Vladimir Putin has signed legislation that steeply raises the fines on Internet companies that repeatedly refuse to surrender decryption keys to the Federal Security Service. According to the new law, the Russian state can now fine tech firms between 2 and 6 million rubles ($31,100 and $93,340) for declining to share information that would allow the FSB to read users’ private correspondence.
The legislation also raises penalties for refusing to localize Russian users’ data by storing their personal information on servers located inside Russia. First-time violations of these regulations can now result in fines between 1 and 6 million rubles ($15,550 and $93,340), while repeat offenses can be punished by fines between 6 and 18 million rubles ($93,340 and $280,025).
Current regulations stipulate fines as high as 1 million rubles for failure to provide decryption keys to the FSB when requested. There are no written bylaws specifying fines for repeat offenses. Refusing to localize user data in Russia is currently punishable by fines as high as 5,000 rubles (about $77). In April 2019, Russia slapped both Twitter and Facebook with 3,000-rubles ($47) fines for this violation.