Liability For Processing Personal Data Without A Consent And For Violation Of The Requirements With Respect To Biometric Personal Data

GI
GRATA International

Contributor

GRATA International is a dynamically developing international law firm which provides services for projects in the countries of the former Soviet Union and Eastern Europe. More than 28 years 250 professionals in 19 countries advise major international and local firms. GRATA is recognised by Chambers & Partners, Legal 500, IFLR1000, WWL, Asialaw Profiles. GRATA is recognised by Chambers & Partners, Legal 500, IFLR1000, WWL, Asialaw Profiles.
The Code of Administrative Offences of the Russian Federation (the Administrative Code) has been amended in terms of liability for processing personal data without the consent of the subject...
Russian Federation Privacy

The Code of Administrative Offences of the Russian Federation (the Administrative Code) has been amended in terms of liability for processing personal data without the consent of the subject and for violating the requirements for posting and updating biometric personal data in the "Unified System of Identification and Authentication of Individuals using Biometric Personal Data".

The changes will take effect on 23 December 23, 2023.

Below is a comparative table of the current norms of the Administrative Code and amendments introduced by Federal Law No. 589-FZ of December 12, 2023:

Article of the Administrative Code

Current fines

Fines from 23.12.2023

Part 2 of Article 13.11.

Processing of personal data without the written consent of the personal data subject in cases where such consent must be obtained in accordance with the legislation of the Russian (except in cases provided for in Article 17.13), if these actions do not contain a criminally punishable act, or processing of personal data in violation of the requirements for the information included in the written consent of the personal data

on citizens - from 6 thousand to 10 thousand rubles;

on officials - from 20 thousand to 40 thousand rubles;

on legal entities - from 30 thousand to 150 thousand rubles

on citizens - from 10 thousand to 15 thousand rubles;

on officials - from 100 thousand to 300 thousand rubles;

on legal entities - from 300 thousand to 700 thousand rubles

Part 2.1 of Article 13.11.

Repeated commission of an administrative offense provided for in part 2 of Article 13.11

on citizens - from 10 thousand to 20 thousand rubles;

on officials - from 40 thousand to 100 thousand rubles;

on individual entrepreneurs - from 100 thousand to 300 thousand rubles;

on legal entities - from 300 thousand to 500 thousand rubles.

on citizens - from 15 thousand to 30 thousand rubles;

on officials - from 300 thousand to 500 thousand rubles;

on individual entrepreneurs – from 500 thousand to one 1 rubles;

on legal entities - from 1 million to 1.5 rubles

Article 13.11.3.

Placement and updating of biometric personal data in the state information system "Unified System of Identification and Authentication of Individuals using biometric personal data" by banks, multifunctional centers for the provision of state and municipal services, and other organizations in violation of the requirements established by the legislation of the Russian Federation

Absent

on officials - from 100 thousand to 300 thousand rubles;

on legal entities - from 500 thousand to 1 million rubles

The requirements for the form and content of a consent to processing of personal data are established by Federal Law No. 152-FZ dated July27, 2006 "On Personal Data" ("Law No. 152-FZ") and apply, inter alia, in the case of processing personal data of citizens of the Russian Federation by non-Russian legal entities or non-Russian individuals.1 Special requirements are established, in particular, with regard to consents to the processing of special categories and biometric personal data, as well as personal data authorized by the data subject for distribution.

The state information system "Unified System of Identification and Authentication of Individuals using Biometric Personal Data" (unified biometric system) is used to identify and (or) authenticate individuals by state bodies, local governments, the Central Bank of the Russian Federation, banks, other credit organizations, non-credit financial organizations, participants of the national payment system, persons providing professional services in the financial market, as well as other organizations, individual entrepreneurs, notaries, in accordance with Federal Law No. 572-FZ of December 29, 2022.

Banks, multifunctional centers for the provision of state and municipal services, as well other organizations in cases defined by federal laws, have the right to place biometric personal data of an individual in the unified biometric system after identification of the individual in her/his personal presence with her/his consent in a form approved by the Government of the Russian Federation.2

Footnotes

1. Paragraph 1.1. of Article 1 of Law No. 152-FZ

2. Paragraph 1 of Article 4 of Federal Law No. 572-FZ of December 29, 2022

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

Mondaq uses cookies on this website. By using our website you agree to our use of cookies as set out in our Privacy Policy.

Learn More