The Russian Duma recently set a new deadline for companies to localise their data processing of Russian citizens on Russian soil, while the data protection authority published an order removing Hong Kong and Switzerland from its ‘adequate privacy protection list’.
The Russian Duma has voted through, on a first reading, an accelerated effective date for the data localisation law, moving the deadline forward by a year to 1 September 2015. Previously, Federal Law No. 242-FZ, which amends Russia’s 2006 data protection statute and primary data security law (Laws 152-FZ and 149-FZ), had been proposed to come into force as early as 1 January 2015, from the initial deadline of 1 September 2016.
In addition, the Russian data protection authority (Roscomnadzor) issued a new order removing Hong Kong and Switzerland from a list of countries that meet privacy protection adequacy standards in Russia. Nothing in the order indicates a reason for the removal. The order becomes effective 25 December 2014. The list of adequate countries includes all members of the Council of Europe Convention 108 on Data Protection, as well as Australia, Argentina, Israel, Canada, Morocco, Malaysia, Mexico, Mongolia, New Zealand, Angola, Benin, Cape Verde, South Korea, Peru, Senegal, Tunisia and Chile.