Cyber crime and laws in Russia: An overview

Vidhi JainLaw

Cyber crime and laws in Russia
Cyber crime and laws in Russia

Cyber crime and laws in Russia

Continuing with the series of articles covering cyber laws of various countries, this is our fifth article. The previous articles have covered cyber crime and laws in Nepal, Japan, New Zealand and Norway. This article presents an overview of cyber crimes and relevant laws in Russia. The country has been ranked 52nd in the Human Development Index. The country has a crime rate of 1380 offences per 100,000 population. Russia was considered a technologically advanced country earlier but has not been able to keep up with technological advancement. The following sections throw light on the existing situation and Russia’s existing legal framework.

Important Statistics

Russia has the eighth-largest population in the world that can access the internet. There are 70 million active social media users in the country. Internet usage has increased due to the outbreak of Covid-19. It compelled most of the population to switch from traditional methods to online methods. According to Sberbank, a Russian bank, the country might lose close to $45 billion in 2020 due to cyber crimes. They have further estimated that the extent of loss in 2021 would be twice of that in 2020. ATM card-related crimes have increased by 500%, as per Sberbank.

Cyber Laws in Russia

1. Criminal Code of the Russian Federation, 1996

Chapter 28 of the Code contains crimes in the sphere of Computer Information. The number of crimes under this head has increased every year.

  • Article 272 talks about illegal access to computer information that is legally protected, and prescribes punishment for the same. Computer information means any message or data which is presented in electronic form. The punishment is fine of 200 to 500 minimum wages, or two to five months salary, or corrective labour for 6 to 12 months, or deprivation of liberty for up to 2 years.
  • Article 273 talks about creating, disseminating, and using harmful computer programs through a computer for ill-intended usage. The punishment is 200 to 500 minimum wages, or two to five months salary, or deprivation of liberty for up to 3 years. In cases where the consequences are grave, this duration may extend up to 7 years.
  • Article 274 talks about the violation of the rules of operation of computers, computer systems, and networks. It also provides punishment for the same. The punishment is disqualification from holding specific officers for up to five years, or compulsory works for 180 to 240 hours, or restraint of liberty for up to 2 years. In cases where the consequences are grave, this duration may extend up to 4 years.
2. Russian Federation’s Constitution of 1993

The Constitution of Russia has provided for the right to privacy for individuals since 1993. People have a right to keep their communications secret. A competent court’s order may restrict an individual’s right to privacy. Nobody can access someone else’s personal data without their consent.

3. Federal Law on Personal Data, 2006

The Federal Law on Personal Data covers everything that relates to data protection of individuals. It defines personal data as any information by which a person can be recognised easily. For example, first name, surname, address, education, profession, etc. It lays down conditions under which entities can collect and process personal data. Consent of personal data holder is necessary before processing their personal data. Even after granting the consent, the personal data holder can revoke this consent anytime. The processing will have to stop once the personal data holder revokes their consent. After receiving a revocation request, the entity shall destroy the personal data within three days. Also, once the objective of obtaining personal data is completed, it has to be destroyed.

A personal data holder has the following rights under this law:

  • Right to access information about the processed data;
  • Right to ask for the ceasing of the processing when personal data is inadequate or the processer obtained it illegally; and
  • Right to ask for the immediate ceasing of data in case of direct marketing.

This law recognises four categories of personal data:

  • Public: Personal data which is already available in the public domain.
  • Biometric: The physiological and biological traits which reveal the identity of a person come under biometric data.
  • Special: This data is specific to race, origin, religion, heath, etc.
  • Other: Any data which does not fall under the above three comes under this type

End Notes

Russia requires more stringent and specific laws for technology-facilitated crimes. A thorough reading of publicly available information is sufficient to understand Russia’s track record on internet censorship and the right to privacy. In a continuously evolving cyber space, it is ideal to hope that the existing situation improves considerably.

For contributing to our blog and knowledge base, write to us at and elaborate on how you can help us in creating a safer cyber space.