The Association of Lawyers of Russia concluded that the existing legislation of the Russian Federation on personal data carries a threat to the development of digital technologies in our country and therefore requires modernization.
On April 15, the Commission on the Legal Ensuring Digital Economics in the Moscow branch of the Association of Lawyers of Russia at the Moscow State University named after O.E. Kutafina (MGU) conducted a round table on the legal status of impersonal data in the context of the development of Big Data technologies.
The event began with the signing of 2 agreements on cooperation between the Commission with the Russian Arbitration Center and with Rakib, aimed at the formation of a comfortable legal environment for the development of a digital economy, as well as the possibility of proper dispute resolution in this area in the arbitration procedure (arbitration proceedings).
Analysis of a large data array, the use of Big Data technology creates tremendous business opportunities and individual public administration. At various conferences and forums, there is also an active discussion on the feasibility of regulating discomposed data as a separate entity, with the development of independent law, but experts argue that such a direction can harm the development of digital technologies in our country.
According to the Chairman of the Commission, the managing partner of the EBR legal company Alexander Zhuravlev, the uncertainty of the concept of «impersonal data» in the legislation of the Russian Federation on the PD, which covers, including information that is indirectly associated with a particular user creates barriers to the implementation of the National Program » Digital economy. «
Against the background of these risks, the optimal for the development of digital technologies in Russia, as noted by experts, is the modernization of existing legislation. During the round table, directions were allocated to change this legislation in order to adapt to new technological realities.
According to a member of the Commission, K.Yu.n., Senior Researcher, Associate Professor of the Department of Information Law, HSE, Alexander Savelev, Russia in the issue of regulating PD should be based on the experience of European colleagues as part of the implementation of GDPR policies and accounting for the provisions of the modernized Convention No. 108 » Protection of individuals with automated personal data processing. «
Experts also note the importance of changing a number of principles for processing PD operators. For example, as a change in the principle of destruction of data upon reaching the goal, it is proposed to use the possibilities of dewriting and anonymization of data, since in this form they also have value for processing. In addition, it is important to allow data processing for other purposes than the initial goal of the collection («secondary processing»).
In addition, the experts proposed changes in the requirements for the mechanism for obtaining consent from the user to process PD. They believe that to reduce the possibilities of manipulation with consent, it should be considered to consider the use of new approaches to providing data processing information operators. In their opinion, the receipt of consent must be intuitive, and in some cases, to interpret technical means. It is also necessary to regulate the guarantees of operators’ rights, when processing PDs in statistical or scientific purposes.
These measures are not an exhaustive list, but, according to the experts of the Commission, they are able to significantly reduce the risks and barriers related to the use of Big Data technologies in the Russian Federation.
Earlier the FSB also