Break services with two-factor authentication фз152?

Do I understand correctly that if the phone is PII, then all services that use two-factor authentication via phone (send a text) and don't store data on Russian territory - violate Russian law?

I assume that Github, Slack, and others like them in this situation. They are theoretically under the sword of Damocles lock?
April 4th 20 at 12:57
5 answers
April 4th 20 at 12:59
Like, if we are talking only about the phone number, no. Because knowing only the number, it is impossible to uniquely identify a person. If a number is stored some information, full name, passport data, Yes - violation.

P. S. but it's not exactly =)
Usually next stored Name and soap, so that coupled with the phone - will. - Elisabeth_Ku commented on April 4th 20 at 13:02
April 4th 20 at 13:01
The question is impossible to give a completely definite answer, but I thought this article on the topic:

https://habr.com/ru/company/dataline/blog/446696/

And and here for example Github? A major service and why would he be under the sword of Damocles? Can you add Facebook and other big sites? Nonsense...
Why not? what kind of logic is "if the service is large, then...". Now where's Linkedin? - tyler commented on April 4th 20 at 13:04
@tyler, do it no more ?(( - camille.Krajcik commented on April 4th 20 at 13:07
In the Russian Federation is prohibited. - tyler commented on April 4th 20 at 13:10
April 4th 20 at 13:03
what if the phone is PII

No. Only the phone number do not uniquely identify the person. But a set of "phone-name" or "phone-name-soap" (which is a common practice for many services) - it will be PD.
Most often, these sites is stored and the telephone and mail. And online handle. And the picture can be downloaded. Typed.
The point is not only how we understand what is and what is not a DD. It is important as the law/authorities understand. About this question. - tyler commented on April 4th 20 at 13:06
@tyler, well so - go and read, all laws are free :) - martina91 commented on April 4th 20 at 13:09
April 4th 20 at 13:05
Purely interested, and if a person voluntarily puts their data. For example filling your profile on github or SO
this does not obviate the responsibility of the operator - Dorcas_Tremblay commented on April 4th 20 at 13:08
@Dorcas_Tremblay, the operator is the one who hosts? Or if I'm on SO your data rasmey, formally, they will be required by the Russian laws to comply with? - Lester commented on April 4th 20 at 13:11
@Lester, no. This is a legal term. One who cultivates. Here comes a much more extensive list if You are not the host, but treated (for example, fill a certain statement assumed identities) something in common You Statement.
I'm not sure who You are SO here is very simple - if it falls under Russian jurisdiction - bound. - Dorcas_Tremblay commented on April 4th 20 at 13:14
@Dorcas_Tremblay, StackOverflow.
And how to understand to understand whether the service falls under Russian jurisdiction or not? - Lester commented on April 4th 20 at 13:17
@Lester, I can not vouch for the correctness of the answer, but I would be looking at tax residency. Where the office is registered with, where it does business. The second criterion is very conditional, especially if it is about StackOverflow. There is an important point that it's not Your headache.

You can own a smart question to ask? You are there to earn some money and are worried, do not know whether this Tax? - Dorcas_Tremblay commented on April 4th 20 at 13:20
April 4th 20 at 13:07
IF true - then Yes, you understand correctly.
BUT the fact that he is not. There are different positions in different specialists, of course. But we now believe that having only knowledge of the phone number an ordinary person could not identify anyone. Under contract with the Opsosom room actually belongs to him (though I do not know the details of this point in connection with the transition to another operator).

Now for the second part of the question. All discrepancies arise from attempts to make a milkshake with warm and soft at the state level. The state considers its citizens as a liability and stubbornly believes that information about this liability actually belongs to the state (please do not go into details of the terms then and then. Of course, PD are owned by the Person and nobody denies it. The question is, what shield is designed to protect is used as a barrier). Hence, there are incidents when a person (Person, the owner of the PDN) allegedly loses the right to dispose of his own data, to delegate operations to someone that is not included in the Registry.
PS: actually annoy me services that definitely want my cell phone number. - Dorcas_Tremblay commented on April 4th 20 at 13:10

Find more questions by tags Jurisprudence in IT