Apple has revealed some user data is being stored on Russian servers as part of its compliance with a local law which came into effect in the country in 2015.
Roskomnadzor, the Russian government agency that oversees media and telecommunications, has confirmed in a filing (via Bloomberg) that Apple Russia is to adhere to a 2014 law that requires any company handling the digital data of Russian citizens to process and store it on servers physically located in Russia.
Under Russian counterterrorism laws, Apple could be compelled to decrypt and hand over user data to security services on request.
Apple users in the region have data including name, delivery address, email address, and phone number stored on servers within the nation’s borders. The company said it collects the information for customer service and to send users information on new products.
The report doesn’t mention if more personal information is also stored, such as photos, contacts, or messages, so iCloud data doesn’t appear to be on the Russia-based servers. However, Apple does keep details about its Russian employees within the country, including passport numbers, place and time of issuance, addresses, history of work valuations and income details.
“Seems that something is hidden here because of course Apple collects more data,” said Sergey Medvedev, a senior lawyer with the Moscow-based law firm Gorodissky and Partners.
Russian law takes a broad interpretation of personal data and applies it to anything that could be used to identify individuals or their behaviour. Photos, music, and e-book downloads would all indirectly be defined as personal data, said Medvedev, who specializes in internet and e-commerce law.
Over the past few years, Apple has taken publicly broad positions on user privacy, yet kowtowed to foreign governments where necessary to continue offering services.
Last February, the company handed over Chinese citizens’ iCloud accounts and encryption keys to provincially owned Guizhou-Cloud Big Data but promised not to compromise users’ data security or create backdoors for governments to access customer data. Within months, the Chinese government was reportedly trying to get Apple to filter out user messages referencing pornography, gambling, or counterfeit goods.