The Federal Law is aimed at ensuring the legal protection of personal data against threats related to unauthorised access, dissemination and use of these data for criminal purposes.

In this connection, the Criminal Code of the Russian Federation is supplemented with Article 2721, which establishes liability for the unlawful use, transfer (dissemination, provision and access), collection, and storage of personal data obtained through unauthorised access to data processing networks, or by otherwise tampering with these systems or other illegal methods.

Increased liability is stipulated if these acts are committed against the personal data of minors, special personal data categories or biometric personal data, (including when motivated by personal gain, causing significant losses), by a group of persons through prior collusion or by the abuse of official position. Strict liability is stipulated if such acts are committed by an organised group or entailed grave consequences.

Article 2721 of the Criminal Code also applies to individuals who transfer computer information containing personal data to foreign citizens, foreign organisations or foreign state agencies, as well as those who conduct cross-border transfers of such data carriers.

In addition, criminal liability is stipulated for creating and administering websites on the internet and on other online platforms, as well as software designed specifically to illegally store and transfer unlawfully obtained personal data.

Under the Federal Law, the provisions of the new article of the Criminal Code do not apply to cases when personal data are used solely for personal or family needs.