Regulator: The Federal Service for Supervision of Communications, Information Technology, and Mass Media ('Roskomnadzor')
Summary: Data protection in Russia is governed by several laws including the Law on Personal Data, which entered into force in 2006 and follows a similar approach to the EU's Data Protection Directive (Directive 95/46/EC). Other notable laws include Federal Law of 27 July 2006 No. 149-FZ on Information, Information Technologies and Protection of Information (only available in Russian here) ('the Law on Information').
Since its adoption, the Law on Personal Data has been amended on numerous occasions to include new data localisation requirements and to clarify the rules on consent, among other things. Most recently, the Federal Law of 14 July 2022 No. 266-FZ on Amending the Federal Law on Personal Data (only available in Russian here) ('the Amendment Law') was adopted to impose stricter obligations on domestic and foreign data operators in terms of how they interact with data subjects as well as processors, and demonstrate their compliance generally and specifically in the case of data transfers. The majority of the Amendment Law's provisions entered into effect on 1 September 2022, while others entered into effect on 1 March 2023.