The Federation Council of the Russian Federation is actively drafting a new version of the personal data protection bill, proposing higher fines for breaches of citizens’ information. This development was reported by News, a publication that monitors legislative moves and policy changes in the country.
The article notes that the earlier draft contemplated penalties of up to 2 million rubles and could include imprisonment for as long as ten years in cases deemed especially serious.
Artem Sheikin, a member of the Federation Council’s constitutional committee and a deputy head of the council on the development of the digital economy, stressed that the operators and platforms that process or disseminate personal data should bear full responsibility under the law. The ongoing process of refinement he described reflects a push to strengthen accountability in the digital sector.
Under the current iteration, the proposed penalties are set at fines of up to 700 thousand rubles, with possible imprisonment or compulsory labor for up to five years. When the data disclosure involves a group of individuals, the draft envisions fines reaching as high as 3 million rubles and prison terms up to ten years, highlighting a tougher stance on coordinated or organized leakage schemes.
Alexander Khinshtein, the former chairman of the State Duma Committee on Information Policy, Information Technologies and Communications, indicated that those who draft liability measures for data breaches will continue discussions about the latest versions of the documents. The aim is to elevate the consequences of personal data leaks to criminal liability levels, signaling a clear intent to deter violations through stronger legal remedies, as reported by News.