LinkedIn blocked in Russia for violating provisions of “On the Procedure of Processing of Personal Data” Law of the Russian Federation

On 1 September 2015 the Federal Law No. 242-FZ of July 21, 2014 “On amendments to certain legislative acts of the Russian Federation to clarify the procedure for personal data processing in information and telecommunication networks” (the “Law”) came into force.

The Law obliges operators to store collected personal data of Russian citizens within the territory of the Russian Federation. The Law defines “operator” rather broadly as any entity collecting and processing personal data of Russian citizens. The Law also introduces certain amendments regarding the content of notifications given to users about the handling of personal data and establishes a procedure to restrict access to internet information processed in breach of laws regarding personal data.

According to the report of the Federal Service for Supervision of Communications, Information, Technology and Mass Communication (“Roskomnadzor”) for 2015, local offices of Roskomnadzor conducted a number of inspections in 2015 to check whether or not companies were adhering to Russian legal requirements regarding the collection and processing of personal data.

Analysis of results of such control and supervision measures undertaken by the Roskomnadzor in 2015 showed that one of the most frequent violations revealed during the inspections was that companies, when submitting official notifications to the competent government authorities, had provided incomplete and/or false information regarding the companies’ procedures and handling of the personal data of users.

The inspections also revealed other violations, such as: unavailability of storage places for personal data (physical storage media); lack of lists of persons who process personal data or have access to such personal data; processing of personal data in cases not permitted under the Law; non-conformance regarding the content of the written user consent agreement concerning the collection and handling of personal data.

In 2016 one of the most significant court cases involving personal data in Russia was a lawsuit of Roskomnadzor against LinkedIn Corporation regarding violations of the Federal Law “On personal data”, in particular, concerning the fact that LinkedIn Corporation was processing data of third persons without their consent and was not providing any information on the physical location of servers in the Russian Federation. On 4 August 2016 Tagansky District Court of the city of Moscow rendered a decision against LinkedIn Corporation.

As determined in the decision of Tagansky District Court of the city of Moscow of 4 August 2016 regarding the case No. 02-3491/2016, LinkedIn Corporation which is a website operator (administrator) of the domain name linkedin.com and is processing personal data in internet, had committed a violation of rights and freedoms of a human being and a citizen while processing the personal data, in particular, the rights to personal and family privacy.

In its appellate ruling of 10 November 2016 the Moscow City Court upheld the decision of the Tagansky District Court of the city of Moscow.

On 17 November 2016 Roskomnadzor started to block LinkedIn which resulted in blocking of the website of this social network, as well as of its mobile applications on the territory of the Russian Federation. In December 2016 Roskomnadzor sent official letters to Apple and Google requesting them to remove Russian versions of LinkedIn’s online applications from App Store and Google Play online shops.

The head of Roskomnadzor, Alexander Zharov, maintains that it is purely the speculations of conspiracy theorists that LinkedIn is the first major company to be tried and that Roskomnadzor is testing its methods in order to undertake serious action against more social networks in the future. According to Alexander Zharov, LinkedIn came to light because of a major information leak in 2012 which resulted in over 170,000 accounts with personal contacts and email addresses of users being made public.