Liability for processing personal data without a consent and for violation of the requirements with respect to biometric personal data

Liability for processing personal data without a consent and for violation of the requirements with respect to biometric personal data

The Code of Administrative Offences of the Russian Federation (the Administrative Code) has been amended in terms of liability for processing personal data without the consent of the subject and for violating the requirements for posting and updating biometric personal data in the "Unified System of Identification and Authentication of Individuals using Biometric Personal Data".

The changes will take effect on 23 December 23, 2023.

Below is a comparative table of the current norms of the Administrative Code and amendments introduced by Federal Law No. 589-FZ of December 12, 2023:

Article of  the Administrative Code

Current fines   

Fines from 23.12.2023

 

Part 2 of Article 13.11.

Processing of personal data without the written consent of the personal data subject in cases where such consent must be obtained in accordance with the legislation of the Russian (except in cases provided for in Article 17.13), if these actions do not contain a criminally punishable act, or processing of personal data in violation of the requirements for the information included in the written consent of the personal data

 

on citizens - from 6 thousand to 10 thousand rubles;

on officials - from 20 thousand to 40 thousand rubles;

on legal entities - from 30 thousand to 150 thousand rubles

on citizens - from 10 thousand to 15 thousand rubles;

on officials - from 100 thousand to 300 thousand rubles;

on legal entities - from 300 thousand to 700 thousand rubles

Part 2.1 of Article 13.11.

Repeated commission of an administrative offense provided for in part 2 of Article 13.11

on citizens - from 10 thousand to 20 thousand rubles;

on officials - from 40 thousand to 100 thousand rubles;

on individual entrepreneurs - from 100 thousand to 300 thousand rubles;

on legal entities - from 300 thousand to 500 thousand rubles.

on citizens - from 15 thousand to 30 thousand rubles;

on officials - from 300 thousand to 500 thousand rubles;

on individual entrepreneurs – from 500 thousand to one 1 rubles;

on legal entities - from 1 million to 1.5 rubles

Article 13.11.3.

Placement and updating of biometric personal data in the state information system "Unified System of Identification and Authentication of Individuals using biometric personal data" by banks, multifunctional centers for the provision of state and municipal services, and other organizations in violation of the requirements established by the legislation of the Russian Federation

 

 

Absent  

on officials - from 100 thousand to 300 thousand rubles;

on legal entities - from 500 thousand to 1 million rubles

The requirements for the form and content of a consent to processing of personal data are established by Federal Law No. 152-FZ dated July27,  2006 "On Personal Data" (“Law No. 152-FZ”) and apply, inter alia, in the case of processing personal data of citizens of the Russian Federation by non-Russian legal entities or non-Russian individuals.[1] Special requirements are established, in particular, with regard to consents to the processing of special categories and biometric personal data, as well as personal data authorized by the data subject for distribution.

The state information system "Unified System of Identification and Authentication of Individuals using Biometric Personal Data" (unified biometric system) is used to identify and (or) authenticate individuals by state bodies, local governments, the Central Bank of the Russian Federation, banks, other credit organizations, non-credit financial organizations, participants of the national payment system, persons providing professional services in the financial market, as well as other organizations, individual entrepreneurs, notaries, in accordance with Federal Law No. 572-FZ of December 29, 2022.

Banks, multifunctional centers for the provision of state and municipal services, as well other organizations in cases defined by federal laws, have the right to place biometric personal data of an individual in the unified biometric system after identification of the individual in her/his personal presence with her/his consent in a form approved by the Government of the Russian Federation.[2]


For more information please contact: Yana Dianova, Counsel, GRATA International Russia

E-mail: ydianova@gratanet.com


[1] Paragraph 1.1. of Article 1 of Law No. 152-FZ

[2] Paragraph 1 of Article 4 of Federal Law No. 572-FZ of December 29, 2022

Russia
Global
Data Protection & Privacy