Russian lawmakers on Tuesday approved a bill that would place restrictions on Russians' personal data being transferred abroad and require entities planning on doing so to notify the communications regulator in advance.
The law, passed in its second reading by the lower house of parliament, or State Duma, is one of several the government has been working on as Russia deals with the fallout from hefty Western sanctions imposed in response to Moscow's military campaign in Ukraine.
"Current legislation practically does not regulate the cross-border transfer of personal data, which poses a significant threat in the current foreign policy situation," read an explanatory note accompanying the bill.
The bill's authors say more than 2,500 entities registered in Russia handle personal data and transfer them to other countries, including "unfriendly" nations that have imposed sanctions.
Companies wanting to transfer data abroad will have to notify the regulator, Roskomnadzor, for each country - a measure that was softened after a raft of internet companies objected, according to the business outlet Forbes.
Roskomnadzor considers countries that are party to Council of Europe data protection regulation as offering adequate safeguards, along with 29 other mostly African and Asian countries, but not the United States.
Among the "unfriendly" countries approved by Roskomnadzor are numerous European members of the NATO defence alliance as well as Australia, Canada, Japan and New Zealand.
The draft still needs to pass a third reading in the Duma and a review by the upper house before President Vladimir Putin can sign it into law.
