In September 2025, Moscow Digital School hosted a lecture “Jurisdictional Aspects of E-Commerce.” During the event, Antonina Levashenko, Head of International Best Practices Analysis Department at the Gaidar Institute, spoke about the specifics of regulating cross-border transfer of personal data in e-commerce.
The purpose of regulating the cross-border transfer of user data is to provide users with the same level of protection abroad as that guaranteed by national legislation. Russia is one of those countries where cross-border transfers require businesses to incur operational costs to go through special administrative procedures. Although a notification procedure has been established, it is de facto a permissive one, because Roskomnadzor must first be notified of the transfer, and only after 10 working days, i.e., if Roskomnadzor has no objections, can the transfer take place. If Roskomnadzor identifies a threat to national security, the transfer will be prohibited. Although, according to statistics, only 0.4% of notifications are rejected by Roskomnadzor, the procedure itself, given the waiting time and risks of uncertainty, is a significant barrier to international trade.