Russia Adopts Privacy Protection Legislation

August 8, 2006

On July 27, 2006, President Putin signed two information security laws that had been rushed though the Duma (Russian Parliament) in the final days of its most recent legislative session.  While the Constitution of the Russian Federation recognizes rights of privacy, data protection and communications, these laws go further to adopt a “need to know” freedom of information act.  They establish a right to privacy and a limited right of access to government information.  The laws are modeled after the European Union’s Data Protection Directive, and adopt an “opt-in” approach to the sharing of personal information, in contrast to the U.S.'s “opt out” approach.  By adopting these laws, Russia has positioned itself to defend any Western European boycott of Russian exports of personal information based upon a perceived deficiency in protections of such information.  However, until Russia’s laws have been certified by the EU as compliant with EU Privacy Directive standards, Russian personal data (i.e., employees of U.S. subsidiaries located there) should be treated the same as that of U.S. employees – by use of the safe harbor approach or use of the EU model contract.  Both laws become effective in 2007.

For more information on the new Russian privacy laws, contact Jane Shea at (513) 651-6961 or Joe Dehner at (513) 651-6949.

Additional Documents: