& Russian Law
The Constitution of the Russian Federation recognizes rights of privacy, data protection and secrecy of communications. Article 23 states, "1. Everyone shall have the right to privacy, to personal and family secrets, and to protection of one's honor and good name. 2. Everyone shall have the right to privacy of correspondence, telephone communications, mail, cables and other communications. Any restriction of this right shall be allowed only under an order of a court of law." Article 24 states, "1. It shall be forbidden to gather, store, use and disseminate information on the private life of any person without his/her consent. 2. The bodies of state authority and the bodies of local self-government and the officials thereof shall provide to each citizen access to any documents and materials directly affecting his/her rights and liberties unless otherwise stipulated under the law." Article 25 states, "The home shall be inviolable. No one shall have the right to enter the home against the will of persons residing in it except in cases stipulated by the federal law or under an order of a court of
According to the federal Law on Information, Informatization and the Protection of Information
governmental data resources are open for general use except for documented information of limited access (data relevant to state secrets and confidential information). Personal data is considered confidential information. The Law states, in particular, that collection, storage, use and distribution (processing) of information pertaining to the private life of a natural person without his or her permission, shall be prohibited, except for processing implemented on the basis of judicial
warrant. The term "personal data" and some guarantees for personal data protection appear in new laws, in particular, the Tax
Code, the Labor Code and the federal Law on Statements of Civil Status. Also, confidentiality of information has been mentioned in various laws relevant to professional
secrets. Russian federal laws establish over 30 types of classified data while other governmental regulations add about 10 types of data to the list. Approximately 45 laws of the Russian Federation have provisions concerning various classified
In Russia (especially in Moscow and St. Petersburg) illegal collection and distribution of data on private persons and organizations is quite commonplace. Quite popular are databases on purchase/sale of cars, car owners, passport data and foreign passport data of Russian citizens, data on real estate (purchase and sale of apartments, their parameters, location and proprietors), databases of taxpayers, information about people wanted for crimes and those who have been previously convicted. Cheap CDs with such databases are easily available on the streets and the Internet. In the beginning of 2003, Mobile Telesystems (MTS), a mobile phone company, suffered a massive security breach that led to the sale of CDs with MTS's entire database of several million customers. By law, MTS was required to share information about their customers with the police and government agencies. MTS claimed that the database had been stolen and that the company had started its own internal investigation without seeking help from law enforcement agencies. The company refused to provide details as to the results of this investigation, and the results of this investigation have not been announced. Widespread speculation and comments from an MTS spokesperson indicate that the data was leaked by a low-paid employee from one of these government
agencies. In May 2003, Russian media wrote about a similar database theft case in Saint Petersburg.
Russian legislation does not establish a central regulatory body for data protection. Some efforts are being carried out by regional ombudsmen, e.g., the Ombudsman of the region of Perm that initiated an investigation on the practices of a local communications company that used clients' phone numbers for commercial purposes. The Chamber of Appeals on Informational Conflicts, a quasi-judicial body which scope includes the protection of privacy, was also
active. This "structure" operated with the support of the mass media, and although its decisions were not binding, they were usually complied with The Chamber of Appeals was closed during President
The 1995 Communications Law protects secrecy of communications. A new version of this law came intro force on January 1, 2004. The tapping of telephone conversations, scrutiny of electronic communications, delay, inspection and seizure of postal mailings and documentary correspondence, receipt of information therein, and other restriction of communications secrets are allowed only with a court
order. The Law on Operational Investigation Activity that regulates surveillance methods used by secret services requires a court-issued
warrant. The law was amended in December 1998 by the State Duma. Guarantees for the protection of privacy were emphasized and additional controls imposed on prosecutors. Article 5 of the Law provides that an investigative structure must secure people's privacy. The Law also provides: "If one believes that some actions of bodies conducting operational investigation have infringed on an individual's rights or freedoms, the individual has the right to appeal to a court, a prosecutor, or to a higher body that carries out investigative activities." Article 6 of the federal Law on Federal Security Services of the Russian Federation has a similar
provision: "If a person has not been convicted during a legally established procedure, then all materials obtained during this operational investigation must be archived for a period of one year (in compliance with the Law on Operational Investigations) and subsequently deleted." However this provision is virtually revoked by the following addition: ". . . unless official interests or justice require
otherwise."In December 1999, the law was amended to allow surveillance by the tax police, Interior Ministry, Border Guards, the Kremlin Security Service, the Presidential Security Service, the parliamentary security services and the Foreign Intelligence
Service. In 2001 the following provision was added to the Law: "Audio recordings and other materials resulting from interception and wiretapping of the conversation of persons being out of criminal proceedings must be deleted within six months after the wiretapping is over with an appropriate
protocol. The judge must be notified three months before materials reflecting the results of operational investigations, implemented on the basis of a court warrant, are deleted." Disclosure of data that affects someone's privacy without his or her consent, is legally prohibited unless otherwise stipulated by federal laws. The Law on Federal Security Service of the Russian Federation contains no requirement for the deletion of data but stipulates that the information shall not be transferred to anyone else.
The Federal Security Service (FSB) has conducted phone tapping using the "SORM" system (or "System of Operative Investigative Activities"). In 1998 information about a new SORM-2 system that applies to the Internet was revealed. SORM-2 requires Internet Service Providers (ISPs) to install surveillance devices and high-speed links to local FSB departments which would allow the FSB to directly access Internet users' communications, although with a warrant
requirement. These rather expensive devices and links are to be paid for by the ISPs themselves. While most ISPs have not publicly resisted FSB's demands to install
SORM-2, one ISP in Volgograd, Bayard-Slaviya Communications, challenged the FSB's demands. The local FSB and the Ministry of Communications attempted to have their license revoked but backed off after the ISP challenged their decision in court.
The existence of SORM-2 was confirmed by the State Committee of the Russian Federation on Communication and Informization (Goskomsvyaz, now the Ministry of Communications) as Order No. 47 in March 27, 1999, and Order No. 130, in July 25, 2000, which was registered with the Ministry of Justice on August 9, 2000. Order No. 130 was immediately challenged in the Russian Supreme Court by Pavel Netupsky, a Saint-Petersburg journalist. Although the Court upheld SORM-2, it ruled part 2.6 illegal, and therefore made sure that ISPs would know whom the FSB is
monitoring. Netupsky lost on all other counts. SORM-2 has now been implemented, although FSB representatives have not provided any evaluation of how effective SORM-2 has been for the prevention and investigation of criminal activities, and there have been no announced arrests as of yet. Although the FSB insists that there have been no violations of privacy, its assertions cannot be verified as Russia lacks the appropriate supervisory and independent body to control FSB's activities. ISPs are used to avoid comments on any issues connected with SORM-2.
Governmental proposals concerning digital rights tend to be intrusive. In the beginning of April 2000, the Committee of the State Duma for Information Policy introduced a bill on Regulation of the Russian Segment of the Internet that raised many critiques. The Russian Internet community did its best to prevent this bill from becoming a law and suggested an alternative bill on the State Policy of the Russian Federation Pertaining to the Development and Use of the
Internet. On May 18, 2000, parliamentary hearings took place to discuss the bill and the legislation relevant to the Internet. Most of its participants agreed that there was "no need for a special law applicable to the
Internet." However, in June 2004, the Moscow major Yuri Luzkov published a contradictory article with the main idea of establishing control over the Internet. Soon afterwards Lyudmila Narusova, member of the higher chamber of the Russian Parliament, confirmed that appropriate law on the Internet is being prepared in the
The Federal Law on Commercial Secret was enacted on July 29, 2004. The law regulates the disclosure of commercial secrets and how its confidentiality can be protected. It also defines information that may not be considered "commercial secret," and establishes a list of information that may constitute commercial secret, including but lot limited to, the number of employees, the system of remuneration, labor conditions including safety arrangements, work-related injuries, occupational morbidity figures, and vacancies; as well as past infringements to the Russian Federation legislation and ensuing prosecutions. The law expressly stipulates that the owner of commercial secrets is the employer.
Anti-terrorist campaigns the United States government promoted worldwide after the terrorist acts of September 11, 2001 in New York and Washington have influenced Russian legislation. On December 20, 2000, the State Duma approved the amendments to federal laws on Terrorism and on Mass Media in first reading. Although these amendments did not specifically concern online privacy, they seriously limited distribution of "extremist materials" via the Internet (even though "extremism" and "extremist materials" were not defined in Russian law at the time). On April 30, 2002, the President announced a bill on Counteraction to Extremist Activities. The bill contained broad definitions of "extremist activities" and, some critics argued, enabled a wide range of public protest actions to be viewed as extremism. The first draft contained an article relevant to the Internet: ISPs were forced to censor materials on their servers and remove/block "extremist sites." This article was later replaced with the indistinct reference to other legislation and the controversial procedure of Internet monitoring and censorship was
dropped. After the terrorist attack in Moscow of October 2002 the State Duma quickly adopted several amendments to the laws on Mass Media and Terrorism, banning any distribution of information that could impede anti-terrorist
According to Article 53 of the new Federal Law on Communications, the data about telecommunications users are confidential and are protected by Russian legislation.
Russian legislation provides criminal liability for the invasion of privacy. The Criminal Code provides a penalty for violation of the immunity of private
life, violation of secrecy of communications, infringement of home
inviolability, The Criminal Code also provides liability for unauthorized access to legally protected computer
information, The Criminal Code provides with sentences ranging from fines, forced labor, arrest, to a ban on the right to hold certain positions or to be engaged in a certain activity and, in some cases, imprisonment for a period of up to 5
years. Maximum fine is as high as 800 "minimal legal monthly wage. "According to the Civil
Code, privacy is a legally protected non-property right. Attached to this right are personal dignity, personal immunity, honor and good name, business name, personal secret and family secret. If an individual suffers physical or moral damages by violation of his or her personal non-property rights or some other non-material welfare rights, as well as in other cases provided by the law, a court can force the person invading privacy to provide financial
compensation. The Administrative Code (effective since July 1, 2002) states that "infringement of a legally established procedure of collection, storage, use or distribution of information about citizens (personal data)" shall lead to a warning or
penalty. The Administrative Code also establishes liability for disclosure of information if access to it is restricted by federal
law. The illegitimate refusal by a public official to submit information to a person is also an administrative breach of the
The United Nations Human Rights Committee expressed concerns over the state of privacy in Russia in 1995 and recommended the enactment of additional privacy laws. It noted: "The Committee is concerned that actions may continue which violate the right to protection from unlawful or arbitrary interference with privacy, family, home or correspondence. It is concerned that the mechanisms to intrude into private telephone communication continue to exist, without a clear legislation setting out the conditions of legitimate interference with privacy and providing for safeguards against unlawful interference. The Committee urges that legislation be passed on the protection of privacy, as well as strict and positive action be taken, to prevent violations of the right to protection from unlawful or arbitrary interference with privacy, family, home or
The Fifth Periodical Report of the Russian Federation on the Implementation of the International Covenant on Civil and Political Rights provides that in the last four years 42 persons were convicted for violations of privacy, 61 for the violation of the secrecy of communications. According to the same source, the number of persons convicted for breaching the inviolability of the home for the same period is much higher (5,476 persons). This apparently shows the lack of legislation and enforcement required for the investigation of crimes related to the breach of privacy, as well as the lack of governmental oversight and independent institutions that could monitor how privacy laws are implemented. Law enforcement structures used to refer to the lack of legal grounds and, in particular, to the vagueness of the legal status of
"data. "The constitutional right of personal privacy is usually considered insufficient to provide a legal basis for criminal proceedings. People usually choose not to turn to courts when their privacy is violated for several reasons: lack of laws and procedures that could be effectively used by plaintiffs; monetary damages in all cases are usually small; people do not consider privacy as a fundamental right and do not believe it can be effectively protected from government
In January 2002, the government adopted the federal program "Electronic Russia" for the period 2002-2010. The program has provisions about freedom of search, access, transfer, production and distribution of information, and privacy safeguards for any legally protected information available on information systems For these purposes the authors of the program have proposed to elaborate an effective ground for regulations. This basis should extend to the regulation of issues of information security and realization of citizens' constitutional rights. However, the confidentiality was not mentioned as a major governmental policy issue. One of the tasks in this program is described as a "legal solution of the problems concerning performance of operational investigations through computer networks." Other program items include the electronic circulation of documents, business information security, etc. The Russian Ministry for Communication and Information and the Ministry for Economic Development and Trade of the Russian Federation are the leading coordinator for this program.
Russia has a national ID system. Each person above 14 years old must have a personal document (internal passport) that can be obtained at a local department of the Ministry of Internal Affairs. This Passport is used as the main ID document and is necessary for many activities, including the purchase of train and plane tickets. Each passport bears a residency permit stamp (the so-called propiska). Russian courts (including the Supreme Court in 1998) have asserted that this permission regime is unconstitutional. Moscow authorities insist that the propiska is only a notification procedure. However, for those attempting to move to Moscow, bureaucrats can make this registration a painful and complicated process. Without propiska it is difficult get a well-paid job, get full public medical aid, children cannot attend public schools, etc. Moscow police used to stop people at streets and fine them if they did not carry their
In recent years, officials, both at federal and Moscow levels, announced several times that a new system of electronic IDs would be introduced in the near future. According to these statements, the new system would supplement, and later replace, internal passports. In January 2004, the Russian Ministry of Economical Development announced its plans to build a national system that would connect existing major public databases through a new ID system. According to the Ministry, each newborn Russian will be assigned a unique ID. Other people will get their IDs too. No central database will be created but a new governmental body responsible for data processing may be created later on. Access to these databases is promised to be "easy" for common people The government hopes to implement this system in 2006.
Russia is a member of the Council of Europe (CoE) and has signed and ratified the European Convention for the Protection of Human Rights and Fundamental
Freedoms. The Russian Federation has signed the CoE Convention for the Protection of Individuals with Regard to Automatic Processing of Personal Data (ETS No. 108) but has not ratified
Russia participated in the negotiations on the CoE Convention on Cybercrime which was opened for signature in November 23,
2001. The Convention requires Member States to establish criminal offences under their domestic laws regarding various computer or computer-related crimes, including unauthorized access to a computer system and unauthorized interception of a data transmission. As of June 2004, Russia has not yet signed the treaty.
Autonomous Russian Republics
Constitutions of 10 (out of 20) republics of Russian Federation reproduce Articles 23, 24 and 25 of the Federal Constitution. The Constitution of Bashkortostan incorporates the addendum, admitting search only on the basis of a judicial warrant. In other cases there are fewer privacy safeguards than in the federal Constitution, or even no safeguards at all (Karelia, Kalmykia). There are no essential differences between the constitutions of the republics and federal privacy guarantees. The Constitution of Tyva contains an interesting article providing an opportunity to introduce legal limitations to the right to home inviolability by a Republican