Apple Complies with Controversial Russian Data Law

Russian security services could soon have access to the personal data of thousands of Apple users in Russia, following the U.S. tech giant’s decision to comply with Russian law and store user data on servers in the country, RBC reports.

Russian media and communications watchdog Roskomnadzor has confirmed for the first time that Apple Russia is to adhere to a controversial 2014 law that requires any company handling the digital data of Russian citizens to process and store it on servers physically located in Russia. Under Russian counterterrorism laws, Apple could be compelled to decrypt and hand over user data to security services on request.

The company has publicly positioned itself as a champion of data privacy, and CEO Tim Cook has condemned the “weaponization” of personal data. In 2016, the tech giant refused to unlock the iPhone of one of the shooters involved in the San Bernardino, California, terrorist attack in December 2015.

But in China and now Russia, Apple has quietly complied with local laws that could leave vast quantities of user data within the reach of the state.

In 2017, the company removed virtual private networks, or VPNs, that mask browsing activity from its App Store in China. Last year, Apple moved iCloud operations and encryption keys to data centers in China, raising fears that the authorities could have easier access to messages, emails, and other data stored in the cloud.

It’s not clear what data Apple will store on its servers in Russia. The company’s registration with the media agency lists names, addresses, email addresses, and phone numbers as the kinds of user data it processes. Apple Russia’s registration documents, filed on Dec. 25, make no mention of its iCloud service, which can host user photos, videos, documents, contacts, and messages.