Comments on changes to the Federal Law No. 149-ФЗ “On Information, Information Technologies and Information Protection”

    Good afternoon, colleagues!

    Today I want to speak about a new bill generated by the Ministry of Communications of Russia. I apologize in advance for the enormous amount of legislative text, as I will give interesting passages in the form of quotes. So that dear readers do not bother themselves with finding a bill in the Consultant.

    The preamble of the project is ordinary. It is about making amendments and additions to the federal law N 149-ФЗ “On information, information technologies and information protection”.
    You can skip further if you are too lazy to absorb bureaucratic speech. But better read, otherwise it will be too late. The State Duma is "not a place for discussion", so most likely the law awaits us the same as its draft.

    So:

    2) to supplement article 2 with paragraphs 18.1 - 18.2 of the following content:
    "18.1) identifier - a unique designation of information about a person, necessary for determining such a person by applying technical and (or) technological methods .;
    18.2) identification, authentication of a person - a set of measures to establish identifiers and (or) information about a person, to compare information with an identifier or to verify information, as well as to verify a person’s identity (s) by matching an identifier (s) with existing ones information about the person, and establishing the validity of the person’s use of the identifier (s) carried out in accordance with this Federal Law, other federal by laws adopted in accordance with them by regulatory legal acts or by agreement of the parties, as a result of which the person is considered established. ”; (and where about EDS - I)

    3) supplement with articles 14.2 - 14.3 of the following content:

    “Article 14.2. Digital profile

    1. A digital profile is a collection of information about citizens and legal entities contained in the information systems of state bodies and organizations that exercise separate public powers in accordance with federal laws, as well as in a unified system of identification and authentication.

    The infrastructure of the digital profile is a set of information systems in a single identification and authentication system that provides access to the digital profile.

    2. The infrastructure of the digital profile is created in order to exchange information in electronic form between individuals, organizations, government bodies, local authorities.

    3. Using the infrastructure of the digital profile, including the following:

    1) identification and authentication of individuals and legal entities;
    2) access to the digital profile and provision of information included in the digital profile in electronic form to individuals and legal entities;
    3) the provision and updating, at the request of state bodies, local self-government bodies, organizations that exercise separate public powers in accordance with federal laws, and other (what other? - my comment) organizations of information about an individual or legal entity contained in a digital profile, in including those contained in state information systems, information systems of organizations that exercise separate public powers in accordance with federal laws;
    4) obtaining and revoking consent to the processing of personal data of citizens and information on legal entities in cases involving the receipt of information about a citizen or legal entity using the digital profile infrastructure;
    5) the provision of information for the formation of requests for state and municipal services or the performance of state and municipal functions;
    6) storage of information about citizens and legal entities, including the results of the provision of state and municipal services in electronic form, in the manner established by the Government of the Russian Federation.

    4. In cases stipulated by the legislation of the Russian Federation, the consent of a citizen or legal entity to receive information about them using the digital profile infrastructure is not required. In other cases involving the receipt of information using the infrastructure of a digital profile, information about a citizen or legal entity using the infrastructure of a digital profile is provided with the consent of the citizen or legal entity.

    5. Information about citizens and legal entities stored in the infrastructure of the digital profile is provided to it and updated automatically by government bodies, organizations that exercise separate public powers in accordance with federal laws, through a single system of interagency electronic interaction.

    State bodies, organizations that exercise separate public powers in accordance with federal laws are required to provide the digital profile infrastructure and update this information on an ongoing basis within a period not exceeding 15 seconds from the moment of amending the relevant information.
    Responsibility in accordance with the legislation of the Russian Federation for the accuracy, completeness and relevance of the information provided lies with these bodies and organizations.

    6. State bodies, organizations that exercise separate public powers in accordance with federal laws are required to provide information about citizens and legal entities that are not contained in the infrastructure of the digital profile, upon request directed with its use. The provision of such information is carried out in electronic form through a single system of interagency electronic interaction within a period not exceeding 15 seconds from the moment of sending the request. The receipt of this information by individuals and legal entities is carried out using the infrastructure of a digital profile.

    7. Interdepartmental information interaction is carried out in order to provide state and municipal services for the exchange of documents and information, including in electronic form, in accordance with the Federal Law “On the Organization of the Provision of State and Municipal Services”.

    8. The Regulation on the Digital Profile, the procedure for obtaining and providing information using the digital profile infrastructure, as well as the composition of the information stored in the digital profile infrastructure, are determined by the Government of the Russian Federation.

    9. Requests of organizations to obtain information about citizens and legal entities using the infrastructure of a digital profile are carried out both free of charge and on a reimbursable basis. Cases, the amount and procedure for making payments for sending relevant requests are entitled to be established by the Government of the Russian Federation.

    Article 14.3. Procedure for identification and authentication of a person

    1. In the cases provided for by this Federal Law, other federal laws, other normative legal acts of the Russian Federation or a constituent entity of the Russian Federation adopted in accordance with them, or by agreement of the parties, identification and authentication of a person may be carried out by applying, among other things, the main document proving the identity of the citizen Of the Russian Federation on the territory of the Russian Federation (hereinafter - citizen’s identity card), or one or more identifiers, allows those who reliably determine the relevant individual or legal entity.

    2. Requirements for a citizen’s identification card, including valid forms of identification of a citizen, the composition of fields of a citizen’s identification card and the composition of information included in a citizen’s identification card, the procedure for making, changing and excluding such information, as well as the procedure for terminating a citizen’s identification card, the procedure for using a citizen’s identity card is established by the Government of the Russian Federation.

    Accounting for information included in a citizen’s certificate is carried out using the state information system, the procedure for the creation, development and operation of which is established by the Government of the Russian Federation. The composition of the information provided in the information system specified in this paragraph, provided from such a system, as well as the position and operator (s) of the specified information system are determined by the Government of the Russian Federation.

    3. Assignment of information about an individual or legal entity to identifiers is carried out in accordance with federal laws, normative legal acts adopted in accordance with them, or agreements of the parties.

    4. When making and executing civil law transactions, their parties are entitled to use identifiers in relations with each other in accordance with the agreement between them.

    5. Unless otherwise provided by federal law, persons shall have the right to identify and authenticate individuals and legal entities using the information received from the organization specified in part 6 of this article on the basis and in the manner provided for by the agreement.

    6. A person who confirms the fidelity of the identifier or previously conducted identification and authentication of a person may only be:

    a) credit organizations, mobile radiotelephone operators, telecom operators occupying a significant position in the public telecommunication network, which are entitled to independently provide telecommunication services for data transmission;
    b) operators of state information systems;
    c) other organizations that meet the requirements established by the Government of the Russian Federation. The procedure for confirming the compliance of organizations with such requirements is determined by the Government of the Russian Federation.

    7. The provision by the organization referred to in part 6 of this article for the identification and authentication of an individual information about him is allowed with the consent of such an individual, which can be given in a way to confirm the fact of its receipt. In the event that the identification and authentication of a person is necessary by virtue of federal law or is required at the request of a person, then unless otherwise provided by federal law, the transaction is not completed and (or) entry into other legal relations is not carried out if such consent was not provided.

    8. The result of the identification and authentication of a person using information technology can be confirmed by an electronic document provided through an information system that provides remote identification and authentication of a person. Cases where such confirmation is mandatory are determined by the Government of the Russian Federation. ”

    Article 2

    In the Federal Law “On Personal Data” (Collection of Legislation of the Russian Federation, 2006, N 31, Article 3451):

    1) In paragraph 5 of paragraph 1 of Article 6, the words "performance of the contract" shall be replaced by the words "performance of the transaction"; the words “as well as for concluding a contract” shall be replaced by the words “for making a transaction”; replace the words “or agreements” with the words “or transactions”; supplement with the following text ", as well as for negotiations on the completion of the relevant transaction";

    2) Article 9 shall be supplemented with paragraph 5.1 as follows:
    “5.1 When processing personal data using the digital profile infrastructure, if the consent of the personal data subject to the processing of personal data is required, the personal data subject agrees to their processing in the digital profile infrastructure in the form of an electronic document signed by an enhanced qualified electronic signature (categorically true - mine own comment) or by a simple electronic signature, the key of which was received upon personal appearance in accordance with the rules of use an electronic signature when applying for state and municipal services in electronic form established by the Government of the Russian Federation. Revocation of such consent is carried out by the subject of personal data in the infrastructure of the digital profile. ”;

    Now a few of my thoughts on everything copied.

    First of all, the fact of the appearance of such bills is encouraging. The amount of information that is concentrated in the hands of the state and corporations is growing rapidly and is gradually moving into a new quality that allows you to manage the masses of people at a new level. And they won’t even notice anything. And here, of course, prescribing at least some algorithms of access to the digital profile of a citizen by the state, corporations and other (other and how to determine them) organizations is wonderful. Apparently, in the “brave new world” access to digital profiles will be both the main power and the main source of money.

    Once the colonialists in the colonies simply stupidly robbed and seized everything, then the colonial’s sign was unrestricted access of the colonialists to the sales markets, but now the point is that the colony is a country with all digital data and profiles that are available for processing and analysis by anyone from the side. People in their cozy smartphone and desktop realities will perform only those actions that are beneficial to large foreign uncles. Russia so far has the hope that the "big uncles" will at least be ours. I would very much like to see the law and the procedure for access to digital profiles of citizens, otherwise it becomes uncomfortable somehow.

    But you need to write more about authentication technologies right in the law. That is, they registered the consent to the processing of personal data with the help of an enhanced digital signature and this is excellent. But in my opinion, the “identification, authentication of a person” should be legally prescribed about the use of EDS. Nothing more reliable than an iron contraption plus a password from my head has not yet been invented. And the fact that they did not indicate this opens up scope for any godly thing such as face authentication through face recognition.

    Also popular now: