General Data Protection Regulation (GDPR) , Standards, Regulations & Compliance

Finland and Norway Ban Yango's Data Transfer to Russia

Move Comes as Russia Allows a Law Permitting Access to Taxi User Data Akshaya Asokan (asokan_akshaya) • August 9, 2023    
Finland and Norway Ban Yango's Data Transfer to Russia
A Yango ride-hailing car in Romania in December 2019 (Image: Shutterstock)

Data protection agencies in Finland and Norway imposed Tuesday a temporary data transfer ban on Russian ride-hailing app Yango over concerns the Moscow could access sensitive data of Europeans.

Yango is the only Russian ride-hailing service operational in Europe. Its Netherland-based parent company, Ridetech International B.V., is a subsidiary of Yandex, an online technology company widely known as the Russian Google.

See Also: Navigating the GRC Landscape in 2023: Trends and Strategies from TruOps

The Finnish and Norwegian data regulators imposed the ban weeks before a Russian law granting Kremlin domestic intelligence agency the FSB access to taxi users' data goes into effect on Sept. 1. The Nordic ban on transferring data will remain in effect at least through Nov. 30.

European regulators fear the Russian government's move poses privacy risks by allowing the intelligence agency to monitor the movements of Yango customers.

The agencies also said that once Yango data reaches Russia, it could be processed in violation of the European General Data Protection Regulation.

Meduza, a Russian-language news service headquartered in Latvia, reported that Yango collects users' IP address, device ID, operating system and browser.

In a statement to given to Reuters, Yango said the Russian government's rule will not affect international users of the ride-hailing app. "This will not change after the 1st of September," the company said.

Yandex is one of the Russian companies affected by Western sanctions imposed in the wake of Russia's invasion of Ukraine in 2022. Arkady Volozh, the former CEO of Yandex, quit the company in June 2022 after it was sanctioned by the European Union.

Citing company insiders, Meduza reported that Yandex had shuttered its only data center in Finland after the invasion. The company then began to store all its data in the Russian metro areas of Moscow, Ryazan and Vladimir.

Previous
Norway Threatens Meta With Fines for Ad Violations
Next
Threat Activity Clusters: Defenders' Way to Fight Ransomware

About the Author

Akshaya Asokan

Akshaya Asokan

Senior Correspondent, ISMG

Asokan is a U.K.-based senior correspondent for Information Security Media Group's global news desk. She previously worked with IDG and other publications, reporting on developments in technology, minority rights and education.



Around the Network

Inside Look: FDA's Cyber Review Process for Medical Devices
Inside Look: FDA's Cyber Review Process for Medical Devices
Addressing Security Gaps and Risks Post-M&A in Healthcare
Addressing Security Gaps and Risks Post-M&A in Healthcare
Threat Modeling Essentials for Generative AI in Healthcare
Threat Modeling Essentials for Generative AI in Healthcare
Why OT Security Keeps Some Healthcare Leaders Up at Night
Why OT Security Keeps Some Healthcare Leaders Up at Night
Critical Considerations for Generative AI Use in Healthcare
Critical Considerations for Generative AI Use in Healthcare
Why Entities Should Review Their Online Tracker Use ASAP
Why Entities Should Review Their Online Tracker Use ASAP
Generative AI: Embrace It, But Put Up Guardrails
Generative AI: Embrace It, But Put Up Guardrails
The State of Security Leadership
The State of Security Leadership
Zero Trust, Auditability and Identity Governance
Zero Trust, Auditability and Identity Governance
Why Connected Devices Are Such a Risk to Outpatient Care
Why Connected Devices Are Such a Risk to Outpatient Care

Continue »

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing gdpr.inforisktoday.com, you agree to our use of cookies.