FEDERAL SERVICE FOR SUPERVISION IN THE SPHERE OF TELECOM, INFORMATION TECHNOLOGIES AND MASS COMMUNICATIONS (ROSKOMNADZOR) Practice of the Authority for rights protection of the personal data subjects in the Russian Federation © ROSKOMNADZOR, 2013 RF Federal Assembly The President of the Russian Federation Function of Russian PDA public control (supervision) of conformity of personal data processing to the requirements of the legislation of the Russian Federation in the field of personal data Function of Russian PDA ROSKOMNADZOR keeping a register of operators processing personal data judicial claims activities international co-operation with the authorities to protect the rights of personal data subjects in foreign countries processing applications of personal data subject, making decisions by the results of this processing within their powers Protections citizens rights and legitimate interests sending annual Reports on the activities of the authority to the President of the Russian Federation, to the Government of the Russian Federation and Federal Assembly of the Russian Federation слайд preparation of proposals for improving the legal and regulatory framework for the protection of rights of personal data subjects Government of the RF Organization Chart of the Russian DPA for rights protection of personal data subjects Head of ROSKOMNADZOR Deputy Head of ROSKOMNADZOR Administration of rights protection of the personal data subjects Department of maintenance of the operators registry responsible for the personal data processing Department of law and methodical support Department of the personal data processing correspondence control 70 local bodies of ROSKOMNADZOR Total number of employees – 284 Independently realizes the rights and duties Possesses necessary labor, organizational, technical and financial resources Have its own independent budget 2011-2578236.4 th.RUR (≈62ml.€) 2012-10491353.6 th.RUR(≈250ml.€) 2013-11038400.2 th.RUR(≈263ml.€) слайд This status corresponds to the principle of independence of the authorized body, put in the text of the Additional protocol ETS № 181 to the Convention of the Council of Europe ETS № 108 Fundamental legislative and regulatory acts Council of European Convention for the protection of individuals with regard to automatic processing of personal data of 28 January 1981 ETS No 108 and its Additional Protocol ETSNo 181 Directive 95/46/ЕС of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data Directive 97/66/ЕС of the European Parliament and of the Council of 15 December 1997 concerning the processing of personal data and protection of privacy in the telecommunication sector Federal Law of 27 July 2006 No 152-FZ «On Personal Data» The federal law “On personal data” was amended in July 2011 with a view of clarifying the scope of the federal law, terms and definitions, used in the law, principles and conditions of personal data processing. Previous legislative rules, related to the conditions of state control, security of personal data processing, rights and duties of the personal data operator, as well as interrelations between operator and subject of personal data were considerably amended. RF Government Resolution of November 1st, 2012 No 1119 «On approval of the requirements for the protection of personal data during their processing in the personal data information systems» RF Government Resolution of September 15, 2008 No 687 «On approval of Regulations for Processing Personal Data without using automation» RF Government Resolution of July 6 ,2008 No 512 «On approval of requirements to the biometric personal data physical storage media and such data (outside informational systems) storage technologies» RF Government of the Russian Federation of March 21, 2012 of No 211 «On the approval of the list of the measures for ensuring implementation of the Federal law «On personal data» implementation and related municipal regulatory legal actss» слайд Order of the Ministry of Communication and Mass Media of the Russian Federation of November 14, 2011 No 312 “On approval of the Administrative provision of control procedure by the Federal Service for supervision in the sphere of communications, information technologies and mass communications while federal state control of the correspondence of personal data processing with the Russian Federation legislation requirements in the sphere of personal data” (obtained state registration 13 December 2012, No 22595) Order of the Ministry of Communication and Mass Media of the Russian Federation of December 21, 2011 No 346 “On approval of the Administrative provision by the Federal Service for supervision in the sphere of communications, information technologies and mass communication for the state function execution “Maintenance of the operator registry responsible for the personal data processing” (obtained state registration as of 29 March 2012 No 23650) Comparative analysis of Russian legislation and European trends in sphere of personal data The analysis of latest European trends in sphere of personal data shows that this trends are, in the majority, provided by new edition of the Federal Law «On personal data» and normative legal acts adopted in accordance with this Federal Law. It confirming that in Russia the system of the national legislation in sphere of personal data almost completely corresponds to the all-European requirements and approaches is created and won't demand soon essential changes Approaches to the state control (supervision) in the field of personal data Planning of priority categories of operators Unification of approaches to control and supervising activity Implementation of remote control Realization of measures of preventive character Improvement of a condition of protection of the rights of subjects of personal data Dynamics of the appeals received by the Russian DPA From the moment of imposing powers to protect the rights of personal data subjects Roskomnadzor has examined more than 12 000 applications of citizens 6000 Appeals received 5000 4000 3000 31% 2000 3720 1000 8317 0 69% not proved to be true proved to be true слайд Main results of activity (state control and supervision) 5831 personal data inspections were carried out from the moment of empowering Roskomnadzor to protect personal data subject rights, 6363 instructions on elimination of detected infringements in the field of the personal data were issued, 14452 administrative offense reports were drawn up by courts based on the materials presented by Roskomnadzor, Check penalties amounting more than 23 million RUR were imposed 6000 5359 4901 5000 4000 3000 2250 2000 2231 36% 1537 1370 1000 2094 1147 322 0 3737 2011 Inspections 2012 Regulations issues 254 3/31/2013 AO protocols 64% слайд scheduled inspections unscheduled inspections International efforts to curb Improper dissemination of personal data During two years the Russian DPA was submitted 109 inquiries to support the termination of the delegation or deletion of the personal data for 118 internet-resources to 15 foreign countries слайд Support is given in 62 cases, among them, activity of 34 internet-resources was ceased and in 28 cases the information contained the personal data was removed (more than 50% from total number of internetresources) Followed the criteria when preparing the order Availability of national legislation and (or) corresponded to provisions of Council of Europe Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data adopted branch-wise regulations (standards) in the sphere of processing and personal data protection List of the countries which personal information providing adequate protection Availability of sanctions and legal remedies provided Availability of the DPA слайд Rendering of assistance in suppression of illegal activity on processing of personal data in the subordinated territory and (or) in recovery of violated rights and legitimate interests of citizens of the Russian Federation on the basis of appeal of the Russian DPA слайд слайд Participation of Russian DPA in the international activity European Union OECD Russian DPA agreed the Draft Agreement on the drug precursors between the Russian Federation and EU Realization of common actions on transition to the visa-free regime for shortterm journeys of the Russian and EU citizens The implementation of the events plan in the frameworks of preparation to the Russian Federation' joining to the Organization for economic cooperation and development (OECD) Roskomnadzor Eurojust The negotiations on the Draft Agreement between Russia and Eurojust Europol The negotiations on the Draft Agreement between Russia and Europol слайд International Conference «Protection of personal data» (Moscow, Russia) 2010-2012 years participants: Albania, Armenia, Azerbaijan, Belarus, Bosnia and Herzegovina, Bulgaria, Chile, Croatia, Czech Republic, Estonia, Germany, Hungary, Kazakhstan, Kyrgyzstan, Latvia, Lithuania, Macedonia, Moldova, Montenegro, Ukraine, Poland , Romania слайд