Amendments on access of law enforcement agencies to databases were approved in the first reading

The State Duma on Thursday adopted in the first reading a government bill that will allow law enforcement agencies to gain access to various information systems and correct the personal data of their employees in order to protect them. The amendments were previously opposed by the Association of Russian Banks and the Big Data Association. For the deputies, consideration of this issue gave them a reason to raise the issue of protecting the personal data of ordinary citizens, including from “uncontrolled access by special services.” In response, the Ministry of Digital Development assured that this access will not be uncontrolled.

The bill, submitted to the Duma by the government on August 3, introduces a special procedure for processing personal data of certain categories of persons, the list of which will be determined by the president. In addition, the Ministry of Defense, FSB, FSO, SVR and the Ministry of Internal Affairs will receive direct access to state, municipal and other information systems, and the information contained there about the employees of these departments can be changed, anonymized or deleted. From March 1, 2026, the operation of such information systems will be prohibited if, within six months from the date of entry into the register, they do not take measures to ensure access to them by law enforcement agencies. The Cabinet of Ministers explained the initiative by the need to protect certain categories of Russians.

The Association of Banks of Russia (ADB) opposed the adoption of the bill and sent a negative review to the Ministry of Digital Development and to the Chairman of the Duma Committee on Information Policy, Information Technologies and Communications Alexander Khinshtein (United Russia). One of the ADB’s arguments was that the adoption of the law would lead to a violation of the constitutional rights of citizens by providing intelligence services with unlimited access to the personal data of individuals, including those not related to the security forces. The Big Data Association, which includes, in particular, Yandex, VK, Rostelecom and MegaFon, also did not like the initiative: they stated that the adoption of the law could lead to a violation of the integrity of information systems.

Deputy Head of the Ministry of Digital Development Alexander Shoitov, telling deputies about the bill, explained the need for its adoption by the “current situation”: “Leaks of data of protected persons, which can subsequently be used, including by foreign intelligence services, pose risks to their life and health, the defense of the country and the security of the state in in general, and especially in the current geopolitical situation, in connection with which the bill proposes to create a unified mechanism that will help minimize the possibility of disclosing data of certain categories of protected persons.”

Alexander Khinshtein said that the relevant committee supports the concept of the project, but it needs to be finalized by the second reading. The Committee does not agree with the norm, according to which the operator of the information systems registry will be the Ministry of Digital Development, which is not a law enforcement agency. In addition, according to the committee, the list of persons whose information can be encrypted should also include employees of the National Guard.

The deputies asked what measures the Ministry of Digital Development is taking to protect the data of not only security forces, but also all other citizens: such questions were asked by Andrei Alshevskikh (United Russia) and Nina Ostanina (Communist Party of the Russian Federation). Mr. Shoitov assured them that the ministry is “constantly carrying out relevant work” and, in particular, is preparing a bill to introduce turnover fines for leaks. Also in the works are amendments to the Law “On Personal Data” regarding the depersonalization of information.

Rosa Chemeris (“New People”) recalled the ADB’s concerns about the intelligence services’ access to the personal data of bank clients who are not included in the special list and did not consent to providing access to their data. “How are we planning to limit the uncontrolled access of our intelligence services to the data of other clients? And what kind of liability will be provided in case of misuse of these databases?” – she asked. The deputy minister replied that the access procedure will be determined by the Russian government, which “should limit the powers of the intelligence services to access relevant data.” “The bill stipulates that if any changes occurred that should not have happened, and this happened through the fault of security officers, then responsibility is assigned to them,” Mr. Shoitov tried to reassure the deputy. And Mr. Khinshtein added that the purpose of the bill is not to provide intelligence services with access to the personal data of an unlimited number of people, but to protect the data of people under state protection. He also said that a group of United Russia deputies and senators will soon introduce amendments to the Criminal Code on liability for leaks of personal data to the Duma.

However, not everyone was able to convince that there was no double bottom in the amendments: 323 deputies supported the adoption of the draft in the first reading, 13 abstained (all from the New People), 114 did not vote (including 39 United Russia members and the entire Communist Party faction) .

Ksenia Veretennikova