Risks in concluding consent to personal data processing

26 September 2024

The fine for the absence or incorrectness of a consent to the processing of personal data has been increased. It now amounts to 700 thousand rubles for the first offense and 1.5 million rubles for a repeat offense.

In this article, we will look at how to most safely draw up a written consent, what mistakes are most common and what can help in the event of claims from Roskomnadzor.

Roskomnadzor looks in practice at the reflection in the form of the necessary provisions of the law «On Personal Data».

Part 4 Art. 9 of the Federal Law of 27.07.2006 No. 152 «On Personal Data»

Indication of the data subject. The law specifies that it is necessary to indicate passport data (full name, registration address, number, date, issuing authority of the document). We do not recommend specifying data that are unnecessarily described, such as e-mail, phone number, residential address, Roskomnadzor may consider this as collection of personal data not provided for by law.

CAO RF Article 13.11 Violation of the legislation of the Russian Federation in the field of personal data

Indication of the operator. We recommend in this case not to limit yourself to the requirements of the law (full name or name of the organization, address). It will be useful to include data on TIN and MSRN (main state registration number), it will warn you against changing the address or name, if changes are not made in the agreement, Roskomnadzor may consider it as an inability to identify the operator, which will also be a violation.

Purpose of the agreement. Roskomnadzor requires one agreement to fulfill one purpose. The agency considers that the law provides for a single purpose. You can expand the single purpose also with tasks that do not require written consent. It is also advised to formulate the purpose as specifically as possible, describing it in detail. If it is an employment relationship, you can specify, for example, «conducting an employee performance evaluation,» «providing corporate benefits,» «issuing personalized corporate products.»

List of actions. The consent should exhaustively specify the list of actions that the operator intends to carry out. It is not recommended to include all actions from Article 3 of the Law «On Personal Data», Roskomnadzor may pay attention to this. It is safest to adjust the list of actions depending on the needs of the agreement.

We also recommend that the terms «distribution» and «depersonalization» should not be used. Distribution requires separate consent, and the term depersonalization, as the agency believes, commercial organizations cannot carry out such a procedure, as the law does not provide for cases when it is necessary. (Roskomnadzor Order No. 18 of 24.02.2021 )

Term of validity of the agreement

Roskomnadzor requires that the agreement has a certain term, or a termination condition. So, it will not be possible to use auto prolongation or make the agreement indefinite. It is also recommended not to set a long term for agreements, as the law requires that terms be set depending on the functions, powers and duties assigned to the operator. Also, the term should be consistent with the purpose of the agreement.

Clause 2 part 1 of Article 6 of the Federal Law of 27.07.2006 No. 152 «On Personal Data».

News

Unexpectable decision of Russian court about admission the decision of foreign court legal in Russia.
Legislation news

In this article we will tell you about how Arbitration Court in Saint-Petersburg admitted the decision of German court legal. The amount of this lawsuit was about 150 000 euros. However, the defendant submitted the appeal claim to this decision and the end results are not known now.

More
How new contract can restart the term of limitation in old debts?
Legislation news

We will tell you about situations, in which the contract with retroactive effect can be helpful for debts recognition.

More
How to avoid the admission that transaction is simulated?
Legislation news

We want to tell you how to protect your transactions from the admission them simulated by tax authorities.

More
How to avoid the transaction, which was concluded due to a mistake or under the misapprehension?
Legislation news

In this article we will tell you about how to admit the contract is void, because of the fact that this contract was concluded by mistake or under the misapprehension.

More
New trends in labor disputes: the Supreme Court supports companies in disputes with bad faith employees
Legislation news

In this article we will tell you about new decisions of the Supreme Court, where it took the side of employers in labor relations and admit employees’ actions in bad faith.

More
Which terms and conditions of the contract can be excluded from it?
Legislation news

We will tell you how to exclude from the contract some clauses, which the law does not prohibit there, however, they are not beneficial

More
The Supreme Court creates new practice on the issue of the exclusion of a participant from a limited liability company even if his share is 50% and more
Legislation news

We will tell you about the new practice, which is increasingly being created by the Supreme Court of the Russian Federation

More
How can advertising attract employees of the Federal Antimonopoly Service instead of customers and how can you minimize the risks of this?
Legislation news

We will share with you information about risks minimization of advertising on different services, and avoidance questions from the Federal Antimonopoly Service about your advertising

More
Why do courts not recognize unilateral refusal, when a company repudiates a contract?
Legislation news

We want to discuss, why Russian courts take a negative position in situations, where a company unilaterally refuses to fulfill its obligations under a contract

More
Supreme Court ruling on the Bank's unlawful refusal to forcing conversion
Legislation news

In this article we will discuss the recent ruling of the Supreme Court of the Russian Federation

More
More news