Legal basis and areas of activity

Pursuant to Article 23 of the Federal Law On Personal Data and the Statute On the Federal Service for Supervision of Communications, Information Technology, and Mass Media, approved by the Resolution No. 228 of March 16, 2009, of the Government of the Russian Federation, Roskomnadzor's Department of Protecting the Rights of Personal Data Subjects as the Competent Authority for protecting the rights of personal data subjects executes the following functions:

1) Supervision and compliance control of personal data processing with the personal data legislation of the Russian Federation;

2) Consideration of appeals of legal entities and individuals in regard to personal data processing, as well as making decisions on the results of such consideration within the Competent Authority's powers.

When exercising these powers, Roskomnadzor as the Competent Authority for protecting the rights of personal data subjects, may:

- in accordance with the procedure prescribed by the legislation of the Russian Federation, take measures to suspend or terminate personal data processing carried out in violation of the requirements of this Federal Law;
- file a lawsuit seeking protection of the rights of personal data subjects (including protection of the rights of the general public), and appeal for personal data subjects in court;
- submit to the federal executive authority for security and to the federal executive authority for technical intelligence countermeasures and technical information protection, according to their scope of activity, information containing the description of technical protection measures, including names and information on encryption (cryptographic) tools;
- in accordance with the procedure prescribed by the Russian legislation, take measures for suspending or terminating personal data processing, when recommended by the federal executive authority for security or by the federal executive authority for technical intelligence countermeasures and technical information protection;

- request individuals or legal entities to submit necessary information for executing the Competent Authority's powers; and receive such information free of charge;
- request operators to refine, block, or remove incorrect or illegally obtained personal data;
- pursuant to the procedure prescribed by the Russian legislation, submit applications to operator licensing authorities with the aim to consider taking measures for suspending or terminating the appropriate license, if the license conditions include prohibition on transferring personal data to third parties without the written consent of the personal data subject;
- according to jurisdiction, forward materials to the prosecutor's office and other law enforcement agencies in order to consider initiating criminal proceedings for violating the rights of personal data subjects;
- take administrative actions against persons offending the aforementioned Federal Law.

3) Keeping a register of operators engaged in personal data processing.
 When exercising these powers, the Competent Authority may:
- check the contents of notices of personal data processing, or engage other public authorities for such checks, within their powers.

4) Implementing measures for improving protection of the rights of personal data subjects.

When exercising these powers, the Competent Authority may:
- submit proposals to the Government of the Russian Federation  on improving regulatory support of protection of the rights of personal data subjects;
- upon an appeal or a request, inform public authorities and personal data subjects on the situation in protection of the rights of personal data subjects.

5) Collaboration with foreign authorities for protection of the rights of personal data subjects, including the following: 
- international exchange of information on protection of the rights of personal data subjects; 
- approving a list of foreign states that provide proper personal data protection.