The European Commission has developed new rules for data governance. The project was published on the Commission’s website on November 25 and will increase the availability of data for business and research while meeting consumer protection requirements under the General Data Protection Regulation (GDPR) of 2016, Kommersant reports.
The document provides for two types of data governance: commercial and free of charge. The EU will allow companies to share commercially important user data only through an independent intermediary who will transmit the information in a secure manner and format. According to Alexander Zhuravlev, chairman of the commission for legal support of digital economy of the Moscow branch of the Association of Lawyers of Russia, this will complicate the work of American IT giants and affect Russian business. The project establishes restrictions on the transfer of data to countries, the level of data protection in which does not correspond to the European level.
“Only the European offices of Russian companies will be able to participate in the data exchange, they will have access to arrays of useful data, but will not be able to freely share them with the headquarters”, - the expert explains.
According to Alexander Zhuravlev, e-mail and gaming services available to Europeans, including Yandex and Mail.ru Group, Aviasales and OneTwoTrip, air carriers, marketplaces that aim to scale a business, including Wildberries and Ozon, medical services, and AI and big data companies can be interested in such data exchange.
Yandex, Mail.ru Group, Wildberries, Ozon and Aviasales did not comment on the project. Kaspersky Lab also notes that the proposal of the European Commission may still be changed. At the same time, the company has already moved the infrastructure for processing and storing the data of European users to Switzerland, which has an agreement with the EU that recognizes an adequate level of protection of personal data.
Russian companies that want to do international business are interested in exchanging data with the EU, the adoption of the regulation may entail a number of restrictions, says Alexey Neyman, the Executive Director of Big Data Association. According to the expert, currently Russian companies also do not have such an opportunity, since Russia is not included in the list of countries that guarantee an adequate level of data protection under the GDPR. Cross-border exchange occurs mainly in the form of reports, which are final analytical products, and not the data itself, the expert says.
The Central Bank of the Russian Federation