A new threat looms over flights abroad by Russian air carriers. And we are not talking about foreign sanctions, but about domestic initiatives. More precisely, on amendments to the law on personal data, which oblige air carriers to obtain permission from Roskomnadzor to transfer information about passengers and crew abroad as early as March 1, 2023.
According to Kommersant, referring to the assessment of air carriers, some of the points of these amendments, for example, the need to collect data on foreign individuals and legal entities that will process this information, are in fact unfeasible, and the requirements are redundant. Absolutely any carrier can be brought under violation.
In fact, airlines will not be able to carry out transportation without the permission of Roskomnadzor, Kommersant sources assure. At the same time, as stated by the sources of the publication, the airlines are already included in the register of personal data operators of Roskomnadzor. This registry contains information about what data carriers collect about their customers and employees, how they store it in Russia and transfer it abroad. This includes the full name of the tourist, his contact details, date and place of birth and information about the flight they made. According to the law, all airlines that flew abroad before the amendments came into force can simply notify Roskomnadzor until March 1 that they will continue to transfer data to the countries where they flew. However, from March 1, in the event of expanding the geography of flights (for example, when restrictions are lifted or the fleet is replenished with domestic aircraft), carriers will have to file a request with Roskomnadzor. Moreover, if a foreign state is included in the list of “trustworthy” countries (from the list of the Council of Europe convention on the protection of personal data or corresponding to its requirements), then there will be no problems. However, for all other states – and this includes the popular Egypt, for example, up to 15 days are given for consideration.
At the same time, Roskomnadzor may prohibit this data transfer “in order to protect the constitutional order, ensure the defense and security of the state,” as well as “protect the sovereignty, security, territorial integrity of the Russian Federation and its other interests in the international arena,” Kommersant's sources assure. At the same time, Roskomnadzor informed the publication that notifications are submitted one-time: both for countries to which the company flew before March 1, and for those to which it can fly after.
In all cases, airlines “should have information about foreign organizations and government agencies that have been granted access to personal data of Russian citizens.” And this is where the airlines see the main difficulty. According to the law, they will have to first obtain from foreign authorities confirmation of “measures to protect the transferred personal data”, as well as information about foreign government agencies, legal entities and individuals who may have access to such data (name, full name, telephone numbers and postal addresses ), which is generally unrealistic to put it mildly.
The department assures that a list of names of employees of foreign companies and government agencies will not be required. However, the legal department of one of the airlines has already sounded the alarm – they believe that without adjusting the requirements of the law in the course of “law enforcement practice” airlines can be held liable “for any new employee at foreign airports.”
For For those who care about a healthy lifestyle, we recommend reading: “An orthopedist revealed 5 ways a woman can wear high-heeled shoes and not suffer from pain in her legs.”