The State Duma of Russia has advanced a bill to raise fines for violations in the handling of personal data, following a third reading that solidifies the changes. The report came through the chamber’s official telegram channel, signaling the move toward stricter oversight of how sensitive information is managed in the country (Cited: State Duma communications).
Under the new provisions, publishing personal details stored in the unified biometric system and other national information resources without the subject’s written consent will face tougher penalties. This step reflects a broader push to tighten control over biometric data and identifiers used across government and private sector databases (Cited: government briefing).
Financial penalties are scaled by the category of the violator. Individuals could face fines in the range of 10,000 to 15,000 rubles. Officials would be liable for 100,000 to 300,000 rubles, and legal entities for 300,000 to 700,000 rubles. The bill also introduces steeper penalties for repeated violations, with higher sums applicable to each category: individuals may be fined 15,000 to 30,000 rubles, officials 300,000 to 500,000 rubles, and legal entities up to 1.5 million rubles (Cited: parliamentary record).
Before the bill received final passage, the Federation Council was expected to review it, and it remains contingent on presidential assent. President Vladimir Putin would need to sign the measure for it to become law, following routine constitutional procedures (Cited: presidential administration briefing).
The initiative to increase penalties for illegal processing of biometric data had earlier gained support from Roskomnadzor, the communications regulator, which backed stronger enforcement. That support helped shape the bill as part of a broader emphasis on data protection and national security concerns (Cited: Roskomnadzor statement).
Russia already has a formal framework for biometrics that was established in December 2022, when Putin signed the law creating the unified biometric system. The statute governs how biometric information is collected, stored, and used, and it recognizes the spectrum of information systems that may process such data, including the unified biometic system and related information platforms (Cited: federal law summary).
Alongside these developments, the current legal architecture prohibits forcing individuals to provide biometric information or to retain genomic data. This baseline protection sets boundaries on how personal characteristics can be compelled or stored for state or commercial purposes (Cited: constitutional data protections briefing).
In a different strand of policy, the Duma had previously proposed a requirement that certain categories of immigrants present biometric information upon entry. The aim was to strengthen border controls and identity verification, aligning immigration procedures with the broader biometric framework already in place (Cited: legislative proposals database).