|
Privacy
Policy & Russian Law
The
Constitution of the Russian Federation recognizes rights of privacy,
data protection and secrecy of communications. Article 23 states, "1.
Everyone shall have the right to privacy, to personal and family
secrets, and to protection of one's honor and good name. 2. Everyone
shall have the right to privacy of correspondence, telephone
communications, mail, cables and other communications. Any restriction
of this right shall be allowed only under an order of a court of law."
Article 24 states, "1. It shall be forbidden to gather, store, use and
disseminate information on the private life of any person without
his/her consent. 2. The bodies of state authority and the bodies of
local self-government and the officials thereof shall provide to each
citizen access to any documents and materials directly affecting his/her
rights and liberties unless otherwise stipulated under the law." Article
25 states, "The home shall be inviolable. No one shall have the right to
enter the home against the will of persons residing in it except in
cases stipulated by the federal law or under an order of a court of law.
According to the federal Law on Information, Informatization and the
Protection of Information governmental data resources are open for
general use except for documented information of limited access (data
relevant to state secrets and confidential information). Personal data
is considered confidential information. The Law states, in particular,
that collection, storage, use and distribution (processing) of
information pertaining to the private life of a natural person without
his or her permission, shall be prohibited, except for processing
implemented on the basis of judicial warrant. The term "personal data"
and some guarantees for personal data protection appear in new laws, in
particular, the Tax Code, the Labor Code and the federal Law on
Statements of Civil Status. Also, confidentiality of information has
been mentioned in various laws relevant to professional secrets. Russian
federal laws establish over 30 types of classified data while other
governmental regulations add about 10 types of data to the list.
Approximately 45 laws of the Russian Federation have provisions
concerning various classified data.
In Russia (especially in Moscow and St. Petersburg) illegal collection
and distribution of data on private persons and organizations is quite
commonplace. Quite popular are databases on purchase/sale of cars, car
owners, passport data and foreign passport data of Russian citizens,
data on real estate (purchase and sale of apartments, their parameters,
location and proprietors), databases of taxpayers, information about
people wanted for crimes and those who have been previously convicted.
Cheap CDs with such databases are easily available on the streets and
the Internet. In the beginning of 2003, Mobile Telesystems (MTS), a
mobile phone company, suffered a massive security breach that led to the
sale of CDs with MTS's entire database of several million customers. By
law, MTS was required to share information about their customers with
the police and government agencies. MTS claimed that the database had
been stolen and that the company had started its own internal
investigation without seeking help from law enforcement agencies. The
company refused to provide details as to the results of this
investigation, and the results of this investigation have not been
announced. Widespread speculation and comments from an MTS spokesperson
indicate that the data was leaked by a low-paid employee from one of
these government agencies. In May 2003, Russian media wrote about a
similar database theft case in Saint Petersburg.
Russian legislation does not establish a central regulatory body for
data protection. Some efforts are being carried out by regional
ombudsmen, e.g., the Ombudsman of the region of Perm that initiated an
investigation on the practices of a local communications company that
used clients' phone numbers for commercial purposes. The Chamber of
Appeals on Informational Conflicts, a quasi-judicial body which scope
includes the protection of privacy, was also active. This "structure"
operated with the support of the mass media, and although its decisions
were not binding, they were usually complied with The Chamber of Appeals
was closed during President Putin's presidency.
The 1995 Communications Law protects secrecy of communications. A new
version of this law came intro force on January 1, 2004. The tapping of
telephone conversations, scrutiny of electronic communications, delay,
inspection and seizure of postal mailings and documentary
correspondence, receipt of information therein, and other restriction of
communications secrets are allowed only with a court order. The Law on
Operational Investigation Activity that regulates surveillance methods
used by secret services requires a court-issued warrant. The law was
amended in December 1998 by the State Duma. Guarantees for the
protection of privacy were emphasized and additional controls imposed on
prosecutors. Article 5 of the Law provides that an investigative
structure must secure people's privacy. The Law also provides: "If one
believes that some actions of bodies conducting operational
investigation have infringed on an individual's rights or freedoms, the
individual has the right to appeal to a court, a prosecutor, or to a
higher body that carries out investigative activities." Article 6 of the
federal Law on Federal Security Services of the Russian Federation has a
similar provision: "If a person has not been convicted during a legally
established procedure, then all materials obtained during this
operational investigation must be archived for a period of one year (in
compliance with the Law on Operational Investigations) and subsequently
deleted." However this provision is virtually revoked by the following
addition: ". . . unless official interests or justice require
otherwise."In December 1999, the law was amended to allow surveillance
by the tax police, Interior Ministry, Border Guards, the Kremlin
Security Service, the Presidential Security Service, the parliamentary
security services and the Foreign Intelligence Service. In 2001 the
following provision was added to the Law: "Audio recordings and other
materials resulting from interception and wiretapping of the
conversation of persons being out of criminal proceedings must be
deleted within six months after the wiretapping is over with an
appropriate protocol. The judge must be notified three months before
materials reflecting the results of operational investigations,
implemented on the basis of a court warrant, are deleted." Disclosure of
data that affects someone's privacy without his or her consent, is
legally prohibited unless otherwise stipulated by federal laws. The Law
on Federal Security Service of the Russian Federation contains no
requirement for the deletion of data but stipulates that the information
shall not be transferred to anyone else.
The Federal Security Service (FSB) has conducted phone tapping using the
"SORM" system (or "System of Operative Investigative Activities"). In
1998 information about a new SORM-2 system that applies to the Internet
was revealed. SORM-2 requires Internet Service Providers (ISPs) to
install surveillance devices and high-speed links to local FSB
departments which would allow the FSB to directly access Internet users'
communications, although with a warrant requirement. These rather
expensive devices and links are to be paid for by the ISPs themselves.
While most ISPs have not publicly resisted FSB's demands to install
SORM-2, one ISP in Volgograd, Bayard-Slaviya Communications, challenged
the FSB's demands. The local FSB and the Ministry of Communications
attempted to have their license revoked but backed off after the ISP
challenged their decision in court.
The existence of SORM-2 was confirmed by the State Committee of the
Russian Federation on Communication and Informization (Goskomsvyaz, now
the Ministry of Communications) as Order No. 47 in March 27, 1999, and
Order No. 130, in July 25, 2000, which was registered with the Ministry
of Justice on August 9, 2000. Order No. 130 was immediately challenged
in the Russian Supreme Court by Pavel Netupsky, a Saint-Petersburg
journalist. Although the Court upheld SORM-2, it ruled part 2.6 illegal,
and therefore made sure that ISPs would know whom the FSB is monitoring.
Netupsky lost on all other counts. SORM-2 has now been implemented,
although FSB representatives have not provided any evaluation of how
effective SORM-2 has been for the prevention and investigation of
criminal activities, and there have been no announced arrests as of yet.
Although the FSB insists that there have been no violations of privacy,
its assertions cannot be verified as Russia lacks the appropriate
supervisory and independent body to control FSB's activities. ISPs are
used to avoid comments on any issues connected with SORM-2.
Governmental proposals concerning digital rights tend to be intrusive.
In the beginning of April 2000, the Committee of the State Duma for
Information Policy introduced a bill on Regulation of the Russian
Segment of the Internet that raised many critiques. The Russian Internet
community did its best to prevent this bill from becoming a law and
suggested an alternative bill on the State Policy of the Russian
Federation Pertaining to the Development and Use of the Internet. On May
18, 2000, parliamentary hearings took place to discuss the bill and the
legislation relevant to the Internet. Most of its participants agreed
that there was "no need for a special law applicable to the Internet."
However, in June 2004, the Moscow major Yuri Luzkov published a
contradictory article with the main idea of establishing control over
the Internet. Soon afterwards Lyudmila Narusova, member of the higher
chamber of the Russian Parliament, confirmed that appropriate law on the
Internet is being prepared in the Parliament.
The Federal Law on Commercial Secret was enacted on July 29, 2004.[24]
The law regulates the disclosure of commercial secrets and how its
confidentiality can be protected. It also defines information that may
not be considered "commercial secret," and establishes a list of
information that may constitute commercial secret, including but lot
limited to, the number of employees, the system of remuneration, labor
conditions including safety arrangements, work-related injuries,
occupational morbidity figures, and vacancies; as well as past
infringements to the Russian Federation legislation and ensuing
prosecutions. The law expressly stipulates that the owner of commercial
secrets is the employer.
Anti-terrorist campaigns the United States government promoted worldwide
after the terrorist acts of September 11, 2001 in New York and
Washington have influenced Russian legislation. On December 20, 2000,
the State Duma approved the amendments to federal laws on Terrorism and
on Mass Media in first reading. Although these amendments did not
specifically concern online privacy, they seriously limited distribution
of "extremist materials" via the Internet (even though "extremism" and
"extremist materials" were not defined in Russian law at the time). On
April 30, 2002, the President announced a bill on Counteraction to
Extremist Activities. The bill contained broad definitions of "extremist
activities" and, some critics argued, enabled a wide range of public
protest actions to be viewed as extremism. The first draft contained an
article relevant to the Internet: ISPs were forced to censor materials
on their servers and remove/block "extremist sites." This article was
later replaced with the indistinct reference to other legislation and
the controversial procedure of Internet monitoring and censorship was
dropped. After the terrorist attack in Moscow of October 2002 the State
Duma quickly adopted several amendments to the laws on Mass Media and
Terrorism, banning any distribution of information that could impede
anti-terrorist actions.
According to Article 53 of the new Federal Law on Communications, the
data about telecommunications users are confidential and are protected
by Russian legislation.
Russian legislation provides criminal liability for the invasion of
privacy. The Criminal Code provides a penalty for violation of the
immunity of private life, violation of secrecy of communications,
infringement of home inviolability, The Criminal Code also provides
liability for unauthorized access to legally protected computer
information, The Criminal Code provides with sentences ranging from
fines, forced labor, arrest, to a ban on the right to hold certain
positions or to be engaged in a certain activity and, in some cases,
imprisonment for a period of up to 5 years. Maximum fine is as high as
800 "minimal legal monthly wage. "According to the Civil Code, privacy
is a legally protected non-property right. Attached to this right are
personal dignity, personal immunity, honor and good name, business name,
personal secret and family secret. If an individual suffers physical or
moral damages by violation of his or her personal non-property rights or
some other non-material welfare rights, as well as in other cases
provided by the law, a court can force the person invading privacy to
provide financial compensation. The Administrative Code (effective since
July 1, 2002) states that "infringement of a legally established
procedure of collection, storage, use or distribution of information
about citizens (personal data)" shall lead to a warning or penalty. The
Administrative Code also establishes liability for disclosure of
information if access to it is restricted by federal law. The
illegitimate refusal by a public official to submit information to a
person is also an administrative breach of the law.
The United Nations Human Rights Committee expressed concerns over the
state of privacy in Russia in 1995 and recommended the enactment of
additional privacy laws. It noted: "The Committee is concerned that
actions may continue which violate the right to protection from unlawful
or arbitrary interference with privacy, family, home or correspondence.
It is concerned that the mechanisms to intrude into private telephone
communication continue to exist, without a clear legislation setting out
the conditions of legitimate interference with privacy and providing for
safeguards against unlawful interference. The Committee urges that
legislation be passed on the protection of privacy, as well as strict
and positive action be taken, to prevent violations of the right to
protection from unlawful or arbitrary interference with privacy, family,
home or correspondence.
The Fifth Periodical Report of the Russian Federation on the
Implementation of the International Covenant on Civil and Political
Rights provides that in the last four years 42 persons were convicted
for violations of privacy, 61 for the violation of the secrecy of
communications. According to the same source, the number of persons
convicted for breaching the inviolability of the home for the same
period is much higher (5,476 persons). This apparently shows the lack of
legislation and enforcement required for the investigation of crimes
related to the breach of privacy, as well as the lack of governmental
oversight and independent institutions that could monitor how privacy
laws are implemented. Law enforcement structures used to refer to the
lack of legal grounds and, in particular, to the vagueness of the legal
status of "data. "The constitutional right of personal privacy is
usually considered insufficient to provide a legal basis for criminal
proceedings. People usually choose not to turn to courts when their
privacy is violated for several reasons: lack of laws and procedures
that could be effectively used by plaintiffs; monetary damages in all
cases are usually small; people do not consider privacy as a fundamental
right and do not believe it can be effectively protected from government
interference.
In January 2002, the government adopted the federal program "Electronic
Russia" for the period 2002-2010. The program has provisions about
freedom of search, access, transfer, production and distribution of
information, and privacy safeguards for any legally protected
information available on information systems For these purposes the
authors of the program have proposed to elaborate an effective ground
for regulations. This basis should extend to the regulation of issues of
information security and realization of citizens' constitutional rights.
However, the confidentiality was not mentioned as a major governmental
policy issue. One of the tasks in this program is described as a "legal
solution of the problems concerning performance of operational
investigations through computer networks." Other program items include
the electronic circulation of documents, business information security,
etc. The Russian Ministry for Communication and Information and the
Ministry for Economic Development and Trade of the Russian Federation
are the leading coordinator for this program.
The notion of "privacy policy" has not yet become commonplace in Russia.
Few web sites ensure the privacy of their customers. ISPs take
appropriate measures to control spam after receiving consumer
complaints. Freeware and shareware programs for the protection of
personal privacy of Internet users are available on Russian servers.
Russia has a national ID system. Each person above 14 years old must
have a personal document (internal passport) that can be obtained at a
local department of the Ministry of Internal Affairs. This Passport is
used as the main ID document and is necessary for many activities,
including the purchase of train and plane tickets. Each passport bears a
residency permit stamp (the so-called propiska). Russian courts
(including the Supreme Court in 1998) have asserted that this permission
regime is unconstitutional. Moscow authorities insist that the propiska
is only a notification procedure. However, for those attempting to move
to Moscow, bureaucrats can make this registration a painful and
complicated process. Without propiska it is difficult get a well-paid
job, get full public medical aid, children cannot attend public schools,
etc. Moscow police used to stop people at streets and fine them if they
did not carry their propiska.
In recent years, officials, both at federal and Moscow levels, announced
several times that a new system of electronic IDs would be introduced in
the near future. According to these statements, the new system would
supplement, and later replace, internal passports.[44] In January 2004,
the Russian Ministry of Economical Development announced its plans to
build a national system that would connect existing major public
databases through a new ID system. According to the Ministry, each
newborn Russian will be assigned a unique ID. Other people will get
their IDs too. No central database will be created but a new
governmental body responsible for data processing may be created later
on. Access to these databases is promised to be "easy" for common people
The government hopes to implement this system in 2006.
Russia is a member of the Council of Europe (CoE) and has signed and
ratified the European Convention for the Protection of Human Rights and
Fundamental Freedoms. The Russian Federation has signed the CoE
Convention for the Protection of Individuals with Regard to Automatic
Processing of Personal Data (ETS No. 108) but has not ratified it.
Russia participated in the negotiations on the CoE Convention on
Cybercrime which was opened for signature in November 23, 2001. The
Convention requires Member States to establish criminal offences under
their domestic laws regarding various computer or computer-related
crimes, including unauthorized access to a computer system and
unauthorized interception of a data transmission. As of June 2004,
Russia has not yet signed the treaty.
Autonomous Russian Republics
Constitutions of 10 (out of 20) republics of Russian Federation
reproduce Articles 23, 24 and 25 of the Federal Constitution. The
Constitution of Bashkortostan incorporates the addendum, admitting
search only on the basis of a judicial warrant. In other cases there are
fewer privacy safeguards than in the federal Constitution, or even no
safeguards at all (Karelia, Kalmykia). There are no essential
differences between the constitutions of the republics and federal
privacy guarantees. The Constitution of Tyva contains an interesting
article providing an opportunity to introduce legal limitations to the
right to home inviolability by a Republican Law.
|
