Russian authorities have ordered popular dating app Tinder to comply with government requests to hand over messages and photos of its users in Russia, BBC reported. Tinder has been added to a Russian government database called Register of Information Dissemination Organisations (ORI), which requires them to store data on Russian servers for six months. There are currently 175 companies on this list. Under Russian law, these companies are required to give data to the police or intelligence agencies even without a court order.
Popular messaging app Telegram was banned in Russia last year, after it refused to comply with a similar direction from Russian authorities. Encrypted instant messaging service Threema also refused to comply with FSB requests, but as of now they have not been banned in Russia.
What is the legal basis for demanding this data?
Russia’s data retention law, which was a part of a legislative package termed Yarovaya laws, came into force last July. It required telecom providers in the country to store details of people’s communications for the benefit of the Russian intelligence services. Unlike certain European data acquisition and retention laws, including UK’s Investigatory Powers Act, Russia’s law seeks to collect the content of communications, not just the usual metadata about who was contacting whom, and when. Under the new rules, operators have to store customers’ text messages, phone calls and chat activity for six months on Russian servers.
According to Russian laws 97-FZ and 374-FZ, companies added to this database must hand over data to Russian police or intelligence agencies such as the FSB upon request, with or without a court order, to help with investigations into terrorist and national security cases.
What if Tinder doesn’t comply?
Tinder doesn’t have a choice but to comply with the directions of the Russian government if it wishes to operate in the country, even though Tinder officials said that they had “no legal obligation” to do so, ZDNet reported. Another Tinder spokesperson told ZDNet that while the firm had agreed to comply with the government’s directions, it would “in no way share any user or personal data with any Russian regulatory bodies”.
Why is this relevant for Indian users of the app?
Russia’s data retention law says that data on Russians should be stored within the country, and India is moving in the same direction. The data mirroring clauses in India’s Personal Data Protection Bill, 2018 require companies to store a copy of Indian users’ data on servers within India.