Over the years, among the trends in the Russian regulation of the internet, has been the implementation of rules aimed at protecting minors from specific types of online content. In particular, in September 2012, the Russian legislative landscape encountered a number of changes. One such change was the amendment to the Federal Law of 29 December 2010 On Protecting Minors from Information Causing Harm to their Health and Developments ('the Minors Protection Law'). The legal amendments established the system of age ratings for online content, the criteria being whether the content is suitable for children below six years old; for children of six years old; 12 years old, 16 years old; or whether the information is prohibited for children (18+). In addition, related amendments were also made to advertising legislation regarding the obligation to use age ratings for advertising of the content.
The amendments imposed additional obligations on businesses operating in various content related industries, resulting in the necessity to set internal practices on age ratings, in particular in cases of publishing the content on the internet.
As such, Russian law provides for various obligations for ensuring information safety for minors on the Internet. However, various groups from time to time make new initiatives, including for example, the registration on social networks with the use of passport (ID) details. Nevertheless, recently a commission of the Russian Council of Federation, the upper chamber of the Russian Parliament, has published the Draft Guidelines.
The Draft Guidelines specifically recommend that businesses should take a number of administrative and organisational measures and use technical means and software to protect children from the information causing damage to their health and/or development.
The Draft Guidelines also recommend implementing measures, which are provided by the Order of the Russian Ministry of Network and Mass Communications of 16 June 2014. In this regard, the Draft Guidelines specifically indicate the following recommended measures (also in view of the effective legislation):
- adoption of internal company regulations dealing with the data security of minors;
- internal monitoring of Russian legislation as well internal compliance of the internal measures of data security with the principles of protecting minors and related criteria of age marking;
- an internal procedure for dealing with complaints relating to alleged breaches of Minors Protection Law;
- assistance in the investigation of crimes committed against minors via the use of the internet (based on the competent requests);
- development of terms / policies dedicated to exploitation of the data sources / content by users below 18;
- operation of the support service as well as exclusion of employment in this service of persons held criminally liable for crimes against minors;
- regular audits of systems of monitoring and filtration of the content prohibited for minors; and
- timely deletion of personal data of minors published on the website or service for the purpose of causing damage to health and/or developments of a minor or group of minors, as well as forwarding of the information on the person/s that published such personal data to law enforcement authorities.
The general principles of the Draft Guidelines also point out the necessity of taking a pro-active approach to increasing awareness of cyber-security, including the use of social advertising or educational activity; publication of contacts of authorities and nongovernmental organisations operating in the system of protecting minors and the development of materials focused on information security while working on the Internet.
Data sharing safety
The Draft Guidelines seek to address the issue of how data sharing safety for minors shall be dealt with in cases of the exchange of information in messengers, social networks and email applications, outlining the following:
- adopting the privacy function that only allows the display in search results of the following information from profiles of minors' accounts: name and surname, one photo and date of birth;
- ensuring that the personal data of minors in the form of geotags, phone numbers and education facility is excluded from public access;
- including in the registration form the information on the age of the user. If the user marks that he/she is under age, the Draft Guidelines recommend the possibility of the joint managing of the account by the parents (legal representatives);
- allowing users to pre-moderate comments by other users intended for publication on their profile;
- ensuring the default function of restricting access to the content prohibited for minors;
- developing parental control measures, allowing parents to monitor list of friends, location of the minor and his/her activity;
- developing a mechanism of using age warning markings in case of access to profiles of communities or channels with content restricted among various age categories of minors'
- developing functions which allow a user to make a marking, 'prohibited for minors,' in cases of publications and content dissemination;
- excluding dissemination among minors of advertising aimed at enrolling minors in illegitimate activities or political activities, as well as excluding advertising of content non-desirable for children; and
- developing terms of using the web-site or service as a channel of exchanging information.
Measures for website providers
The Draft Guidelines also look to address specific recommendations for websites that unilaterally provide data to users, such as news. Among such recommendations is the use of age ratings for various types of content, depending on which content is subject to rating, as well as the use of a complaint procedure in cases where there is the possibility to publish commentaries by users.
The Draft Guidelines indicate that the administrator of the website is responsible not only for the control of the information on their website, but also for the information on other websites used by the administrator.
Measures for online shops and other internet services
For online shops and other similar internet services, the Draft Guidelines propose that the following steps should be taken:
- where the sum of purchase of goods aimed for children (e.g. toys) exceeds RUB 500 (approx. €7), information on the necessity of parental consent shall be present;
- in cases of sale of content subject to the age-marking (e.g. a game), the website administrator needs to request additional information, in particular, the age of the buyer;
- use of a short description of products with indication of age marking; and
- development of parental control measures, allowing parents to monitor records of services rendered to minors/record of previous purchases.
Measures for search engines
As for search engines, it is advised under the Draft Guidelines that they should do the following:
- use warnings for the websites appearing as result of search;
- develop safe searches allowing the restriction of access by minors to prohibited content;
- exclude personal data of minors in the form of links to social network accounts from search results; and
- use content filtration means.
Measures for websites containing data prohibited for minors
It is recommended that for the websites that contain content prohibited for minors, for example having 18+ marking, a user needs to undergo registration for access by indicating his/her full name, phone number and age. Furthermore, the advertising of such websites shall be excluded for an undetermined group of users, since minors may be among them.
What to expect?
While some of the provisions of the Draft Guidelines are based on the already effective legislation (in conjunction with European legislation), some of them may give rise to various concerns from the perspective of their technical implementation, legal considerations and additional obligations on the businesses in the relevant industries. Currently, public discussions around the Draft Guidelines are taking place, therefore, it remains to be seen whether the specific provisions of the Draft Guidelines will mature into new law and how such a law will be developed and applied in the future.
Originally published in the Data Protection Leader by Cecile Park Publishing Ltd. Volume: 15 Issue: 7 (July 2018)