Confidentiality of Personal Data in Case of Cyberthreats

Despite the presence of the current legal regulation of personal data and their circulation on the Internet, Russia has recently become one of the leaders in personal data leaks. It turns out that the right to confidentiality and the right to protection of personal data are not implemented in the digital environment due to the susceptibility to cyberattacks and the lack of appropriate measures and guarantees in this field. The Russian legislator establishes the obligations of the operator of personal data, including the obligation of the operator to notify the authorized body of the leakage of personal data, as well as administrative, criminal and civil liability for their disclosure. However, there are no effective mechanisms that would prevent leaks and other disclosure of personal data in a preventive manner and would allow full compensation for the damage caused to individuals. The legal doctrine proposes to strengthen the penalties for violations in the field of personal data and specify the possibility of compensation for moral damage to a person who has suffered from a leak. The author’s approach is to provide for the need to check the operator’s activities for violations that led to the leakage of personal data (post-control), as well as to introduce a compliance system that allows preventive prevention of leakages and other violations in the field of personal data (a priori control), and train employees to minimize the risks of disclosure and other illegal use of personal data.

1. Rosikov A. Soglasie na Rasprostranenie Personal’nyh Dannyh: Novye Trebovaniya [Consent to the Dissemination of Personal Data: New Requirements], Kadrovaya Sluzhba i Upravlenie Personalom Predpriyatiya, 2021, vol. 6. SPS «Konsul’tantPlyus». (in Russ.)

2. Savel’ev A. I. Nauchno-Prakticheskij Postatejnyj Kommentarij k Federal’nomu Zakonu «O Personal’nyh Dannyh» [Scientific and Practical Article-by-Article Commentary on the Federal Law “On Personal Data”]. 2-e izd., pererab. i dop. Moscow, Statut, 2021. SPS «Konsul’tantPlyus». (in Russ.)

3. Barkov A. V., Kiselev A. S. Pravovoe Obespechenie Informacionnoj Bezopasnosti: Instrumenty Protivodejstviya Kiberugrozam [Legal Support of Information Security: Tools to Counter Cyber Threats], Zhurnal Prikladnyh Issledovanij, Pravo, 2022, pp. 91–96. (in Russ.)

4. Gribanov A. A. Obshchij Reglament o Zashchite Personal’nyh Dannyh (General Data Protection Regulation): Idei dlya Sovershenstvovaniya Rossijskogo Zakonodatel’stva [General Data Protection Regulation: Ideas for Improving Russian Legislation], Zakon, 2018, vol. 3, pp. 149–162. (in Russ.)

5. Savel’ev A. I. Problemy Primeneniya Zakonodatel’stva o Personal’nyh Dannyh v Epohu «Bol’shih Dannyh» (Big Data) [Problems of Application of Legislation on Personal Data in the Era of “Big Data”], Pravo. Zhurnal Vysshej shkoly ekonomiki, 2015, vol. 1, pp. 43–66. (in Russ.)

6. Nohrina M. L. Ponyatie i Priznaki Nematerial’nyh Blag: Zakonodatel’stvo i Civilisticheskaya Nauka [The Concept and Signs of Intangible Benefi ts: Legislation and Civil Science], Izvestiya Vysshih Uchebnyh Zavedenij. Pravovedenie, 2013, vol. 5, pp. 143–160. (in Russ.)

7. Arhipov V. V. Problema Kvalifi kacii Personal’nyh Dannyh kak Nematerial’nyh Blag v Usloviyah Cifrovoj Ekonomiki, ili Net Nichego Bolee Praktichnogo, Chem Horoshaya Teoriya [The Problem of Qualifying Personal Data as Intangible Goods in the Digital Economy, or there is Nothing More Practical than a Good Theory], Zakon, 2018, vol. 2, pp. 52–68. (in Russ.)

8. Rozhkova M. A., Glonina V. N. Personal’nye i Nepersonal’nye Dannye v Sostave Bol’shih Dannyh [Personal and Non-Personal Data as Part of Big Data]. Pravo Cifrovoj Ekonomiki 2020. Ezhegodnik-Antologiya. Ser. «Analiz Sovremennogo Prava / IP & Digital Law», ruk. i nauch. red. M.A. Rozhkova. Moscow, Statut, 2020. Pp. 271–296. (in Russ.)

9. Uroshleva A. Kommercializaciya Personal’nyh Dannyh i Ponyatie «Big Data» - Zlobodnevnye Voprosy IT-Sfery [Commercialization of Personal Data and the Concept of “Big Data” are Topical Issues in the IT Sphere]. Garant.ru. Novosti i Analitika. Analiticheskie Stat‘i. 22 November, 2018. URL: https://www.garant.ru/article/1229761/.

10. Soldatova V. I. Zashchita Personal’nyh Dannyh v Usloviyah Primeneniya Cifrovyh Tekhnologij [Protection of Personal Data in the Context of the Use of Digital Technologies], Lex russica, 2020, vol. 2, pp. 33–43. (in Russ.)

11. Soldatova V. I. Novye Zakonodatel’nye Mery po Zashchite Personal’nyh Dannyh [New Legislative Measures to Protect Personal Data], Pravo i ekonomika, 2023, vol. 3. SPS «Konsul’tantPlyus».

12. Baldynova A. Personal data // Administrative Law. 2020. № 4. P. 23–24. (in Russ.)