The State Duma will return a bill on large user data for revision
At the end of October of this year on Habré was published 3r320. news about the bill to protect large user data. The bill, in particular, proposes to establish the features of state regulation of processing Big Data users, including the procedure for collecting, transmitting and other data processing methods.
So, for example, it is supposed to inform users about such processing by posting a large user data of the corresponding information message on the operator’s website. Yesterday 3r315. It became known 3r320. that this bill will be returned for revision.
According to Leonid Levin, chairman of the State Duma Committee on Information Policy, the creation of a register of big data operators, mentioned in the draft law, will require additional budgetary funds from Roskomnadzor. The problem is that these costs are not stated in the financial and economic rationale of the bill. Authors need to provide confirmation from the government that funds from the budget are either not needed or have already been budgeted.
It is worth recalling that the document itself was submitted to the State Duma by deputy Mikhail Romanov, then several dozen more deputies joined the work on the bill. For the first time, a document specifies a definition of large user data. The bill offers companies and government agencies the right to process data both for their own purposes and for solving problems of third parties, including payment.
Interestingly, the document claims that large user data is not personal data of a person. They do not allow to personalize the owner without additional processing. “Big” user data can be called after they include information of at least 1000 people. Processing the bill proposes to consider any actions with data, including collection, systematization, transfer and disposal.
The author of the bill proposes that Roskomnadzor create a state information system called the “Registry of Big User Data Operators”. In this register, Roskomnadzor should collect information about operators at the moment when they notify the regulator about the processing of big data. The operator who identified at least 10?000 for data collection cannot process this data without additional notice to Roskomnadzor.
If the operator plans to process big data for himself, then it is enough just to notify the owners of the data, as already mentioned above. Thus, operators can receive various user characteristics with processing them for themselves.
In the event that the operator plans to buy and sell big data, as well as process it for other companies, then you need to get the official consent of the data owners, the form of which Roskomnadzor should develop. If several companies belong to the same group, processing the data together, they do not need the consent of the data owners. 3r350.