On November 10, 2016, the Court of Appeal for Moscow’s Taginsky District upheld an August 2016 decision by the district’s lower court that LinkedIn had violated Russian data protection laws. Access to the professional networking site is now set to be blocked across Russia.
The court’s decision, which followed a complaint from the Russian data protection regulator, Roskomnadzor, found that LinkedIn violated Russian data protection law on two counts:
- not storing data about Russians on servers located in Russian territory; and
- processing information about individuals who are not registered on the LinkedIn website and who have not signed the company’s user agreement.
This is thought to be the first time Russia’s data localization law has been enforced since its entry into force in September 2015. The law requires that data relating to Russian citizens be stored on servers physically located inside Russia’s borders. Although LinkedIn does not have a physical presence in Russia, it operates a Russian-language version of its website, which was enough to convince Roskomnadzor and the court that the company is subject to Russian data protection legislation.
Media reports have cited Roskomnadzor’s claim that it contacted LinkedIn to inquire about its data localization practices, but did not receive a substantive response. LinkedIn, however, has argued that Roskomnadzor communicated with its U.S. office instead of LinkedIn Ireland, the entity responsible for the data of non-U.S. citizens. LinkedIn is reportedly eager to enter into dialogue with Roskomnadzor to find a solution to the issue, and also has the option to appeal the decision to the Russian Supreme Court.
Roskomnadzor has the power to block Russian individuals’ access to websites, and has stated that it plans to block access to LinkedIn. The site will be entered into a special registry of websites operating in violation of the data localization law, and will be blocked three business days after being entered into the registry.