The FSB Seeks Expanded Data Retention Rules for Online Platforms
The Federal Security Service, known as the FSB, is pursuing fresh requirements that would compel Internet companies to retain data about payments and the geographic origins of their users. This development, reported by Interfax, is viewed as a move to tighten oversight in the digital space. The plan targets services registered with the organizers of information dissemination, signaling a broad approach that could extend beyond traditional data retention rules. Specifically, the FSB intends to amend existing regulations by adding clauses that mandate storing location data and information about payment instruments used by users. Officials describe these proposed changes as part of an effort to standardize how online platforms handle sensitive operational data and to ensure easier access for law enforcement when necessary [Interfax].
Officials argue that the absence of a binding legal obligation to retain and disclose such information creates ambiguous enforcement practices and can undermine investigative effectiveness. The government’s position, expressed through the press service, is that clearer rules would enable authorities to respond more rapidly to potential security threats and to investigate incidents with greater precision. In this context, the proposal is framed as a move toward greater transparency and consistency in how data is processed and retained for security purposes [State media briefings].
In related developments, authorities noted changes to how biometric data is handled within the Unified Biometric System. Citizens will eventually be able to submit and withdraw consents for the processing of their biometric information and to view details of those consents in their personal accounts on the State Services portal. This aspect of the plan highlights a broader push toward user-controlled visibility and management of biometric data, aligning with ongoing reforms intended to harmonize personal data practices across government services [State Services portal announcements].
Historically, Roskomnadzor has emphasized responsibility for ensuring that platforms comply with local legal requirements regarding content. In a notable development related to platform governance, the authorities have reiterated that failure to delete prohibited information can attract accountability for service providers. The evolving regulatory framework reflects a broader strategy to regulate information dissemination online while balancing public safety concerns with individual rights and the operational needs of security agencies [Roskomnadzor guidance].
Analysts observing the regulatory trajectory note that the evolving rules aim to create clearer expectations for platforms and to reduce loopholes that may impede rapid law enforcement action. The emphasis on geographic data, payment instrument details, and biometric consent marks a new layer in the ongoing dialogue about data sovereignty, user privacy, and the responsibilities of global internet services operating under jurisdictional laws. As the debate continues, stakeholders from technology, civil society, and government are closely watching how these measures will be implemented, enforced, and validated across different service categories and user demographics [expert commentary and official briefings].