LinkedIn has become the first major company to have access to its website in Russia blocked by the Russian Data Protection Authority, Roskomnadzor, following earlier Moscow Court decisions on 4 August and 10 November.
Russia’s data localisation law came into effect in September 2015 and requires websites collecting personal data of Russian citizens to store the data on servers located on Russian soil. (See our earlier blog here.) The law also granted Roskomnadzor a new power to block access within Russia to the website(s) of companies found to be in breach of requirements such as localised data storage.
On 17 November, Roskomnadzor exercised its new enforcement power by blocking access to LinkedIn throughout Russia. Reports suggest that LinkedIn argued that the data localisation law should not apply to its platform because LinkedIn itself does not have a presence in Russia and, in any event, its activity is directed internationally, not specifically to Russia so not “directed to” Russian users. The Russian language version of the website, which is available by default for users accessing the site from Russia, appears to have been influential in the platform being held to be subject to Russian law.
LinkedIn’s experience appears to herald the start of more concerted action by the Russian regulator. Roskomnadzor’s enforcement focus has just taken a seasonal turn (if not a festive spirit) with the prosecution of over 70 foreign websites offering children a chance to send an email addressed to Santa Claus.
These court rulings and subsequent enforcements will be of interest (if not concern) to many global businesses that engage with the Russian market. Some companies have already responded to the law by establishing servers in Russia; however, for others that had been taking a ‘wait and see’ approach, it may be time to add a few servers to the Christmas list (and 2017 IT budgets)!