Why Russia’s LinkedIn Ban Is Not About Internet Freedoms – Forbes
By Nabi Abdullaev
MOSCOW—When access to LinkedIn was shut down in Russia earlier this month, many commentators were quick to pass judgement on what had happened. Headlines like ‘LinkedIn officially kicked out of Russia’ and ‘US Government concerned over Russia’s decision to block LinkedIn’ suggested to the casual reader that this was another example of an authoritarian state cracking down on basic internet freedoms – ones promoted, incidentally, by US software giant Microsoft. The US Embassy in Moscow fired a salvo of tweets under the hashtag #LinkedIn, saying that the Russian people deserve a government that better cares about its rights. The unspoken question was: who would be next, Facebook or Twitter?
For those willing to read past the headlines, it soon became apparent that there was another side to the story, involving less headline-grabbing issues such as court cases and legal compliance. In line with many countries, Russia updated its requirements relating to personalization of local data with a new law that came into effect on September 1, 2015. This law, which requires local storage of personal data relating to Russian citizens to be stored on servers physically located within the Russian Federation, is analogous to similar laws which have been passed in many countries over the last few years. LinkedIn is one of the major international companies to fail to comply with this law, and as such the courts have ordered it be shut down until such time as it complies.
When the law was first passed there was some uncertainty over the specific target of the law: the draft version was deemed to be very broad and guidance provided by the relevant regulator and internet oversight watchdog, Roskomnadzor, was limited. Many companies including Viber, Ebay, and, reportedly, Google nevertheless complied and moved or started moving servers containing the relevant personal data to Russia. Others, such as Facebook, Twitter and LinkedIn, decided not to comply with the new requirements. Some expressed concerns that requiring the major social networks to move their Russian users’ personal data onto Russian territory would facilitate the security services’ ease of access to a vast trove of citizens’ personal information and networks. Roskomnadzor sued LinkedIn for non-compliance, and won its case twice, first in a lower court in August and then again in a Moscow city court in November. At this point access was blocked.
This is not the first time that Russian courts have blocked website access, including to the country’s top movie-distributing torrent sites and even, briefly, the Russian version of Wikipedia. Users (then and now) quickly learned how to circumvent such bans with the click of a mouse. While direct access to the LinkedIn website is blocked, the mobile application remains available both in the AppStore and in Google Play, and the network’s e-mail service continues delivering messages sent via its website. But with just 2.4 million registered users, or about one half of one percent of the network’s global membership, LinkedIn perhaps decided to exhaust its legal options first. Roskomnadzor said in November that it will unblock the site when the company complies with Russian legislation, namely by moving Russian users’ data onto Russian soil and by amending its user agreement that states that the company collects not only personal data of its users but also personal metadata (IP-addresses and cookie files) of its website’s visitors. In the United States, cookies are not regarded as personal data as they define a device used to browse the internet, not a user. But the Russian approach is consistent with new European Union personal data protection regulation that defines certain types of cookie files as personal data.
LinkedIn confirmed to the Russian Interfax news agency shortly after the blocking that it is considering talks with the Russian regulator to find a solution. Meantime, the blocking move has stirred speculation in certain quarters over whether other US internet companies, such as Facebook and Twitter may be the regulators’ next targets. We believe this is unlikely.
Firstly, if the Russian government wants to shut down domestic access to these internet resources, they have the legal tools and technical capabilities to do so at a moment’s notice, without providing much of a reason or following due process. If they want to send a message to Facebook, for example, to comply with the law, the government is likely to avoid the kind of international condemnation the first option would surely attract, and simply lodge a formal lawsuit in a Russian court, as it did in the case of LinkedIn. The fact that the government has not done this, almost 15 months since the law took effect, suggests that this issue is not a current priority for the authorities at this moment.