Will Facebook and Twitter abide by the law on personal data storage, or could they ultimately be blocked in Russia like LinkedIn?
The suspense remains as the two companies failed again last week, more than three years after the law came to force, to prove their compliance with it.
Adopted in 2014 and applicable since September 2015, this law requires companies operating in Russia to store Russian users’ or clients’ personal data on servers physically located in the country. Numerous foreign and domestic players were concerned, including global players who tended to store their users’ data in borderless clouds (see white paper by EWDN and EY).
While many businesses — including Alibaba, AliExpress, Apple, and Google — have managed to transfer user data from foreign data centers to Russia, others refused or failed to comply so far, as exemplified by LinkedIn. In response, Roskomnadzor, the Russian telecom and Internet regulator, blocked access to this platform in November 2016, following a series of exchanges with the company and two court decisions.
Last month, on Dec. 18, Roskomnadzor formally required Facebook and Twitter — which so far had sent both positive and negative signals on the matter — to provide within 30 days substantive information on their compliance with the law.
The two companies did send answers on Jan. 18, but Roskomnadzor judged them to lack “concrete elements on factual compliance with the law or deadlines to apply its provisions in the future,” according to an official statement cited by the TASS news agency.
Thus, the regulator has announced administrative charges against Facebook and Twitter, solely exposing them to small fines, for the moment. Whether the Russian authorities could be bold enough to block access to these sites remains unknown, however, due to the high social impact of such a decision.