On April 13, 2023, the Institute of Philosophy and Law of Novosibirsk National Research State University hosted a round table “Current problems of personal data protection and cybersecurity in the digital age”. Representatives of the leading higher educational institutions of Siberia took part in its work. The round table discussed a wide range of issues related to the difficulties of interpretation and application of legislation on the protection of personal data, ensuring security in cyberspace. Special attention was paid to the influence of modern achievements of science and technology on these processes, as well as the widespread use of digital technologies.

The article discusses the novelties of domestic legislation in the field of regulation of cross-border transfer of personal data. Differences in the notification and authorization procedures established depending on the presence / absence in the relevant state of an adequate level of protection of the rights of personal data subjects are analyzed. On the basis of a comparative legal study, the author comes to the conclusion that giving the Russian law on personal data an extraterritorial character corresponds to the latest trend that has developed in other legal orders (EU, USA, China).

   The article deals with the issues of the criminal legislation of the Russian Federation on liability for crimes in the field of cybersecurity. The author analyzes the criminal-legal content of this term, its legal boundaries. Based on the study, several approaches are formulated to solve this problem.

   The urgency of the problems of personal data protection has recently acquired particular importance due to the rapid introduction of digitalization into the global and national economies, including digital technologies are gaining increasing influence in the financial and banking sector. The article discusses the problems of personal data protection in banking relations, analyzes the closely interrelated concepts of “personal data” and “banking secrecy”. The author notes the need to improve the process of personal data protection, further development of legislation and the development of strict standards for ensuring the security of personal data of bank customers. Examples of the legislative experience of the People’s Republic of China in the field of personal data protection are given.

The article analyzes the norms of legislation that allow to determine the required elements of the internal corporate compliance system in the field of personal data protection in modern legal conditions. The corporate and judicial practice, reflecting the change in the legal regulation of the compliance of organizations in the field of collection and use of personal data, is being studied, recommendations are being formed for the development of internal documents of the corporation that regulate the processing of personal data of the corporation.

Despite the presence of the current legal regulation of personal data and their circulation on the Internet, Russia has recently become one of the leaders in personal data leaks. It turns out that the right to confidentiality and the right to protection of personal data are not implemented in the digital environment due to the susceptibility to cyberattacks and the lack of appropriate measures and guarantees in this field. The Russian legislator establishes the obligations of the operator of personal data, including the obligation of the operator to notify the authorized body of the leakage of personal data, as well as administrative, criminal and civil liability for their disclosure. However, there are no effective mechanisms that would prevent leaks and other disclosure of personal data in a preventive manner and would allow full compensation for the damage caused to individuals. The legal doctrine proposes to strengthen the penalties for violations in the field of personal data and specify the possibility of compensation for moral damage to a person who has suffered from a leak. The author’s approach is to provide for the need to check the operator’s activities for violations that led to the leakage of personal data (post-control), as well as to introduce a compliance system that allows preventive prevention of leakages and other violations in the field of personal data (a priori control), and train employees to minimize the risks of disclosure and other illegal use of personal data.

   The article presents an analysis of domestic legislation regulating the protection of personal data; the problems of personal data protection in the context of increasing the role of digital resources, the use of tracking technology and digital technologies that allow recording, collecting and processing personal data of individuals are considered; the argumentation is given to substantiate the need to develop modern effective methods, technical means of detecting and preventing unauthorized use of personal data, additional legal regulation of the institute of personal data protection, and certain provisions of the law – in discussion and subsequent correction.

   The authors, using an example from their teaching practice, consider a special case of obtaining and processing the consent of the subject of personal data to the processing of personal data. The relationship between an educational organization and students of online advanced training courses is taken as an example. The authors show the problems they faced as organizers of educational activities and share their experience in solving these problems. They come to the conclusion that consent to the processing of personal data can be obtained using such electronic means of communication and data
transmission as e-mail, the Yandex Forms service and similar services. The use of these electronic means of communication allows you to quickly and economically solve some organizational issues that arise in educational practice.

The article analyzes the legislation on personal data of Russia and China, the judicial practice of the People’s Republic of China on the protection of personal information. It is demonstrated that the legislation of Russia and the People’s Republic of China enshrines the concept of personal data, contains the principles and mechanism of protection of personal data of citizens, provides for liability measures for violation of the rights of citizens in the illegal use of their personal data. The considered examples of judicial practice of the People’s Republic of China demonstrate the application of legislation on personal data, bringing violators to civil, criminal and administrative responsibility. The conclusion is formulated that the development of Internet technologies, artificial intelligence technologies, deep synthesis generates a lot of problems related to the illegal use of personal information about citizens, which requires constant improvement of legislation on personal data protection.