As part of the European strategy for data, the European Commission proposes a set of measures to “foster the availability of data.” A part of them, published on November 25, focus on “increasing trust in data intermediaries and strengthening data-sharing mechanisms across the EU.”
These measures are aligned with the consumer protection requirements under the General Data Protection Regulation (GDPR) of 2016. Two types of data governance are covered: commercial and non-commercial (free).
As far as commercial user data are concerned, the EU will allow companies to share them only through an independent intermediary in charge of transmitting the data securely.
Mainly designed to regulate the activity of US digital giants, such requirements will also affect Russian businesses, believes Alexander Zhuravlev, chairman of the commission for legal support of digital economy of the Moscow branch of the Association of Lawyers of Russia. The project will create restrictions on international data transfer as Russia’s level of data protection does not meet the EU requirements.
“Only the European offices of Russian companies will be able to participate in the data exchange: they will have access to vast volumes of useful data, but will not be able to share them freely with their headquarters,” the expert said in an exchange with Russian business daily Kommersant.
EU GDPR vs. Russian ‘Big Brother law’
Data exchange between Russia and the EU is already difficult today due to the lack of compatibility between the GDPR and Russian legislation. In this context, cross-border exchanges tend to take the form of data analysis reports, without transferring data as such, notes Alexey Neyman, the Executive Director of the Russian Big Data Association.
A variety of Russian digital companies may be interested in developing real data exchange — in particular, such online travel agencies as Aviasales and OneTwoTrip, Russian air carriers, marketplaces with international activity like Ozon and Wildberries, the webmail and gaming services which Yandex and Mail.ru Group make available to EU residents, as well as some Russian AI and Big Data operators.
A fully internationalized Russian company, Kaspersky Lab has already moved its data processing and storage infrastructure to Switzerland, as far as its European users are concerned. This country has an agreement with the EU, which considered its level of protection of personal data to be appropriate.
