The correct law "On personal data", as I see it

So, about a month ago, September 1, 2015 entered into forcethe law "On Personal Data", which obliges to store personal data of Russians on Russian servers. This law, however, like many other Russian laws, is written so that it can be interpreted as widely as possible, it is practically impossible to verify its implementation, and sometimes its implementation itself is also impossible. For example, in the case of distributed data storage systems, when information is not physically localized on one server, but distributed around the world. That is, even the presence of the company's servers in the country does not guarantee that something meaningful is stored on its territory. Moreover, how will companies determine the citizenship of their users, because almost all information resources do not require the provision of passports?
If a foreign company does not have a branch or representative office in Russia, then, according to lawyers , the requirements of the law do not apply to it. Representatives of Facebook, which does not have offices in Russia, have already harshly told Roskomnadzor that they do not consider it necessary to post the data of Russian users in this country for economic reasons. In addition, the company does not consider the information stored in it to be personal. What can I say, if the department itself recognized that it could not verify the implementation of the law by foreign companies. The law also made exceptions.for airlines, as it turned out that all ticketing systems in Russia use foreign services. Changes were made in a timely manner, as our deputies risked staying in Russia forever, which is completely unacceptable to them.
So it already looks like a sieve. However, from the very beginning it was clear that this law was only written in order to have another censorship tool to close unwanted resources, so discussing it from a logic perspective or trying to somehow improve is meaningless. Suppose, however, that a law would really be written to protect the rights of people, what should it be in this case? In my humble opinion, the user himself has the right to manage his information, but at the same time he has every right to know where it will be stored, and who can read it. One such solution would be to provide users with the opportunity to choose for themselves in which country their data will be stored, or to warn in advance of a single option. The best solution would be to write a law using the concept of jurisdictionrather than physical location.
Indeed, as has already been said, the physical location itself in some cases is undefined and makes no sense, but if the company says that the data is stored on a server inside the country, it will be impossible to obtain or verify it if it is encrypted. So the "low level" wording of the law is very inconvenient to apply. Jurisdiction unambiguously determines the country in which your information will be stored, but not in the physical, but in the legal sense. Users themselves will be able to choose or, in any case, will know which country is responsible for the storage of their personal data.
This is especially valuable, given that in different countries there are different laws on the protection of personal information and its disclosure upon request, including from other countries. Not to mention the fact that in some countries the situation with human rights is very ambiguous, and Russia, alas, is no exception. By the way, the Russian Ombudsman Dmitry Marinichev proposed a very similar option, allowing you to store information about Russians on foreign servers - with their consent, but, as you know, all the same. However, a special law is not needed to exercise the right to choose a jurisdiction, and I hope that companies themselves will provide users with such a right. And among other things, such an opportunity will serve as an excellent test of citizens' confidence in the authorities of their country.
References:
Personal data law came into force in Russia - Rossiyskaya Gazeta
Processing and storage of personal data in the Russian Federation - Ministry of Communications of Russia
Deputy Speech and Ombudsman's Speech on Personal Data and State Regulation of Technologies - Roskomsvoboda
“How are you going to resist progress?” Personal Data Law: Ombudsman against deputy. Decryption - Meduza
Sanctions for ourselves: 286 billion rubles. Russia will lose from law enforcement - Roskomsvoboda
242 Federal Law - Roskomsvoboda
Data on philosophical views of Russians will be fined - BBC Russian Service
Only registered users can participate in the survey. Please come in.
Where do you prefer to store your personal information?
- 25.5% Russia 25
- 74.4% Other country 73