Keeping Up With Data Compliance Laws: Russian User Data Must Only Be Held on Russian Servers

Russia has had a data storage and localization law for several years, but the war with Ukraine has exacerbated the country’s desire to crack down on American big tech.  So, the next time your lawyer asks details about the location of your servers and the location of your users, don’t think we’re just being nosy.

Auditing Users and Location of Servers

The Russian government has recently fined big tech companies such as Apple, Zoom, Airbnb, and Pinterest for failing to store data on Russian users in Russian servers (that is, servers physically located in Russia).  While the fines are not for large amounts, the focus on data localization is growing.  And growing quickly!  Of course, due to geopolitical reasons, there may exist a stronger focus toward specifically cracking down American enterprises.  Thus, American tech is on notice to properly audit its users and the location of its servers.

Data Compliance Programs, Jurisdictions, and Location-Based Laws

The legal landscape on the use and storage of data continues to evolve worldwide.  Starting with the GDPR in the European Union several years ago, the CCPA in California just in the past couple of years, and ongoing new laws enacted worldwide, tech companies have no choice but to implement strong data compliance programs, which must consider that each jurisdiction has its own law and compliance is inevitable to avoid problems such as fines.  These laws are generally driven by the location of the users, the location of the severs that process information, the location of servers that store information, third parties who have access to the data, and data use and deletion procedures.  Just like Russia has specific requirements about the data storage and use of data for Russian users, other jurisdictions have similar requirements, keeping the data privacy compliance industry very busy.

Key Takeaways on Data Compliance Laws and Russian User Data

Tech companies have a difficult task with understanding and abiding by data compliance laws worldwide because:

• data privacy laws continue to evolve worldwide with variances in different countries, states, regions;

• consumer location plays a part in which laws must be complied with requiring companies to either regulate who can be a consumer and/or keep track of all consumer jurisdictions and laws; and

• geopolitical reasons, such as the Russia-Ukraine war, can create an uptick in regulatory enforcement and sensitivity.

For more information about data compliance laws, see our Corporate Law & Commercial Transactions Legal Services and Industry Focused Legal Solutions pages.