We would like to ensure that you are still receiving content that you find useful – please confirm that you would like to continue to receive ILO newsletters.
30 November 2018
Tech, Data, Telecoms & Media Russia
Introduction
Digital Rights Bill
Big Data Bill
Comment
Big Data is a new technological phenomenon which has emerged in the context of today's global digital economy. It is normally used in conjunction with other innovative digital products, such as artificial intelligence, cloud computing and the Internet of Things.
Big Data is generally treated as any other form of information defined by the so-called 'three Vs' – that is:
Although there is no universal or international legal definition of 'Big Data', Section 3.1.1 of ISO/IEC TR 20547-5:2018 (Information technology: Big data reference architecture – Part 5: Standards roadmap) provides the following official standard: "extensive datasets — primarily in the characteristics of volume, variety, velocity, and/or variability — that require a scalable architecture for efficient storage, manipulation, and analysis".
Many high-tech companies and IT service providers, including those operating on the e-commerce market, actively collect, use and process Big Data (eg, user data) through different methods (eg, profiling) for certain commercial reasons.
In Russia, Big Data has become a key area of interest for both digital businesses and the government. As regards the latter, two bills were recently submitted to Parliament for discussion:
Both bills are essential developments, especially given the increasing interest in and high value of Big Data in the current digital reform. This article provides a brief overview of the relevant terms and provisions of each bill.
In addition to such innovative notions as digital rights and digital currencies, the Digital Rights Bill touches on the potential media for presenting Big Data by amending the existing definition of a 'database' set out in Article 1260(2) of the Civil Code. It also introduces a new type of civil law contract (ie, the data provision service agreement) by introducing a new Article 783(1) to the Civil Code. Notably, one of the main purposes of the Digital Rights Bill is the creation of a legal framework for collecting and processing "significant arrays of anonymous information", which is referred to as Big Data in the explanatory notice to the Digital Rights Bill.
Article 3 of the Digital Rights Bill proposes to amend the definition of 'database' set out in Part 4 of the Civil Code. Under Article 1225 of the code, a database is an individual form of intellectual property, which may be protected by copyright or related rights.
Article 1260(2) of the Civil Code defines a 'database' as an objectivised set of individual materials (eg, articles, calculations, normative acts, court decisions and other similar materials) systemised in such a manner that they can be searched for and processed using a computer.
Legally, from an IP perspective, where a database comprises materials protected by copyright or the systematisation and arrangement of certain content has creative value, the database is protected by copyright law. Where a database's content has no creative value, it may still be protected by a related rights law where the database maker can prove that it made a considerable financial, material or other investment to create the database, including when processing and including the relevant materials in the database. In this regard, unless proven otherwise, the Civil Code presumes that such 'considerable investment' takes place where the database contains no less than 10,000 individual data elements (materials).
The Digital Rights Bill suggests modifying the definition of a 'database' to encompass "individual data or information, including information on events and other facts". In other words, if the bill eventually becomes law, the definition of a 'database' will be broadened slightly to cover all types of information that is collected and processed, including Big Data. According to the explanatory notice to the Digital Rights Bill, such an amendment aims to address the current restricted interpretation of the definition.
In addition, the Digital Rights Bill proposes to regulate data provision service agreements (Article 2). Under this new contractual instrument, contractors will undertake to provide certain information to customers. Data provision service agreements may stipulate the obligation of one of the parties (or both parties) to refrain from performing activities which will result in the disclosure of information to third parties for a certain period. Therefore, if the bill eventually becomes law, this new type of civil law contract will allow parties to conduct business with Big Data on legitimate grounds.
The Big Data Bill proposes to introduce the following terms and definitions into the Federal Law on Information, Information Technologies and Data Protection:
Further, the Big Data Bill introduces the following obligations on big user data operators prior to commencing Big Data processing:
Roskomandzor must provide the procedure, requirements and form of such notification.
The Big Data Bill emphasises that big user data operators do not have the right to perform processing without fulfilling the abovementioned obligations. Further, the activities of business entities belonging to the same group of persons in accordance with the national competition legislation – in terms of transferring and/or receiving big user data and other processing of big user data between them – are not regarded as Big Data processing for the purposes of third parties.
In addition, the Big Data Bill proposes to implement a federal state IT system known as the Register of Big User Data Operators. The register must be created and maintained by Roskomnadzor, which may engage the respective organisations to do so. The register will be formed on the basis of information provided by big user data operators in accordance with the Federal Law on Information, Information Technologies and Data Protection. Big user data operators' notification for Big Data processing will form the basis for their inclusion in the register.
Finally, the Big Data Bill empowers Roskomnadzor to control and supervise Big Data processors' compliance with the established legal requirements. For these purposes, Roskomnadzor can:
These bills are the first legal attempt to regulate the commercial use of Big Data in Russia and have been severely criticised by the IT community. The Digital Rights Bill will be subject to subsequent readings and parliamentary approval before the president signs it into law. Despite the fact that the Big Data Bill was declined for financial and budgetary reasons, members of Parliament can obtain an official government opinion in support of the proposed (initial) draft. Alternatively, the initial text of the bill can be redrafted and the amended version can be resubmitted for a new consideration by Parliament in the future. Therefore, high-tech-businesses should keep an eye on any legal developments in this regard.
For further information on this topic please contact Sergey Medvedev or Ilya Goryachev at Gorodissky & Partners by telephone (+7 495 937 6116) or email (medvedevs@gorodissky.ru or goryachevi@gorodissky.ru). The Gorodissky & Partners website can be accessed at www.gorodissky.com.
Endnotes
(1) Available here.
(2) Available here.
The materials contained on this website are for general information purposes only and are subject to the disclaimer.
ILO is a premium online legal update service for major companies and law firms worldwide. In-house corporate counsel and other users of legal services, as well as law firm partners, qualify for a free subscription.