Forbes.
Experts interviewed by the publication generally support the concerns of the ABD. In their opinion, criminal liability can apply to any aggregator of user data, and the phrase " personal data obtained illegally "can be interpreted"extremely broadly".
In their opinion, the amendments make it possible to bring to criminal responsibility the owner of almost any site or AI developer — since he can use data for training without making sure whether he has legal grounds for this.
ABD unites the largest companies in the digital economy, such as Yandex, VK, Sberbank, Gazprombank, Tinkoff Bank, Rosselkhozbank, Megafon, Rostelecom, Qiwi, Beeline, MTS, the Skolkovo Foundation, the Analytical Center under the Government of the Russian Federation, VTB, Avito, the Center for Strategic Research and Development. others.
