Roscomnadzor (the Russian data protection authority) recently filed a landmark action against illegal personal data processing by Google Analytics and Yandex Metriсa. If the authority succeeds in the appeal court, Russian websites will have to welcome users with EU General Data Protection Regulation-style cookie banners and privacy policies. Prior to this case, the Russian internet community had not considered statistical information concerning web traffic and user actions to constitute personal data.
The EU General Data Protection Regulation (GDPR) applies internationally and can encroach on the national laws of non-EU countries. In Russia, international companies must fulfil the requirements of both the GDPR and local laws, even though they may contradict each other. Companies should follow a number of recommendations in order to find the most practical solutions, mitigate relevant legal risks and keep their noses clean should Roscomnadzor try to find fault with them.