Advertisement
Live broadcast

Russia has toughened penalties for leaking personal data. What you need to know

State Duma approved the law on negotiable fines for personal data leakage
0
Photo: IZVESTIA/Sergey Lantyukhov
Озвучить текст
Select important
On
Off

On November 26, the State Duma adopted a package of amendments to the Administrative and Criminal Codes to strengthen liability for personal data leaks. The maximum fine for this will increase to 500 million rubles, and the illegal circulation of such information is punishable by up to five years in prison. What is now provided for liability for theft and leakage of personal data - in the material "Izvestia".

Amendments to the Administrative Code

- The first law on amendments to the CAO provides for fines, accrued depending on the volume of leakage. For the dissemination of data up to 10 thousand subjects (persons who own the data and who can be identified by them. - Ed.) individuals will be fined from 100 thousand to 200 thousand rubles, officials - up to 400 thousand rubles, and legal entities - from 3 million to 5 million rubles. For the leakage of up to 100 thousand subjects of personal data, those responsible for it will be obliged to pay up to Br300 thousand, up to Br500 thousand and from Br5 million to Br10 million respectively. And for mass leakage (more than 100 thousand subjects) sanctions will reach Br400 thousand, Br600 thousand and up to Br15 million.

- Separate amounts of fines will be introduced for the leakage of special categories of data. These include information on race and nationality, political views, religious or philosophical beliefs, information on health, intimate life, criminal record. Sanctions will range from Br300 thousand to Br15 million for different categories of people.

- Administrative responsibility is also threatened for the fact that the operator did not timely notify Roskomnadzor about the leak. The fine for this will be from Br5 thousand to Br300 thousand.

- For repeated data leakage the amount of payments will increase. For legal entities, the increase will be calculated in percentages. Thus, they will pay from 1 to 3% of the total amount of revenue received from the sale of all goods (works, services) for the calendar year preceding the one in which the offense was detected. At the same time, the amount of the fine shall not exceed RUB 500 million.

- If the actions or inaction of the operator resulted in unlawful transfer of personal data, the fine will be from Br100 thousand to Br10 million. It is also outlawed now to refuse to conclude or terminate a contract with a consumer because the latter refused to be identified or authenticated using his biometric data.

Amendments to the Criminal Code

- The second draft law introduces into the Criminal Code a provision on punishment for illegal use of a person's personal data. It threatens a fine of up to 300 thousand rubles or in the amount of the annual income of the offender. In some cases, this threatens forced labor or imprisonment for up to four years. If the data of minors, special categories of data or biometric information was stolen, the maximum fine may be Br700 thousand, and imprisonment - up to five years.

- A fine of up to 1 million rubles or a six-year prison term with the same fine as the maximum punishment will face persons who used personal data for mercenary purposes or caused serious damage to the victim. A group of persons who committed the offense by prior conspiracy will receive the same punishment.

- The harshest consequences are threatened in case of cross-border leakage of personal data, the theft of which was committed by an organized group or caused major damage to the victim - up to ten years in prison and a fine of up to 3 million rubles.

- These measures will not apply if it is a question of processing personal data for personal and family needs.

Why the responsibility for leaks has been toughened

- In the State Duma said about the increasing number of cases of treatment related to data leaks. According to politicians, a wide network of personal data trade is established on the black market. It contains information about about 80% of the Russian population. In 2023 alone, the damage from leaks amounted to about 8 billion rubles.

- According to Roskomnadzor, 110 cases of data leakage were identified in the first nine months of 2024. Most often they occurred at companies operating in the trade and services sectors. In order to minimize the consequences, the agency insisted on giving operators clear instructions on how to handle citizens' personal information.

Переведено сервисом «Яндекс Переводчик»

Live broadcast
Subscribe and get the news first
VK
Menu
Advertisement
RSS

Copyright for the iz.ru portal content visualisation system, as well as for the source data, including texts, photos, audio and video materials, graphic images, other works and trademarks, belongs to "MIC Izvestia" LLC

Partial quotation is possible only with a hyperlink to en.iz.ru

The site is operated with the financial support of the Ministry of Digital Development, Communications and Mass Media of the Russian Federation.

The advertiser is responsible for the content of any advertising materials posted on the portal.

The news, analytics, forecasts and other materials presented on this website do not constitute an offer or recommendation to buy or sell any assets.

Registered by the Federal Service for Supervision of Communications, Information Technology and Mass Communications. Certificates of registration Certificate of registration: EL № FS 77 - 76208 dated July 8, 2019. , Certificate of registration: EL № FS 77 - 72003 dated December 26, 2017.

All rights reserved © «MIC «Izvestia» LLC, 2025