You may be trying to access this site from a secured browser on the server. Please enable scripts and reload this page.
Home
Internal
Global
Contatto
it
Rödl & Partner ha prestato la propria consulenza per il perfezionamento dell'acquisizione del Gruppo italiano FGV da parte di Hettich |
In tutto il mondo
It looks like your browser does not have JavaScript enabled. Please turn on JavaScript and try again.
✕
Mondiale
Algeria
Angola
Arabia Saudita
Argentina
Australia
Austria
Azerbaigian
Bahrain
Belgio
Bielorussia
Bosnia ed Erzegovina
Botswana
Brasile
Bulgaria
Cambogia
Canada
Cile
Cina
Cipro
Colombia
Corea del Sud
Costa Rica
Croazia
Danimarca
Ecuador
Egitto
Emirati Arabi Uniti
Estonia
Etiopia
Finlandia
Flippine
Francia
Georgia
Germania
Ghana
Giappone
Grecia
Hong Kong
India
Indonesia
Irlanda
Italia
Kazakistan
Kenya
Kuwait
Lettonia
Libia
Liechtenstein
Lituania
Lussemburgo
Macedonia del Nord
Malesia
Marocco
Mauritius
Messico
Moldavia
Mongolia
Mozambico
Myanmar
Namibia
Nigeria
Norvegia
Nuova Zelanda
Oman
Paesi Bassi
Pakistan
Perù
Polonia
Portogallo
Qatar
Regno Unito
Repubblica Ceca
Romania
Serbia
Singapore
Slovacchia
Slovenia
Spagna
Sudafrica
Svezia
Svizzera
Taiwan
Tanzania
Thailandia
Tunisia
Turchia
Ucraina
Uganda
Ungheria
Uruguay
USA
Uzbekistan
Vietnam
Zambia
I nostri uffici Rödl & Partner
German Professional Services Alliance -
GPSA
�������������������������������������������������������������
(I colori appaiono al passaggio del mouse)
Utilizziamo cookie tecnici per personalizzare il sito web e offrire all’utente un servizio di maggior valore. Chiudendo il banner e continuando con la navigazione verranno installati nel Suo dispositivo i cookie tecnici necessari ai fini della navigazione nel Sito. L’installazione dei cookie tecnici non richiede alcun consenso da parte Sua. Ulteriori informazioni sono contenute nella nostra
Cookie Policy
.
Approfondimenti
Servizi
Whistleblowing
Data Protection
Servizi legali
Servizi fiscali
Servizi multipractice
Industry
Revisione contabile
Formazione
Professionisti
Media
Rödl E-Book
RÖDL REPLAY - I NOSTRI WEBINAR
Newsletter
Legal Newsletter
Tax Newsletter
Data Protection Bites
Comunicati stampa
Comunicati operazioni
Rödl E-Book
Rödl & Partner sulla stampa online
Eventi
Su di noi
Currently selected
E-Book INTERNATIONAL VAT GUIDELINES
Uno studio internazionale
Uno studio internazionale
Le nostre sedi
Impegno sociale
Whistleblowing
Codice Etico
Modello 231
Sostenibilità
Carriera
Media
Pubblicazioni
Newsletter
Data Protection Bites
Data Protection Bites 1/2021
No longer “accessible to the public”: new rules on personal data as of 2021
Recent
Italian (Italy)
Currently selected
Consulenza legale, Consulenza fiscale, Audit, Servizi in outsourcing
Approfondimenti
Carriera
Cookie Policy
Cookie Policy
Eventi
Home
Informativa Privacy
Media
Privacy Policy
Professionisti
Servizi
Uno studio internazionale
BPO - Business Process Outsourcing
no-it-version-available
Profile
Error 404!
Error 401!
No longer “accessible to the public”: new rules on personal data as of 2021
Page Content
published on 28 January 2021 | reading time approx. 5 minutes
On 30 December 2020, Law no. 519-FZ (Federal Law no. 519-FZ “On introduction of amendments to the Federal Law “On personal data” of 30 December 2020) introducing significant amendments to the Federal Law “On personal data” (the “Law on personal data”, “152-FZ”) was adopted. According to the legislator’s idea, the new rules, most of which will come into force on 1 March 2021, will be able to prevent uncontrolled misuse of personal data, in particular, those published on the Internet. The term of personal data accessible to the public is, inter alia, practically excluded from the 152-FZ, instead of which another term is introduced - “personal data permitted by the data subject for dissemination”. Such data is understood as information, in respect of which access to an unlimited number of persons was granted by the subject himself or at the request of the latter (Federal Law no. 152-FZ “On personal data” of 27 July 2006).
The new rules regulate the procedure for processing of personal data permitted for dissemination: in particular, a respective explicit consent of the subject will be required for their processing. Specific requirements for the content of such consent will later be determined by Roskomnadzor. At the same time, the 519-FZ from December establishes the operator’s obligation to provide the subject “with the opportunity to determine the list of personal data for each category of personal data specified in the consent.” I.e. the personal data in the consent will apparently be divided into categories, in each of which the corresponding items will be determined (e.g. contact information: e-mail address, telephone number, residence address etc.), and the subject will be able to make a choice in respect of each such item to permit dissemination of the listed data or not. Such consent can be obtained directly from the subject or by using the Roskomnadzor information system, which must yet be developed. It should be taken into account that the silence or inaction of the data subject under no circumstances shall be considered as consent.
In addition, according to the 519-FZ, the subject has the right to prohibit in the consent to processing the transfer of the indicated data by the operator to an unlimited number of persons, as well as to prohibit the processing or specify conditions for processing of this personal data by an unlimited number of persons. This, most likely, means the right of the subject to prohibit or determine conditions for the further dissemination of his data, e.g. for the provision of copies of the subject’s data to other persons by the operator. Thereby it is impossible to prohibit or determine conditions for the “granting of access” to the specified data, i.e. the possibility of taking insight into it. Information about the processing conditions and the established prohibitions must be published by the operator within three working days from the receipt of the corresponding consent.
The innovations also cover some mechanisms for protection of personal data permitted for dissemination. In particular, if the data turned out to be disclosed to third parties by the subject himself who did not give the operator his consent to the processing of this information, then those who carried out the processing will be obliged to prove the legality of further processing of such information. A similar rule is provided for information that was disclosed as a result of an offence, crime or force majeure.
In addition, the subject has the right to demand the termination of the processing of his data at any time. To do this, he will need to send a respective request to any person processing his data, or to go to court. Such request must contain the full name of the subject, his telephone number, e-mail or postal address, as well as the list of information, the processing of which should be stopped. The operator of the specified data is obliged to stop processing it within three working days from the receipt of the above-mentioned request or within the period determined by a court decision.
Thus, the new regulations will entail a number of changes in the field of processing of data falling under the category of the data “accessible to the public” according to the current version of the Law on personal data. It is assumed that the introduced mechanisms will limit the possibilities for inappropriate use of personal data, first of all those posted on the Internet, and will give additional rights and opportunities for subjects to protect their own data.
However, the provisions of the 519-FZ were criticized by a number of business representatives. In particular, members of the Big Data Association (BDA), which includes Yandex, Mail.ru Group, Sberbank, Gazprombank, Russian telecommunication operators and others, opposed the adoption of the law. Members of the BDA noted that the document can create legal uncertainty regarding the boundaries of the permitted use of data, for example, in cases when a person gives two social networks consent to the processing of personal data under different conditions. In addition, there are concerns that the new requirements may lead to additional costs for the media for improvement of interfaces, as well as complicate the work of companies using artificial intelligence and big data (
https://www.kommersant.ru/doc/4596208
). It also raises doubts as to whether foreign social networks like Facebook or Twitter, which previously unwillingly complied with the instructions of Roskomnadzor in respect of localization of personal data of Russians etc., will comply with the new regulations. In addition, the law does not establish specific sanctions for violation of the new requirements, which raises the question of liability for operators.
Recommendations for personal data operations
Operators should wait for Roskomnadzor’s approval of the requirements for the content of consent to the processing of data permitted for dissemination, publication of information about the new information system of the Federal Service, as well as further clarifications regarding the application of the new rules.
Until then, preparations should be made to comply with the new legal requirements. In particular, it is worth taking measures to introduce new forms of consent to data processing, introduce the necessary amendments to the company’s internal regulations and familiarize employees with the new rules.
CONTACT
Tatiana Vukolova
Lawyer
Associate Partner
+7 495 9335120
Invia richiesta
RÖDL & PARTNER RUSSIA
Discover more about our offices in Russia.
Read more »
DATA PROTECTION BITES
Our newsletter aims at collecting updates, news and insights on data protection matters worldwide, with a special focus on the GDPR.
Read all releases »
Turn on more accessible mode
Turn off more accessible mode
Skip Ribbon Commands
Skip to main content
Turn off Animations
Turn on Animations
Deutschland
Weltweit
Search
Menu
