Breaking news from the courtroom: LinkedIn has lost an appeal and will be blocked in Russia.
We urge all businesses that gather the personal data of Russian users through their websites to carefully review the applicability of and their compliance with Russia’s Personal Data Law, particularly with respect to the data localisation requirement.
Russia to block access to LinkedIn for violating Personal Data Law
1. www.pwclegal.ru
Russia to block access to LinkedIn
for violating Personal Data Law
11 November 2016 / Issue №81 [152]
On 10 November 2016, the Moscow City Court upheld a lower court order to block access to
www.LinkedIn.com for violations of Russia’s Personal Data Law.
After the ruling is formally received by Roskomnadzor, Russia’s communications and data protection
regulator, LinkedIn will be officially blacklisted and blocked in Russia.
Earlier this year, following reports about LinkedIn data leaks, Roskomnadzor requested business-
oriented social networking website to confirm its compliance with the Personal Data Law.
When no response was received, the regulator brought the case to court.
The court then ruled that LinkedIn had failed to comply with the requirement for storing the personal
data of Russian citizens on servers located within Russia, and had collected the data of unregistered
users without legitimate grounds.
During the appeal, the court dismissed LinkedIn’s argument that the website was not subject to the
Personal Data Law because it did not conduct business in Russia and did not specifically target
Russian users.
Other objections raised by LinkedIn were that the company had not been given proper notification of
the court hearing, and that LinkedIn Corporation, a US incorporated entity, was not a proper
defendant because the data in question had been processed by LinkedIn Ireland. The court, however,
remained unswayed by this line of argument.
The full text of the judgement, including the court’s reasoning, will be published shortly.
LinkedIn may seek to appeal the court ruling, which took effect immediately on 10 November 2016,
further in the court of cassation, but access to the website would be blocked during any such appeals
process.
This decision is of significance to foreign companies operating websites that are accessible in Russia,
regardless of whether a given company has an actual business presence in the country.
The LinkedIn ruling marks the first such case of a well-known international company being
prosecuted in a Russian court for breaching data localisation requirements.
We urge all businesses that gather the personal data of Russian users through their websites to
carefully review the applicability of and their compliance with Russia’s Personal Data Law,
particularly with respect to the data localisation requirement.
We can assist you with identifying all systems that are used for processing the personal data of
Russian citizens (both within and outside of Russia) so as to determine the best approach, from both a
legal and technical perspective, to complying with Russia’s Personal Data Law.