However, as the press service of Roskomnadzor reported
Posted: Wed Jan 22, 2025 5:04 am
Head of the Personal Data Department of the Main Radio Frequency Center Ekaterina Efimova reminded in the official Telegram channel of the institution that every organization collecting personal data of users on the site must post a privacy policy on it. The presence of this document is a mandatory requirement of the Law "On Personal Data" with amendments that entered into force on September 1, 2022 and March 1, 2023.
in response to a request from cameroon whatsapp number database ComNews, this requirement was ignored by a third of Russian organizations inspected by the agency by the end of 2023: "Roskomnadzor monitors the Internet resources of personal data (PDn) operators of all categories. If deviations from the requirements of the law are detected, including with respect to the policy on processing PDn, the agency sends the operator a request to bring the activities into compliance with the provisions of the law. In 2023, Roskomnadzor sent more than 4.6 thousand such requests. About 100 protocols on administrative offenses were drawn up for failure to comply or untimely compliance. Of the resources analyzed in 2023, almost a third of the owners did not post a policy on processing PDn or did so in violation of the law. Operators often draw up such documents without due attention to the requirements of the law, including copying incorrect provisions from each other. The clarifications are aimed at forming an understanding among operators of the purpose of this document. In addition, recommendations are given on how to correctly prepare and post a document reflecting the policy on processing personal data."
According to Tatyana Nikonorova, a leading information security consultant at Innostage, this is one of the typical violations, but she predicts a significant improvement in the situation in 2024: "Violation of this requirement is included in the list of typical errors identified by Roskomnadzor when checking websites and organizations. Recently, many companies have begun to take a more responsible approach to posting the necessary documents on websites where personal data is collected. This trend is caused by the latest reform of the law on personal data and the policy of increasing liability for violations in the field of personal data processing. In 2024, eight out of 10 websites that collect personal data will have a privacy policy or personal data processing policy. But this is not always enough to meet the requirements."
"There are two types of violations related to the personal data processing policy. The first is the failure to post the policy on the website as a whole or on the website pages where personal data is collected. The second is the posting of a policy, the content of which does not comply with the requirements of Part 1 of Article 18.1 of 152-FZ: the policy does not disclose in detail and in accordance with the requirements the goals and procedure for processing personal data. For a long time, Roskomnadzor has been checking websites for compliance with the requirements for processing personal data. The results of such checks, including the violations identified, are recorded in reports that are published in the public domain on the websites of the regional offices of Roskomnadzor. Company B-152 conducted a study of these reports (more than 200) and found that the most frequent violation of personal data processing on a website (30% of the total) is the lack of a policy posted on the website. Violations related to the incorrect content of the policy posted on the website (Part 1 of Article 18.1 of 152-FZ) account for only 6% of the total number of violations. Thus, of all the violations identified on websites, a third are related to the absence of a policy for processing personal data on the website, while only 6% are related to its incorrect content,” said Nikita Volodin, Senior Consultant for Personal Data Protection at B-152 LLC.
in response to a request from cameroon whatsapp number database ComNews, this requirement was ignored by a third of Russian organizations inspected by the agency by the end of 2023: "Roskomnadzor monitors the Internet resources of personal data (PDn) operators of all categories. If deviations from the requirements of the law are detected, including with respect to the policy on processing PDn, the agency sends the operator a request to bring the activities into compliance with the provisions of the law. In 2023, Roskomnadzor sent more than 4.6 thousand such requests. About 100 protocols on administrative offenses were drawn up for failure to comply or untimely compliance. Of the resources analyzed in 2023, almost a third of the owners did not post a policy on processing PDn or did so in violation of the law. Operators often draw up such documents without due attention to the requirements of the law, including copying incorrect provisions from each other. The clarifications are aimed at forming an understanding among operators of the purpose of this document. In addition, recommendations are given on how to correctly prepare and post a document reflecting the policy on processing personal data."
According to Tatyana Nikonorova, a leading information security consultant at Innostage, this is one of the typical violations, but she predicts a significant improvement in the situation in 2024: "Violation of this requirement is included in the list of typical errors identified by Roskomnadzor when checking websites and organizations. Recently, many companies have begun to take a more responsible approach to posting the necessary documents on websites where personal data is collected. This trend is caused by the latest reform of the law on personal data and the policy of increasing liability for violations in the field of personal data processing. In 2024, eight out of 10 websites that collect personal data will have a privacy policy or personal data processing policy. But this is not always enough to meet the requirements."
"There are two types of violations related to the personal data processing policy. The first is the failure to post the policy on the website as a whole or on the website pages where personal data is collected. The second is the posting of a policy, the content of which does not comply with the requirements of Part 1 of Article 18.1 of 152-FZ: the policy does not disclose in detail and in accordance with the requirements the goals and procedure for processing personal data. For a long time, Roskomnadzor has been checking websites for compliance with the requirements for processing personal data. The results of such checks, including the violations identified, are recorded in reports that are published in the public domain on the websites of the regional offices of Roskomnadzor. Company B-152 conducted a study of these reports (more than 200) and found that the most frequent violation of personal data processing on a website (30% of the total) is the lack of a policy posted on the website. Violations related to the incorrect content of the policy posted on the website (Part 1 of Article 18.1 of 152-FZ) account for only 6% of the total number of violations. Thus, of all the violations identified on websites, a third are related to the absence of a policy for processing personal data on the website, while only 6% are related to its incorrect content,” said Nikita Volodin, Senior Consultant for Personal Data Protection at B-152 LLC.