Журнал ЗАКОН

The paper is focused on legitimate interest of the data controller as an independent basis for processing personal data without the consent of the person, which currently remains underestimated in Russian case law despite its significant potential. The author argues that legitimate interest can become a flexible and universal tool for legitimising the processing of personal data, especially in the context of the crisis of the consent-based model for personal data processing. The article examines the conditions for applying this basis (the concept of legitimate interest, criteria for the necessity of processing, and the non-violation of the rights and legitimate interests of the subject) taking into account existing case law and guidance from Roskomnadzor. To enhance the effectiveness and universality of applying legitimate interest, the article proposes a clear distinction between this basis and other grounds for processing, such as the performance of a data controller’s functions and obligations. As key criteria for ensuring the protection of the rights and legitimate interests of data subjects, it is suggested to consider their reasonable expectations and ensure data confidentiality. To prevent abuses associated with the use of legitimate interest, it is proposed to emphasise its subsidiary nature, whereby it cannot be used to bypass the existing (more specific) grounds for processing. Additionally, the article substantiates the need to limit its application exclusively to private data controllers, excluding its use by state and municipal authorities.

---

Keywords: legitimate interest of the data controller, consent of data subject

This article addresses the legal nature of the data processing agreement, its mandatory terms, and certain aspects of the legal status and liability of the data processor. The author analyses gaps in the legislation with a view to potential risks for businesses arising from the data processing agreements and offers practical recommendations for drafting these agreements.

---

Keywords: personal data, data processing agreement, controller, processor

The article introduces readers to the German concept of the „central area of private life“ (Kernbereich privater Lebensgestaltung). This concept formulated by the Constitutional Court of Germany insists on the absolute inviolability of the most personal aspects of citizens’ lives. It is assumed that the invasion of the „central area“ ca nnot be justified even by the most significant public interests. The article highlights the history of the concept, its content and justification by the Constitutional Court of Germany, its practical application in the context of covert police activities and the criminal process in general, as well as its doctrinal criticism. In conclusion, the author offers some conclusions that are significant for Russian law.

---

Keywords: criminal proceedings, evidence, private life, preliminary investigation, operational investigative activities, covert investigative actions, Kernbereich privater Lebensgestaltung

The study is devoted to a comprehensive analysis of legal conflicts that arise during the processing of personal data on social networks. Based on a systematic study of Russian legislation and the evolution of case law, key problems of qualifying the status of such data have been identified. The erroneous identification of the concepts of „publicly available sources of personal data“ and „publicly available personal data“ is proved. Particular attention is paid to the contradictions associated with automated information collection (parsing) and the legal risks of using simplified consent forms. The scientific novelty lies in the development of a typology of grounds for legitimate processing of data from social networks, taking into account recent legislative changes (art. 10.1 of Federal Law No. 152-FZ „On Personal Data“). Specific mechanisms are proposed to reduce legal risks for businesses while maintaining a balance between the interests of data subjects and operators.

---

Keywords: personal data, social networks, personal data processing, dissemination and provision of personal data, publicly available sources of personal data, personal data authorised by the subject for dissemination, open data, parsing

This article examines the challenges involved in applying Belorussian personal data protection laws to Russian companies acting as authorised entities for Belorussian operators. The study focuses on interpreting Article 7 of the Belorussian Data Protection Act, analysing the practical difficulties that Russian companies face when trying to comply with the security measures outlined in Article 17. The authors propose contractual frameworks for data processing agreements between Belorussian operators and Russian authorised entities to mitigate legal risks and ensure regulatory compliance. The research also highlights jurisdictional conflicts and suggests approaches to harmonisation, drawing on international standards.

---

Keywords: personal data, cross-border processing, regulatory requirements, Belorussian legislation, authorised entity, data controller, data processing agreement

In today’s digital society, there is a paradox of privacy: despite statements about the importance of privacy, users often neglect measures to protect their data and even voluntarily disclose them for insignificant benefits. This phenomenon is especially relevant in the context of digital payment transactions, where user data is becoming a valuable resource for financial institutions. The article examines the problem of monetisation of payment data, analyses the contradictions between the right to financial confidentiality and the need for the development of FinTech services. Approaches are proposed to create a fair data monetisation mechanism that takes into account the interests of both consumers and financial organisations.

---

Keywords: personal data, user data, the right to privacy, financial confidentiality, monetisation of data, financial technologies (FinTech)

The article studies the matter of finding the optimal legal regime for different categories of data. Legal problems related to the turnover of big data arise due to the lack of a unified legal framework for regulating the turnover of big data, a variety of data sources and ways to use them. Based on the analysis of regulatory legal acts, current judicial practice and legal doctrine, the authors offer recommendations for updating current legislation in the field of local regulatory regulation of acts containing ethical rules in the field of data analytics and the use of artificial intelligence in labour relations, and also deternination of the legal regime for the protection of big data with due regard to the development of new technologies, as well as the development of internal ethical rules of organisations working with big data.

---

Keywords: big data, data turnover, legal regime

The article discusses current legal problems of biometric personal data protection, such as lack of legal clarity in biometric data definition, leading to negative consequences of inconsistencies in regulatory legal acts and violations of the human right to privacy. In order to establish effective mechanism of human rights protection in biometric identification in Russia author analyses biometric personal data protection regulations, in general, and behavioral biometrics, in particular. Author also addresses foreign legislation of the US, China and the EU, demonstrating different models both in biometric personal data protection and in balancing of constitutional values. Using constitutional mechanism of protecting privacy right and principle of a fair balance between private and public interests author argues a necessity to allocate behavioral biometrics in a separate group of personal data, develop approaches to the system and principles of categorisation of biometric personal data based on diversification of human rights risks, allowing to introduce restrictions based on higher level of state paternalism for this personal data, as well as consistency of administrative, civil and criminal legislation in biometric personal data.

---

Keywords: biometric identification, biometric personal data, privacy, dynamic biometrics, behavioral biometrics, human rights, dynamic personal identification, personal data

This article analyses Russia’s regulatory framework on the localisation of personal data storage amid rising geopolitical tensions and the country’s drive for digital sovereignty. The study systematically reviews the key legislative requirements mandating that operators who process personal data of Russian citizens ensure such data is stored within the Russian Federation. The article elaborates on the risk-based methodology proposed for identifying which databases are subject to localisation and how organisations can rationally evaluate compliance strategies. The author emphasises that the current legal approach is relatively flexible: initial collection and storage must occur locally, but subsequent cross-border data transfers are not entirely prohibited. The analysis includes exceptions for specific types of operators and processing scenarios. The structure of the article covers the legal basis for localisation, categorisation of affected databases and strategic guidance for compliance. The findings are particularly relevant for legal practitioners, IT security experts, and data protection officers.

---

Keywords: personal data localisation, personal data databases, Russian localisation laws, Federal Law No. 152-FZ „On Personal Data“, crossborder data transfer, digital sovereignty, data storage regulation, data storage in Russia

Personal data is considered as the main resource for learning and developing of digital technologies based on artificial intelligence and used for public interests. At the same time, among the risks that arise in connection with the creation of databases and the artificial intelligence implementation in data processing, the risks associated with the violation of the right to privacy and the processing of personal data hold a special place being the most dangerous for the human-oriented approach. In order to establish a balance between public interests and a human-oriented approach it is necessary to establish a comprehensive legal regulation of personal data processing using artificial intelligence, taking into account legal and technological aspects of such processing. This refers to the specifics of the process of anonymisation (depersonalisation) of personal data used for public interests including artificial intelligence learning and the concept of personal data rendered anonymous itself.

---

Keywords: personal data, artificial intelligence, human-oriented approach, anonymisation (depersonalisation) of personal data

In the September Legal Chronicle, read the opinions of experts on the draft law on the „lawyer monopolisation“ of judicial representation, on the 18th package of EU sanctions against Russia, on changing the regulation of participation in LLC, on a new procedure for the extrajudicial collection of tax arrears and a new basis for the seizure of land from negligent owners who do not destroy hogweed, and also about the recognition of de facto marital relations for the participants of the SVO.

---

Keywords: lawyer's monopoly, sanctions, 18 package of sanctions, participant in a limited liability company, collection of tax debts, seizure of a land plot, marital relations de facto

The author contrasts expropriation as state seizure of property from specific owners with nationalisation as state seizure of property from all private owners. The author focuses on expropriation, distinguishing between lawful and unlawful, direct and indirect; and analyses the grounds for direct lawful expropriation under Russian law. This includes property seizure for State and municipal needs, requisition, confiscation, compulsory purchase of property that cannot be privately owned, as well as neglected land plots, cultural values, and animals, and seizure of corrupt property. The author analyses the grounds for indirect lawful expropriation — regulatory takings of property rights — changes in land use regimes; restrictions on investors’ property rights. Other grounds for lawful expropriation are unknown to Russian law, meaning other possible cases of property seizure are unlawful expropriation. The author concludes that the State must pay compensation for lawful expropriation. Exceptions to the compensation rule include confiscation of property from a person who has committed a crime, as well as cases of seizure of corrupt property. The author views unlawful expropriation as a tort for which the treasury must compensate for damages. The amount of damages may exceed compensation. The author concludes that the statute of limitations should apply to all expropriation disputes, but notes that the Constitutional Court’s view as expressed in Resolution No. 49-P may serve as grounds for not applying the statute of limitations to any expropriation disputes as public law matters. The competent court for considering expropriation disputes can be either a Russian court or, if the parties agree, a foreign jurisdiction or arbitration.

---

Keywords: lawful expropriation, the requisition, the confis cation, expropriation for State or municipal needs, compulsory sale of the property, unlawful expropriation, compensation for lawful expropriation, damages for unlawful expropriation, limitation period

The article explores the legal nature of digital subscription agreements and the issue of aligning parties’ will during their conclusion. It argues for considering such agreements as a special type of complex civil law contract, combining elements of license agreements and service contracts. Particular attention is paid to the discrepancy between users’ perception of the contract’s subject matter and its legal content. Current problems in the legal regulation of digital subscription agreements are analysed, and solutions are proposed, including the implementation of the principle of informational parity and the application of a dualistic approach to assessing digital content compliance.

---

Keywords: digital subscription, will coordination, complex contract, license agreement, information asymmetry, information parity, consumer protection

The article examines the challenges associated with the application of the current legal framework, including in the process of dispute resolution, in situations where rights to insured property are transferred after an insured event in respect of such property has occurred. The author critically reviews the rule set out in Article 960 of the Civil Code of the Russian Federation, as well as its interpretation and application by courts, focusing on which party — the previous or the new owner of property — is entitled to receive the insurance compensation in such cases. The article highlights practical issues that arise when applying this provision to various types of legal relationship, often hindering the core function of insurance, which is to protect the interests of the party that has actually suffered losses as a result of an insured event. Special attention is given to the peculiarities of applying this provision of the Civil Code and the courts’ approach in the context of financial leasing (lease-purchase agreements).

---

Keywords: transfer of rights to insured property, insured event, right to insurance compensation, Article 960 of the Civil Code of the Russian Federation, protective function of insurance, lease-purchase agreements