Insight

COMPARING PRIVACY LAWS: GDPR V. RUSSIAN LAW ON PERSONAL DATA

COMPARING PRIVACY LAWS: GDPR V. RUSSIAN LAW ON PERSONAL DATA

Sergey Medvedev

Sergey Medvedev

February 19, 2021 03:58 AM

Introduction

The General Data Protection Regulation (Regulation (EU) 2016/679) ('GDPR') and the Federal Law of 27 July 2006 No. 152-FZ on Personal Data ('the Law on Personal Data') both aim to guarantee protection for individuals' personal data and apply to organisations that collect, use, or share such data.

In particular, both laws share similar provisions, for example, in relation to legal basis for processing. Under both the GDPR and the Law on Personal Data, data processing shall only be lawful if the data subject has given consent to processing, where processing is necessary for the performance of a contract, as well as for compliance with a legal obligation, among other things. In addition, the GDPR and the Law on Personal Data both outline fairly consistent cross-border data transfers obligations, providing that such transfers only take place to countries ensuring an adequate level of protection. Moreover, both laws are fairly consistent in relation to the appointment of a data protection officer ('DPO').

However, the Law on Personal Data differs from the GDPR in some significant ways, particularly with regard to definitions, controller and processor obligations, and territorial scope. Where the GDPR provides for the definition of both data controller and processor, the Law on Personal Data only refers to operators. The GDPR also grants special protection to children's personal data and sets out the minimum age of consent with regard to information society services, as well as appropriate measures for providing information to children. The Law on Personal Data does not grant special protection to children's personal data or outline similar specific requirements on the same.

Unlike the GDPR, the Law on Personal Data does not provide particular provisions on territorial scope. The GDPR outlines specific provisions on extraterritorial scope and applies to the processing of personal data of data subjects who are in the EU by a controller or processor not established in the EU, where the processing activities are related to the offering of goods or services or the monitoring of behavior.

The GDPR and the Law on Personal Data also differ greatly in terms of penalties, both financial and otherwise. The GDPR provides significantly larger financial penalties, of up to €20 million or 4% of global turnover, compared to those provided by the Code of Administrative Offences of the Russian Federation of 30 December 2001 No. 195-FZ ('the Code of Administrative Offences'), in which the maximum single administrative fine for violation of the Law on Personal Data is RUB 18 million (approx. €260,000). In addition, unlike the GDPR, the Law on Personal Data establishes that DPOs may incur administrative liability for non-compliance with the Law on Personal Data.

Notably, the Parliament of Russia adopted, in December 2020, Federal Law of 30 December 2020 No. 519-FZ on Amendments to the Federal Law on Personal Data, which amends the Law on Personal Data to introduce the concept of publicly available data. These amendments will enter into force partly on 1 March 2021 and partly on 1 June 2021.

This guide aims to assist organisations in understanding and comparing the relevant provisions of the GDPR and the Law on Personal Data, to ensure compliance with both pieces of legislation.

Structure and overview of the Guide

This Guide provides a comparison of the two pieces of legislation on the following key provisions:

  1. Scope
  2. Key definitions
  3. Legal basis
  4. Controller and processor obligations
  5. Individuals' rights
  6. Enforcement

Each topic includes relevant articles and sections from the two laws, a summary of the comparison, and a detailed analysis of the similarities and differences between the GDPR and the Law on Personal Data.

Key for giving the consistency rate

Consistent: The GDPR and Law on Personal Data bear a high degree of similarity in the rationale, core, scope, and the application of the provision considered.

Fairly consistent: The GDPR and Law on Personal Data bear a high degree of similarity in the rationale, core, and the scope of the provision considered; however, the details governing its application differ.

Fairly inconsistent: The GDPR and Law on Personal Data bear several differences with regard to scope and application of the provision considered, however its rationale and core presents some similarities.

Inconsistent: The GDPR and Law on Personal Data bear a high degree of difference with regard to the rationale, core, scope and application of the provision considered.

Usage of the Guide

This Guide is general and educational in nature and is not intended to provide, and should not be relied on, as a source of legal advice.

The information and materials provided in the Guide may not be applicable in all (or any) situations and should not be acted upon without specific legal advice based on particular circumstances.

Related Articles

Privacy Practice


by Casey Waughn

Data protection is all the rage among tech companies and state, national (and even transnational) governments alike. Is it a passing fad or here to stay? And how should businesses and groups of all sizes handle compliance with a blizzard of new laws?

Data Protection Prompt New Privacy Laws

Trending Articles

Announcing the 2023 The Best Lawyers in America Honorees


by Best Lawyers

Only the top 5.3% of all practicing lawyers in the U.S. were selected by their peers for inclusion in the 29th edition of The Best Lawyers in America®.

Gold strings and dots connecting to form US map

Best Lawyers: Ones to Watch in America for 2023


by Best Lawyers

The third edition of Best Lawyers: Ones to Watch in America™ highlights the legal talent of lawyers who have been in practice less than 10 years.

Three arrows made of lines and dots on blue background

The Best Lawyers in South Africa™ 2023


by Best Lawyers

Best Lawyers proudly announces lawyers recognized in South Africa for 2023.

South African flag

Could Reign Supreme End with the Queen?


by Sara Collin

Canada is revisiting the notion of abolishing the monarchy after Queen Elizabeth II’s passing, but many Canadians and lawmakers are questioning if Canada could, should and would follow through.

Teacup on saucer over image of Queen's eye

Famous Songs Unprotected by Copyright Could Mean Royalties for Some


by Michael B. Fein

A guide to navigating copyright claims on famous songs.

Can I Sing "Happy Birthday" in Public?

Announcing the 2023 The Best Lawyers in Canada Honorees


by Best Lawyers

The Best Lawyers in Canada™ is entering its 17th edition for 2023. We highlight the elite lawyers awarded this year.

Red map of Canada with white lines and dots

IN PARTNERSHIP

2022: Another Banner Year


by John Fields

Block O’Toole & Murphy continues to secure some of New York’s highest results for personal injury matters.

Three men in business suits standing in office

Wage and Overtime Laws for Truck Drivers


by Greg Mansell

For truck drivers nationwide, underpayment and overtime violations are just the beginning of a long list of problems. Below we explore the wages you are entitled to but may not be receiving.

Truck Driver Wage and Overtime Laws in the US

What the Courts Say About Recording in the Classroom


by Christina Henagen Peer and Peter Zawadski

Students and parents are increasingly asking to use audio devices to record what's being said in the classroom. But is it legal? A recent ruling offer gives the answer to a question confusing parents and administrators alike.

Is It Legal for Students to Record Teachers?

The Upcycle Conundrum


by Karen Kreider Gaunt

Laudable or litigious? What you need to know about potential copyright and trademark infringement when repurposing products.

Repurposed Products and Copyright Infringemen

Thirteen Years of Excellence


by Best Lawyers

For the 13th consecutive year, “Best Law Firms” has awarded the most elite and talented law firms across the country through a thorough and trusted data review process.

Red, white and blue pipes and writing on black background

Caffeine Overload and DUI Tests


by Daniel Taylor

While it might come as a surprise, the over-consumption of caffeine could trigger a false positive on a breathalyzer test.

Can Caffeine Cause You to Fail DUI Test?

Choosing a Title Company: What a Seller Should Expect


by Roy D. Oppenheim

When it comes to choosing a title company, how much power exactly does a seller have?

Choosing the Title Company As Seller

Announcing the 2022 Best Lawyers® in the United States


by Best Lawyers

The results include an elite field of top lawyers listed in the 28th Edition of The Best Lawyers in America® and in the 2nd Edition of Best Lawyers: Ones to Watch in America for 2022.

2022 Best Lawyers Listings for United States

Announcing The Best Lawyers in Australia™ 2023


by Best Lawyers

The results include an elite field of top lawyers and firms from Australia.

The Best Lawyers in Australia™ 2023

Announcing The Best Lawyers in Germany™ 2023


by Best Lawyers

The results include an elite field of top lawyers and firms from Germany.

Black, red and yellow stripes