Roskomnadzor has issued an administrative protocol against the Yandex.Food service for breaching personal data laws, according to a report referenced by RBC via the department. The action highlights concerns over the handling of user information within the platform and the potential implications for privacy protections in Russia.
The protocol points to a violation involving the leakage of users personal data. The department noted that the final penalty will be set by the court, and it could reach up to 100 thousand rubles, underscoring the seriousness of the data protection issue and the authorities commitment to enforcing the rules around personal information. The incident also led to a temporary restriction on access to a map feature that displayed user data on the service site, reflecting regulatory prudence in safeguarding sensitive information.
Earlier, Yandex.Food responded to reports circulating on Telegram channels and in media outlets on March 22 about a potential data leak. Company representatives stated that personal details of users, including phone numbers, names, and delivery addresses, were exposed on a special map resource. They added that the breach had been reported by Yandex.Food on March 1 and that all affected users had been notified by email at that time, emphasizing proactive communication and remediation efforts.
The exposure of user data on the Yandex.Food platform was first publicly disclosed on March 1 and was attributed to a case of misconduct by an employee acting in bad faith. In response to the incident, Roskomnadzor asserted that measures to strengthen the handling and storage of personal information had been tightened and that legal action had been pursued against the individual responsible. This episode illustrates the ongoing challenges companies face in protecting user data and the vigilance of regulators in enforcing data protection standards across digital services.
From a regulatory perspective, the case serves as a reminder that personal data safeguards apply to a broad range of online services and that authorities expect transparent incident reporting, swift remediation, and clear accountability. For users, it reinforces the importance of promptly monitoring communications from service providers after any suspected data exposure and the value of strong privacy practices in choosing which platforms to trust with sensitive information. The broader implication is a push toward stricter compliance frameworks and more robust technical safeguards that minimize the risk of data leaks in the digital economy. As the situation unfolds, stakeholders will watch how the court determines penalties and how the service reinforces its privacy controls to restore user confidence. This development also underscores the role of media and public discourse in amplifying awareness about data protection obligations and the consequences of lapses in privacy management, both for organizations and their users.