The State Duma will return the bill on large user data for revision

At the end of October of this year on Habré was published the news of the bill, aimed at protecting large user data. The bill, in particular, proposes to establish the features of state regulation of processing Big Data users, including the procedure for collecting, transmitting and other data processing methods.

For example, it is assumed that it is mandatory to inform users about such processing by posting a large user data on the site of the operator of the corresponding information message. Yesterday it became known that this bill will be returned for revision.

According to Leonid Levin, chairman of the State Duma Committee on Information Policy, the creation of a register of big data operators mentioned in the draft law will require additional budgetary funds from Roskomnadzor. The problem is that these costs are not spelled out in the financial and economic rationale of the bill. Authors need to provide confirmation from the government that funds from the budget are either not needed or have already been budgeted.

It is worth recalling that the document itself was submitted to the State Duma by deputy Mikhail Romanov, then several dozen more deputies joined the work on the draft law. For the first time, a document specifies a definition of large user data. The bill offers companies and government agencies the right to process data both for their own purposes and for solving problems of third parties, including payment.

Interestingly, the document claims that large user data is not personal data of a person. They do not allow to personalize the owner without additional processing. “Big” user data can be called after they include information of at least 1000 people. Processing the bill proposes to consider any actions with data, including collection, systematization, transfer and disposal.

The author of the bill proposes Roskomnadzor to create a state information system called the “Registry of Big User Data Operators”. In this register, Roskomnadzor should collect information about operators at the moment when they notify the regulator about the processing of big data. The operator who identified at least 100,000 for data collection cannot process this data without additional notice to Roskomnadzor.

If the operator plans to process big data for himself, then it is enough just to notify the owners of the data, as already mentioned above. Thus, operators can receive various user characteristics with processing them for themselves.

In the event that the operator plans to buy and sell big data, as well as process it for other companies, then you need to obtain the formal consent of the data owners, the form of which Roskomnadzor is to develop. If several companies are in the same group, processing the data together, they do not need the consent of the data owners.