On November 10, it was reported that Roskomnadzor (Russia’s Federal Service for Supervision of Communications, Information Technology and Mass Media) was unceremoniously blocking Russian citizens’ access to LinkedIn, the professional social networking site recently acquired by Microsoft for a hefty $26 billion.
A local court ruled that LinkedIn had violated Russia’s Personal Data Protection Act, which went into effect in September 2015. The law mandates that any company with online properties serving Russian citizens must store and manage data collected from those users’ within Russian borders.
Roskomnadzor stated that its intention in choosing to penalize LinkedIn in particular — which stands to lose 6 million users as a result — was driven purely by the desire to safeguard the data of internet users in Russia. Pundits will no doubt debate that in the coming months, but it’s no stretch to imagine that the decision may be, in part, a warning to even bigger tech players operating within Russian Federation borders. The message? The enforcement mechanism of their new law is not to be trifled with.
Pulling the lens back a bit, Russia’s court action illustrates a broad trend toward data localization across the world. The European Union has data localization laws in place, with other nations such as China following suit, and more legislation potentially coming online soon.
For businesses with customers in many countries that store consumer data in on-premise data centers in their home countries, or rely on cloud database solutions such as Amazon Web Services (a tech giant who does not currently operate in Russia) this obviously presents a major headache. As governments, businesses, non-profit organizations and consumers themselves debate what the internet should look like going forward, there is real and immediate pain for organizations that fall out of compliance with evolving data protection regulations.
At Gigya, we understand this pain and are in the business of solving it. Gigya’s cloud-based Customer Identity Management platform stores and manages customer data in compliance with local laws. Besides our ISO-certified security standards and mature,“privacy-by-design” architecture, we maintain four regional data centers, including a primary facility in Russia and a new facility in China scheduled to come online in 2017. This ensures that our clients can do business with their customers without having to fret over or scramble to meet regional data regulations — or to be victims of often harsh penalties.
Read more about Gigya and our primary data center in Russia in our blog.
By David Kerin