On August 9, 2017, the Russian privacy regulator, Roskomnadzor, expanded its list of nations that provide sufficient privacy protections to allow transfers of personal data from Russia. Russian law allows data transfers to countries that are signatories to the Council of Europe’s Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data (the “Convention”), and to certain other non-signatory countries deemed by Roskomnadzor to have adequate privacy protections based on relevant data protection laws, privacy regulators and penalties for privacy law violations.
The new authorized countries are Costa Rica, Gabon, Kazakhstan, Mali, Qatar, South Africa and Singapore. They join Angola, Argentina, Benin, Canada, Cape Verde, Chile, Israel, Malaysia, Mexico, Mongolia, Morocco, New Zealand, Peru, South Korea and Tunisia.
The United States is neither a signatory to the Convention nor on Roskomnadzor’s list of countries with adequate privacy protections to permit personal data transfers from Russia.