Russia may be shooting itself in the foot by making foreign companies store all personal data within its borders.
What’s the price a country is willing to pay to keep its citizens safe from hackers? For Russia, that price may be $5.7 billion, according to a report this week from a European think tank.
A Russian law that goes in effect in September would effectively require foreign businesses and web services to house Russian data inside the country as opposed to outside. Russian President Vladimir Putin signed the law in July in an effort to prevent Russian citizens from getting hacked, although some human rights activists believe it was designed to give government more control of Internet use in the country.
The problem is that this stringent data law could hurt Russia’s manufacturing and services industries and make foreign businesses think twice about investing in the country, according to the European Centre for International Political Economy, which published the report.
The think tank estimates that Russia’s GDP could fall $ 3.2 billion while foreign investment could tumble $2.9 billion.
Part of the reason for this decline is because under the law, all data could potentially “be construed as personal data,” the report’s authors state.
“Any transaction on the Internet made while logged into an account is effectively personal data, and even the most harmless pieces of company data will contain information about the employee,” the authors wrote.
By lumping in all data as potentially being personal data, Russia’s existing manufacturing and IT industry could suffer. Under the terms of the law, everything from the clicks registered when someone views an online ad, to data generated from sensors in connected cars could be considered personal data.
This would impact Russia’s businesses because modern day applications and IT infrastructure essentially operate by funneling data from myriad sources from all over the world. The authors state that “Manufacturing depends on real-time connection with its suppliers, market places, and transporters; service industries like logistics, retail, public utilities, or financial services depend on processing information to deliver to its clients; provision of healthcare and social services process more data than ever before.”
Essentially, a U.S. based marketing company that tracks ad clicks would potentially be unable to record how many Russian citizens click an ad, unless it built a data center inside the country or had some other means to keep the data in Russia.
The authors believe this would have a trickle down effect to the Russian economy, resulting in fewer companies wanting to do business with Russia.
However, at least some foreign companies are willing to comply under the terms of the new law. A report by the Wall Street Journal in April said that Google GOOG has already moved some servers into the data centers of Rostelecom, a Russian telecom company.