On the storage of personal data, Roskomnadzor and dating sites

Hello.

The writing of this article is dictated by reading this material . Well, the stories about Fedor Vlasov with his Kate Mobile, too , but more on that in the end.

As well as a random study of the connection logs from working computers of employees in one small office.

The study showed that employees during working hours are sitting on IP 185.203.72.22, which is the Mamba Dating Service. But it will not be about the efficiency of employees and working time. It will be about compliance with federal laws.

So, the Mamba Dating Site (mamba.ru) has been owned by CJSC MAMBA since 2003. CJSC MAMBA (TIN 7714548885, KPP 770301001, OGRN 1047796286020, OKPO 72777958) is registered at Moscow, Zvenigorodskaya 2-ya, 13, bld. 42, room 1 floor 4, 123022.

This boring information says that mamba.ru fully falls within the scope of the Federal Law of July 27, 2006 No. 152-FZ (as amended on December 31, 2017) “On Personal Data”. By the way, according to this law, “personal data is any information relating directly or indirectly to a specific or determinable individual (subject of personal data)”, so the phone number indicated during registration is already personal information, even if the photo is strangers and the name is invented .

Currently mamba.ru has IP 185.203.72.22. This address is owned by Variti International Gmbh, Denkmalstrasse 2, 6006, Luzern, Switzerland

Allow? That is, dating site data is stored in Switzerland?

But after all, according to Article 18 p. 5 of the Federal Law, when collecting personal data, including through the information and telecommunication network "Internet", the operator is obliged to ensure the recording, systematization, accumulation, storage, clarification (updating, changing), extraction of personal data citizens of the Russian Federation using databases located on the territory of the Russian Federation .

Do not rush to call Roskomnadzor, in fact Variti International Gmbh does not provide hosting, butprovides anti-DDOS protection . And the data is stored in the range 193.0.170.0 - 193.0.171.255, which are in Russia.

At the same time, as the Swiss report , they work like this:

• We pass all incoming traffic of the protected website through the distributed network of filtering nodes VARITI.
• We analyze real-time traffic for several characteristics.
• Using our own mathematical algorithms , we filter traffic, providing requests only from real users.
• All requests are classified - from real users or from bots.
• We share traffic from one IP (mobile or wireless Internet, providers with NAT, Wi-Fi open access).
• Suspicious users are logged unnoticed; Advanced analysis is performed on behavioral factors .
• In the event of a DDoS attack or a threat of automatic scanning, the protection immediately blocks malicious traffic (response speed less than 50 ms).

Here I highlighted some points that by no means ensure the safety of personal data, certification of encryption means by the FSB and FSTEC and other things.

Total:

1. How is the fact of hosting location verified? Any whois, ping and anything else on mamba.ru gives exactly the Swiss address. Does Roskomnadzor carefully monitor real work and hosting? Checking a domain name server? Checks domain name server responses? Keeps track of real traffic? Hmmm ...
2. How is information leakage verified when using anti-DDOS services, like the one above?
3. Recently, one man was arrested for using a pedophile to use his service . What will the competent services (FSB, Ministry of Foreign Affairs, FSTEC, Ministry of Internal Affairs, etc.) do regarding anti-DDOS services in a similar situation? Specifically, in the example discussed above, I can find a lot of actions for which responsibility is provided for in article 241 of the Criminal Code of the Russian Federation.
4. Does the federal law really care about my personal data?

PS During the writing of the article, not one employee from the office was injured for sitting on a dating site.
PPS Thank you dear Sabubu - it turns out you can call Roskomnadzor and ban Mamba :

However, according to “whois” sources, it was found that the services of providing computing power for hosting databases containing personal data of citizens of the Russian Federation, through which recording, systematization, accumulation, storage, updating (updating, changing), and the extraction of personal data of citizens are provided Of the Russian Federation, constantly connected to the Internet ... is carried out through the server facilities of Cloudflare, Inc., located in the United States of America

You can add many more to the list .
Unfortunately, I did not find other answers to my questions.