Novelties in Russian criminal law on liability for personal data breaches

Abstract

Read online

This article presents the results of the first critical legal analysis of a novel provision in Russian criminal law that penalizes anyone who engages in the illegal use, transfer, collection, or storage of computer information containing personal data, as well as in the creation and management of information assets designed for the unauthorized storage and distribution of such data. The major flaws and contradictions in Article 272 of the Criminal Code of the Russian Federation were exposed, and potential solutions of certain problems associated with its enforcement were proposed. Theoretical recommendations were developed to strengthen the legislative measures targeting breaches of computer information containing personal data of minors, special categories of personal data, or biometric personal data. Some challenges that may arise when categorizing acts involving the cross-border transfer of computer information containing personal data and the cross-border flow of computer information carriers holding personal data were identified. The findings contribute to improving the criminal law framework for safeguarding personal data and advancing the Russian criminal law doctrine on liability for cybercrimes.

Keywords

• biometric personal data
• personal data of minors
• crimes involving computer information
• cross-border transfer of personal data
• personal data breach
• cybercrimes