The Russian government has submitted a proposal to the State Duma regarding the establishment of a special procedure for processing individual data from certain groups of citizens. This proposal also includes allowing law enforcement agencies to access databases of specific segments of the population in order to make adjustments, modifications, or terminate them. The document containing these provisions has been published in the Duma electronic database.
The initiators of the bill emphasize in the accompanying document that in this era of rapid scientific and technological progress, the protection of information about specific groups of people stored in information systems and databases, especially considering data processing and artificial intelligence, has become extremely important.
The bill aims to add a new article to the Law on Personal Data, which will establish special regulations for processing the personal data of individuals. The list of individuals subject to these regulations will be determined by the president. As part of this initiative, a register of personal data systems will be created starting from September 1, 2025. Each system will be assigned a specific category of significance. The Ministry of Cyphra will be responsible for exercising control over this register, while the Cabinet of Ministers will establish criteria for determining the significance of personal data information systems.
The Ministry of Defense, the Ministry of Internal Affairs, the Federal Security Service (FSB), the Federal Protective Service (FSO), and the Foreign Intelligence Service (SVR) will have the authority to request access to personal data information systems. They can also request clarification, extraction, depersonalization, blocking, deletion, or destruction of personal data. Additionally, these departments can require the restoration of clarified, extracted, depersonalized, or blocked personal data.
The bill also introduces amendments to the law “On Information, Information Technologies, and the Protection of Information.” The new provision aims to prevent the accumulation of data in state, municipal, and other information systems regarding the departmental affiliation of employees in the Ministry of Defense, the Ministry of Internal Affairs, the FSO, and the SVR. Law enforcement agencies will have the responsibility of overseeing these information systems and taking measures to remove or restrict access to information about the departmental affiliation of their employees. These amendments are expected to come into effect on March 1, 2024.
Starting from March 1, 2026, the proposal suggests prohibiting the operation of state, municipal, and other information systems included in the register, if no measures have been taken within six months to ensure access for law enforcement agencies.