United Russia proposed to give up to 10 years in prison for selling personal data abroad

United Russia deputies introduced bills to the State Duma to tighten liability for personal data leaks. Senator Andrei Turchak reported this. The amendments multiply penalties for leaks and also provide for imprisonment of up to eight years for transferring data abroad for sale. If the leak caused harm to the life and health of citizens, then up to ten years in prison.

“United Russia has submitted several bills to the State Duma that will toughen penalties for personal data leaks. They will introduce new administrative offenses and increase fines severalfold. In some cases, liability will be expressed in tens and hundreds of millions of rubles. For data thieves – up to ten years in prison,” Andrey Turchak wrote in Telegram channel.

Those who “export” the data of Russians abroad for “sale or transfer” may face up to eight years in prison. If the leak caused harm to the life and health of citizens or public safety, the term of imprisonment will increase to ten years in prison. Those who make business on leaks face up to five years in prison and a fine.

According to amendments to the Administrative and Criminal Codes, liability will increase along with the volume of leaked information. Fines will be higher if the most sensitive data, such as medical information, is leaked online.

Both professional cybercriminals and ordinary company employees can be brought to criminal liability. For officials, the fine will range from 800 thousand to 2 million rubles, for legal entities – from 3 million to 15 million. For a repeated violation, the amount of the fine can increase to hundreds of millions of rubles, depending on the company’s revenue.

The senator believes that current fines in the amount of 100–300 thousand rubles. for legal entities, they do not encourage companies to protect clients’ personal data. As a result, according to him, the personal data of 80% of the Russian population is on the black market, and the damage from such leaks last year alone amounted to about 8 billion rubles.

A bill that would toughen penalties for leaking personal data has been discussed since spring 2022. According to sources “Vedomosti”the discussion of the amendments was complicated by disagreements on the issue of introducing compensation for victims of leaks.

In October of this year, the business community sent a letter to Vice Speaker of the State Duma Vyacheslav Volodin proposing to change the mechanism of turnover fines in the new bill. The companies proposed to increase fines for each repeated leak of personal data of clients, and not depending on the total amount of annual revenue.

Anastasia Larina