Russia’s New Data Localization Law – A Real Security Concern or a Disguised Attempt to Boost Domestic Digital Development?

In September 2015, the Russian government put into effect a controversial law requiring Russians’ personal data to be stored on servers located within Russia, raising concerns among a huge number of foreign companies.

One year later, it is still hard to know what are the real motivations that pushed the Russian authorities to adopt such a measure and what could be the consequences, both for Russia and foreign companies directly or indirectly present in the country. 

A Desire to Protect Russian Citizens from Foreign Surveillance

Until the early 2010s, Russia had been criticizing the United States’ dominant position in Internet infrastructure and, backed by some allies such as China or Iran, had been pressuring the United Nations to break the status quo and enable member states to manage critical Internet resources themselves. But these were all unsuccessful attempts.

Russian authorities found some legitimacy in 2013, with former CIA agent Edward Snowden revealing the existence of numerous global surveillance programs run by the United States’ NSA (National Security Agency) in close cooperation with – amongst others – European partners. In order to ensure Russia’s “digital sovereignty” and that Russian’s personal data not be illegally encroached by foreign government agencies or companies, a series of amendments requiring that Russians' personal data be stored and processed exclusively on servers located within the Russian territory as from September 2016 were passed in July 2014. Nevertheless, a few months later Russian President Vladimir Putin put even more pressure on foreign companies when he announced that these requirements should be met by September 2015, thus raising a wave of concern and protest through foreign IT companies operating directly – or indirectly – in the country.

A Desperate Race Against the Clock for Foreign Companies

Thus, a race against the clock began for foreign companies wishing to maintain operations in Russia as they only had a few months to comply with these new requirements or, in some cases, to negotiate with the Federal Service for the Supervision of Telecommunications, Information Technologies and Mass Communication – also known as “Roskomnadzor” – to be given some extra time.

This has been the case for some Internet giants such as Google, Facebook, Twitter, Apple or LinkedIn, which were logically reluctant to pay the extra costs of renting space in already existing data centers or even opening new ones in Russia. While some of them – for example, Apple –  decided not to take further risks, others preferred to “wait and see” what would happen in case of non-compliance, relying on their lobbying power to benefit from some special treatment. 

PHOTO: Reuters

But it was a shock for these companies when Roskomnadzor announced on November, 17^th that it officially banned LinkedIn after a Moscow court confirmed the world’s largest job searching engine was violating the law, thus denying access to the platform to more than 5 million Russian users.This is a highly symbolic move from the Russian authorities, which want to use LinkedIn’s ban as a way to push other major players such as Facebook or Twitter to negotiate. 

Many Still Wonder About Russia’s Real Motivations

It is still very hard to estimate the potential influence of LinkedIn’s ban on further negotiations between Roskomnadzor and IT companies that have not complied with the Russian authorities’ requirements yet.

What seems more obvious are Russia’s motivations, both from a political and an economic point of view. The main reason why some Internet giants such as Facebook or Twitter are still dragging their feet is their fear that these measures be a tool used by the Russian authorities for tighter control over the contents that are published and, thus, to curtail freedom of information.

But some theories go even further and see Russia’s data localization law as a subtle way to boost domestic digital development in the short and and in the long term. First, these measures would foster the creation of IT jobs in Russian companies as well as investments in the sector, especially due to the creation of data centers throughout the country. In the long term, some specialists, such as Hosuk Lee-Makiyama, director of the European Center for International Political Economy (ECIPE), see these measures as a try from Russia to create a “barrier for foreign companies exporting to Russia”, thus enabling local players to increase their share on the domestic market.  

But does Russia really have the potential to take advantage from this policy? Only time will tell.

Augustin C.