Big Data Regulation in Russia
Big data is reality that has swept the modern digital society over the past few years. Each of us is a source of big data every day, leaving pieces of information on the Internet and when interacting with various structures and organizations.
Big data is usually understood as unprocessed large volumes of various information that is generated at high speed on the Internet, at government agencies, commercial organizations with the help of technical devices. Also, the term “big data” means technologies and methods of processing, systematizing and storing such data.
The value of big data is that it can be used to calculate, measure and use information, for example, for business - to make forecasts, target advertising offers, identify user needs, collect statistics and analytics, as well as carry out the most efficient state and corporate governance.
Here comes a reasonable question - who and how should regulate these processes, ensure data confidentiality and control their use?
Today in Russia there is no legal regulation of big data. Despite the fact that there have been several attempts to pass the relevant federal law, we are still on the way there. In July, a terminological standard was created: “Information Technologies. Big data. Review and Dictionary ", which formulated the main terms and definitions related to big data.
Nevertheless, most of the questions regarding the general idea of further legal regulation remain open - should it be complementary to the legislation on personal data or not? Will businesses have access to big data collected by the government?
Let us refer to foreign examples of big data regulation. For example, in the United States, one can note the sufficient flexibility of big data regulators, which, on the one hand, are controlled by the state, but at the same time, large corporations and start-ups have greater opportunities in this area. As for the legal regulation in Europe, there is still a single GDPR act, which covers all areas of data protection and does not differentiate between the protection of personal data and other types. In China, such issue can be traced to the centralization of state regulation.
In Russia, there are as many unresolved issues on the big data regulation vector as there are opinions on this matter. We have formulated the main questions, from the solution of which it will be clear in which direction our future legislation is moving:
- lack of consensus on the access to big data of government agencies by companies;
- difficulties in distinguishing between the big data regime and legislation on personal data;
- finding a balance between commercial interests, legislative regulation and the need to protect personal data of individuals.
Elizaveta Yakhnovets, TEAM leading legal counsel: Recently, TEAM took part in the legal assessment of a project related to the analysis of big data, which includes personal data. Despite the fact that the purpose of the project was not the collection and processing of personal data, and the analysis algorithms were configured in such way so to exclude the storage of personal data and their indication of the issued results, we came to the conclusion that the project operator company is the subject of personal data processing and must comply with the necessary procedures for the regulation of processes, internal control and registration with Roskomnadzor. We believe that if legislative regulation excluded the processing of data in the big data format from the list of operations recognized as the processing of personal data, it would have allowed specialists dealing with these issues to focus on the development of new technologies, and not on the observance of bureaucratic formalities, and would have contributed to the development of the industry in general.