1.11. Data Regulation Concept: a Business Perspective

Thursday, May 16
16:00 - 17:30

Hall #7, General Staff Building (6-8, Dvortsovaya sq.)


Big data analysis technologies and algorithms offer solutions for a wide variety of tasks, so the big data market has the potential for large-scale growth. The volume of the big data market is estimated to constitute 300 billion rubles and 1.5% of GDP growth until 2025. Currently, there are god circumstances for such a development, however, excessive and harsh regulation can downplay all the advantages Russian technologies for processing big data have now.

Occasional changings of several norms and institutions are needed for realization of big data-related opportunities for citizens, the state and economy, These measures will help to maintain user control over the usage of personalized data and at the same time will contribute to the growth of the global competitiveness of the Russian big data market.

The discussion session will consider the following issues:

  1. Legitimate interest. The concept of legitimate interest in data processing. Article 6.1 of the GDPR defines the legal grounds for processing data without user consent including processing carried to protect the legitimate interests of the controller or a third party. Is this principle applicable and necessary for Russian regulation? Is it possible to exercise the right of a citizen to change (expand/withdraw) processing purposes after giving one's consent or to give consent to a variety of purposes and processors?
  1. Clarification of the concept of "incompatible processing purposes". Evaluation of the compatibility of aims in automated processing (the nature and volume of data; reasonable expectations of the subject; the nature of the relationship; possible negative consequences; depersonalization measures, the adequacy of measures for personal data protection).
  1. The concept of a trusted third party. The possibility of delegating the collection of consents for personal data processing to third parties, the procedure for establishing and the list of requirements for companies that will collect consent in the interests of a third party.
  1. Remote interaction. Expansion of existing mechanisms of remote interaction with the citizen (for example, by means of a simple electronic signature) for granting consent of citizens to data processing by means of SMS-messages, e-mail, filling forms on a website, etc.
  1. Depersonalization. The existing concepts and regimes for depersonalized data in the current legislation do not meet the level of technology development. Can the term "anonymized data" be understood as data (sets of data) that do not allow the identification of a user to whom such data relate?
  1. Database ownership. How to reach a balance between the extension of intellectual property rights on databases and the right of access to information? Providing access for foreign companies to the processing of open data in compliance with the requirements that apply to residents of the Russian Federation. Is it possible to establish additional requirements for foreign companies?


Anna Serebryanikova

President, Big Data Association


Steven Crown

Vice-President, Microsoft Corporation

Nikita Danilov

Chief for relations with executive bodies, MegaFon PJSC – Head of the Legal and Compliance Committee, Big Data Association

Igor Drozdov

Chairman of the Executive Board, Skolkovo Foundation

Iskender Nurbekov

Executive Director Ecosystem Development Department, SberX, Sberbank

Vladislav Onishchenko

Head, Analytical Center for the Government of the Russian Federation

Dmitry Petrov

CEO, Cometrica LLC

Alexander Savelyev

Associate professor of Higher School of Economics, Legal Counsel of IBM Russia/CIS

Savva Shipov

Deputy Minister of Economic Development of the Russian Federation

Dmitry Ter-Stepanov

Chief of Regulatory Affairs, ANO Digital Economy, Russian Federation

* The Programme may be subject to change