Novelties in Russian criminal law on liability for personal data breaches

This article presents the results of the first critical legal analysis of a novel provision in Russian criminal law that penalizes anyone who engages in the illegal use, transfer, collection, or storage of computer information containing personal data, as well as in the creation and management of information assets designed for the unauthorized storage and distribution of such data. The major flaws and contradictions in Article 272 of the Criminal Code of the Russian Federation were exposed, and potential solutions of certain problems associated with its enforcement were proposed. Theoretical recommendations were developed to strengthen the legislative measures targeting breaches of computer information containing personal data of minors, special categories of personal data, or biometric personal data. Some challenges that may arise when categorizing acts involving the cross-border transfer of computer information containing personal data and the cross-border flow of computer information carriers holding personal data were identified. The findings contribute to improving the criminal law framework for safeguarding personal data and advancing the Russian criminal law doctrine on liability for cybercrimes.

1. Ishchuk Ya.G., Pinkevich T.V., Smolyaninov E.S. Tsifrovaya kriminologiya [Digital Criminology] Moscow, Akad. Upr. MVD Ross., 2021. 242 p. (In Russian)

2. Russkevich E.A. Violation of the rules of centralized management of technical means of countering threats to information security. Journal of Digital Technologies and Law, 2023, vol. 1, no. 3, pp. 650–672. https://doi.org/10.21202/jdtl.2023.28.

3. Begishev I.R., Kirpichnikov D.V. Problems with protecting personal data in criminal law. Ugolovnaya Yustitsiya, 2020, no. 15, pp. 11–16. https://doi.org/10.17223/23088451/15/3. (In Russian)

4. Ilin I.G. Personal data in artificial intelligence systems: Natural language processing technology. Journal of Digital Technologies and Law, 2024, vol. 2, no. 1, pp. 123–140. https://doi.org/10.21202/jdtl.2024.7.

5. Shutova A.A. Social conditionality rules on the existence of criminal liability for the infringement of personal data. Yuridicheskaya Nauka i Praktika: Vestnik Nizhegorodskoi Akademii MVD Rossii, 2015, no. 4 (32), pp. 332–335. (In Russian)

6. Ryasov A.I. Some features of crime qualification in the case of competing criminal law norms. Gumanitarnye i Yuridicheskie Issledovaniya, 2013, no. 2, pp. 66–69. (In Russian)

7. Kozhokar’ I.P. Linguistic defects of legal regulation. Yuridicheskaya Nauka, 2019, no. 8, pp. 3–7. (In Russian)