Companies that operate in Russia are soon to be required, by law, to go to new extremes that will invade the privacy of users. Those among the affected will be those who offer instant messaging, social networking, multiplayer games and any similar type of user interaction. This means all data and communication, including text, audio and video, will need to be stored for one year — and the data has to be accessible to Russian authorities.
Companies that don’t comply will be fined and potentially blocked from offering the relevant service in Russia. According to this article, if we learned anything from previous law enforcement practice in Russia, the companies most affected will be email and social networking services.
Other companies will need to be prepared to take action as well; the wording in the amendments is unclear in regard to what constitutes communication. Web forms and corporate communication may be included. Some companies have already decided to cease business within Russian territories. One example would be the Private Internet Access VPN — a VPN well known for keeping clients safe by not keeping logs or user data.
This amendment would make those actions illegal. In the email to customers, the mention how some of their servers got seized by authorities in Russia. However, even though this law will require companies to allow Russian authorities full access to unencrypted user info, Private Internet Access customers will be safe because no user data has been stored.
So it appears that any company that hasn’t stored data in the past won’t be held accountable for that data, but going forward, companies who are concerned with privacy will need to reevaluate their stance on keeping private communications. For users, this means any interaction in Russia, sending or receiving, won’t be secure. This is something that needs to paid attention to as it could become as real concern as early as July 20th.