Library of Congress

Law Library of Congress

The Library of Congress > Law Library > News & Events > Global Legal Monitor

Russian Federation: Government Agrees with Lowering Threshold for Personal Data Protection during Coronavirus Pandemic

(Oct. 26, 2020) On October 13, 2020, the Russian Federal Ministry of Digital Development, Communications, and Mass Media confirmed the legality of a decree issued by the mayor of Moscow, Sergey Sobyanin, requiring that, beginning October 5, 2020, all employers in the city of Moscow transfer to telework at least one-third of all employees, as well as all employees who are older than 65 or are in a higher risk group.

To ensure that this measure is implemented and that teleworkers can be monitored to prevent them from returning to their offices, the mayor issued another decree ordering employers to submit information to the city government about those who work remotely. The required information, which the mayor’s office was planning to start collecting on October 12, 2020, includes employees’ cell phone numbers, the tag numbers of their cars, and the numbers of the electronic cards they use to pay for public transportation and other social services provided by the city of Moscow.

Opponents of this measure say that it is illegal because the collection of personal data is regulated by federal legislation and can be ordered only by federal bodies, not a regional government, when a state of emergency has not been declared and the authority of the regional government has not been expanded. In addition, this requirement contradicts the norm of the Labor Code, which does not include this type of personal information in the list of data that must be shared by employees with their employers. Consequently, it is expected that employees will hide this information from their employers and companies might be fined for not providing the city with information requested. Fines equivalent to US$100–$3,000 will be imposed on the companies, entrepreneurs, and company officers that do not provide this information or provide false information. The city says that it will cross-check submitted data using its own administrative databases.

The Digital Development Ministry stated in its conclusion that even though the collected information is classified as personally identifiable data, the ministry believes that this data can be used without the consent of the data owner, and cited as justification the Decree of the Russian Federation President of May 11, 2020, on Measures Ensuring the Epidemiological Well-Being of the Population, according to which governors are allowed to impose various restrictive measures aimed at fighting COVID-19, even though the presidential decree did not say anything regarding personal data protection.

The Digital Development Ministry is responsible for the nationwide system of contact tracing of persons infected with COVID-19. The procedure for monitoring contacts, which is based on geolocation and data received from mobile telecom operators, was announced by the ministry last July. According to the document, health authorities will monitor the phone numbers of infected patients and notify them to alert any persons with whom they had contact during the previous 14 days. People who had contact with infected persons are medically assessed and placed under surveillance for periods determined by the duration of their contact with the infected persons and the specifics of their movements. The system will check voicemail and text-message communications, and if the monitoring system determines that someone could have been in contact with an infected person for more than 5 minutes, this person will likewise be placed under surveillance.

Lists of those who are at risk of having been infected due to their connections with an already infected individual will be “centralized” (sic) by the Communications Ministry and shared with the National Guard, police, and regional authorities. Those who are subject to mandatory isolation are placed under round-the-clock surveillance. In the event that they violate the conditions of their quarantine regime, information about the time of violation and the coordinates of the location outside of the place designated for quarantine is forwarded to the police and National Guard. Instructions on how to follow this procedure were forwarded by the Communications Ministry to all telecom companies working in Russia. Those who are subject to monitoring are infected individuals inside of Russia and anyone who has crossed the Russian border. All individuals who have returned to Russia from abroad will be watched during the 2 weeks after they enter Russia by the Ministry of Communications station nearest to the place where they are located.

In addition to using cell phones to trace infected Moscovites, the City Transportation Department announced on October 15, 2020, that movable red light and speeding cameras will be modified to search for and locate individuals who have violated their self-isolation and quarantine regimes. A solicitation for a city contract to amend the functionality of traffic cameras was posted on the website for city procurements. As stated in the solicitation, the updated system must be able to issue fines automatically to those who can spread the infection.