Private Russian news agency Interfax reported today, January 21, that Roskomnadzor is taking administrative action against Facebook and Twitter. Roskomnadzor – translated to English as the Federal Service for Supervision of Communications, Information Technology, and Mass Media – is both the country's telecommunications regulator and government censor.
Ostensibly at issue here is where Russian Twitter and Facebook users' data is stored. Russian law requires that its citizens' personal data be stored on servers within the country. The agency claims it sent a letter on December 17 instructing the social media companies to localize their databases; when no "concrete plans" were received, it announced it would move forward with administrative proceedings."
The referenced regulation, the New Data Protection Law, has been on the books since September 2015. Russia-based attorney Sergey Medvedev, writing for Thomson Reuters, summarizes how the country amended the existing Personal Data Protection Act:
"Specifically, the New Data Protection Law introduces an obligation on all data operators to ensure the recording, systematisation, accumulation, storage, change and extraction of personal data of Russian citizens with the use of data centres located in the territory of the Russian Federation in the course of collection of relevant personal data of individuals, including via the internet."
The law also gives Roskomnadzor the power to block websites that don't follow it.
As other outlets have pointed out, last week, Facebook took down Russia-based accounts that seemed similar to disinformation campaigns from the 2016 US election. This, then, could be part of a simple tit-for-tat dispute between big tech companies and the Russian state.
But the application of the law in this instance, combined with additional oversight of foreign web outlets such as the BBC, signals an openness toward cracking down on websites that host content critical of the country.
Moreover, centralized data collection and storage theoretically gives the agency the power to censor individuals. (There's reason for a bit of hesitation here. Medvedev states that the law doesn't ban the duplication of Russian data onto foreign servers – although it must be first processed in Russia.)
The intention behind the law – is it legitimately for protection or is it a censorship tool? – has implications for blockchain technology.
According to a 2019 report on blockchain and cryptocurrency regulation published by Global Legal Insights that features a chapter on Russia:
"Similarly to cryptocurrencies, there is no law at present specifically addressing blockchain technologies. However, the authorities do not view blockchain negatively. On the contrary, the use of blockchain technologies for the formation and implementation of 'smart contracts' is of great interest in Russia…"
Yet while it might not be specifically mentioned in law, public blockchains could easily run afoul of the New Data Protection Law. For a direct comparison, take other social media applications, such as Peepeth or Cent, which run atop the Ethereum blockchain. With transactions and data stored globally, rather than in a centralized database – let alone a centralized Russian database – such dApps, should they gain in popularity, invite scrutiny and/or shutdown from Roskomnadzor.
Questions have been asked about the regulation before. As the online magazine for global telecoms and cloud storage provider Orange wrote in July 2015, less than two months before the law took effect, "Both Russian and international companies [are] asking for more clarity on the law's guidelines and definitions; what is meant by 'personal data' and 'database' within the terms of the regulation, for example."
Medvedev has an answer: "Personal data is any information directly or indirectly related to an identified or identifiable subject."
With over 140 million Russian citizens, that's a wide net.