Recently (Source: BBC News) it was reported that Russia are seeking to pass new laws requiring data about Russian citizens to be stored within the country, rather than in datacentres in the United States “where it can be hacked and given to criminals” (quoting MP Vadim Dengin).
At first glance this seems to be a relatively ridiculous stance to take, flimsily disguised as an attempt to protect the data of Russian citizens when actually many skeptics believe this is more about control which could lead to Russia becoming the next country with an iron-curtain firewall – much like China has operated for years. A key question is how will they enforce this in any way that would benefit Russian people?
Irrelevant of the motivations behind this move, there are potential implications for digital practitioners that need to be thought about going forward. For a start, if there is any possibility that a Russian is going to use your application and requires storing any data then that database will need to be stored in Russia. A shrewd move if Russia plans on creating datacentres, but from a practical point of view would the rest of the world want their data stored in Russia?
One option would be to develop the system so that anyone based in Russia has their data stored in a Russian version of the database. But let’s be honest, it isn’t really practical to go down this route. Where does it end? Do you have a database for each country that requires one?
At the other end of the spectrum is the consideration that you have to rule Russian customers out of your experience if they have to do any sort of account creation. For some sectors that may not be a concern. The Google’s, YouTube’s and Amazon’s of the world may decide this is a risk worth taking. But what about the investment sector, for example? Russia has a lot of wealth and ruling them out could be a big problem. Similarly, research becomes a lot more difficult. For an entity trying to undertake surveys Russia may be a key demographic but this may well rule them out of being included.
What is the reality? We think that this is likely to be a very hard thing for Russia to police and most likely they really are only targeting big companies. The only real way to enforce this is that Russian internet access becomes locked down in a utilitarian move to “protect data”, but which would actually be severely curtailing Russian freedoms online. If this is the case then any company serious about having a presence online in Russia would have to have a Russian version specifically for the purpose. Instead, what will most likely happen is that businesses will turn their backs on Russia and so we won’t need to worry anyway.