Daria Nikolaeva is currently studying a MSc. in International Marketing at King’s College London. She also holds a BSc. (Hons) in Management from Plekhanov Russian University of Economics and MSc. (Merit) in Management of Information Systems and Digital Innovation from The London School of Economics and Political Science. Her research interests lie in the field of digital marketing, big data, and social computing.
18/11/2016 – Russia’s Federal Service for Supervision in the Sphere of Telecom, Information Technologies and Mass Communications (Roscomnadzor) sued LinkedIn for the violation of Personal Data Law. The company was accused of failure to transfer Russian citizens’ personal data to servers located in the Russian Federation. On Thursday, November 17, Moscow City Court has approved the claim and included the LinkedIn website in a special registry which entails blocking the access to LinkedIn online sources in Russia within next couple of days.
Russian Federal Law No. 152-FZ on Personal Data was amended in September 2015. The new law mandates that operators which perform Russian citizens’ personal data processing must do it using databases physically located in Russia. In other words, the personal information of Russian citizens must be kept on servers housed in the territory of the Russian Federation. The range of operators includes Russian companies, foreign companies with official representation and affiliates in Russia, and those without official representation, but carrying out business that targets Russian customers. The Russian Ministry of Communications and Mass Media clarifies that the new law does not impact any regulations regarding cross-border data transmission. Therefore, Russian citizens’ personal data may be transferred out of Russia as long as other Russian laws regarding personal data are followed. This means that Russian citizens’ personal data first must be processed in a Russian database (“primary database”), but then may be transferred to other databases outside of Russia (“secondary databases”). LinkedIn did not comply with the regulation and did not localize Russian citizens’ personal data, pointing out that “users are, in fact, virtually located outside of the Russian Federation, where they contribute their personal data.” Paradoxically, how often global e-businesses nowadays blindly believe in the separation of virtual from the regulation, political circuits, and power issues, even having such bright cases as Chinese or North Korean censorship of the Internet and many other examples in their minds.
Ideas about power relations within cyberspace have been debated for a long time now. Rooted in Foucault’s works on discipline and politics, the question of whether the Internet and cyberspace are independent of control and power relations, or whether they are an object of the regulation of any particular sovereign, continues to be an emerging matter. Even though Foucault did not write about the Internet explicitly, his essays and books can be a helpful starting point to investigate “the catechism of Internet inviolability” (Boyle, 1997; Zuboff, 1988; Mingers and Willcocks, 2004). At the beginning of the 1990s, cyberspace was imagined alternatively as an “electronic frontier”, where free thought and egalitarian associations would overcome political powers (Hurwitz, 1999). The libertarian view considered that the Internet, becoming a center of power, created a new sociopolitical identity for its users – a netizen (merging the words “Internet” and “citizen”). However, these utopian visions of cyberspace’s detachment from the political circuit have been widely condemned by skeptics. Boyle (1997) criticizes digital libertarianism’s beliefs concerning the state’s supposed inability to regulate the Internet. He argues that there are many ways in which the state can use privatized enforcement and state-backed technologies to evade some of the supposed restraints on the exercise of legal power over the Internet. There are many examples of how the Internet and technology are not simple information and communication channels nowadays, but solid instruments that can enhance states’ power potential and become sources of significant risk for many businesses.
Out of LinkedIn’s 433 million users worldwide, 6 million users are from Russia; almost all Russian HR-specialists use the network to access local and foreign recruitment markets. Industry experts consider that the website blockage will not have a devastating effect on the company, as there are many ways to circumvent restricted access (e.g., VPN) which are not restricted by the Russian government. However, some unpleasant consequences for LinkedIn undoubtedly exist: the company may face the slowdown in the number of new Russian users, negative publicity, reputational risks and the possible rise of similar services from competitors. LinkedIn’s press office announced that the company is currently negotiating personal data localization issues with Roscomnadzor representatives, trying to solve the problem as soon as possible.
Mowshowitz (2002) considers that the main reason why cyberspace cannot exist autonomously from the governance of political forces lies in the changes of power distribution. Virtualization deepens globalization and weakens the power of government to maintain control over business. For example, virtualization makes it possible for a company to move its headquarters offshore to reduce tax payments. Nowadays even small companies, equipped with ICT, can virtually access international markets and exploit business opportunities on the global scale. In the modern world, corporations, not governments, become the main power holders. Political forces, faced by a decrease in the authority, try to find ways to spread their influence over the virtual space. The word virtual essentially means “not physically existing as such but made by software to appear to do so.” Ironically, the weakest point of virtual space is that it is connected to the real world by technology (in the case of LinkedIn, by data centres); in order to influence virtual space, the government might choose to regulate the technology, for example, by restricting its location.
The rationale of Russian citizens’ personal data localization, as officials stated it, was to provide national “digital sovereignty“. Interestingly enough, according to the BBC’s law review, only 30% of Russian personal data operators processed data in Russian databases, while the other 70% stored it somewhere abroad in 2015. So is this situation really about “digital sovereignty” or about the attempt to keep the diminishing power over Russian citizens’ personal data?
Nevertheless, recent technological breakthroughs, like blockchain technology, for example, can eliminate the need for traditional regulatory structures and completely change the role of the state as the main power holder. The future will show who wins this power race. At the meantime, companies should remember that virtual does not always mean virtue – there are no doubts that the government’s tendency to intervene and influence the virtual space exhibits a serious risk and requires close attention from companies.