What has changed in communication services (Kuchin O.). On the provision of UC, HOA data about employees to telecom operators Providing a list of persons to the telecom operator
What information does the management company, homeowners association using the services mobile communications, must be provided to telecom operators from 06/01/2018? What are the consequences of failure to fulfill this obligation?
New responsibility
According to para. 1 clause 1 art. 44 Federal Law dated 07/07/2003 No. 126-FZ “On Communications” (hereinafter referred to as Federal Law No. 126-FZ) on the territory of the Russian Federation, communication services are provided by telecom operators to users of communication services on the basis of an agreement for the provision of communication services, concluded in accordance with civil legislation and rules for the provision of communication services. (A user of communication services is a person who orders and (or) uses communication services.) Rules for the provision of services telephone communication approved by Decree of the Government of the Russian Federation dated December 9, 2014 No. 1342.
Based on para. 6 of the specified paragraph, introduced on June 1, 2018 by Federal Law No. 245-FZ of July 29, 2017, mobile radiotelephone communication services are provided to the subscriber - a legal entity (IP) and the user of the communication services of such a subscriber, subject to the subscriber submitting reliable information to the telecom operator, including about users. A subscriber is a person (for example, a management company or a homeowners association) who has entered into an agreement for the provision of mobile communication services, a user of the subscriber’s communication services - using the services cellular communication under a subscriber agreement, for example, with a SIM card provided by the management company or HOA (this could be an employee of the organization, the chairman of the HOA, or another person).
These changes, as Roskomnadzor indicated, were developed in order to more effectively combat the illegal sale of SIM cards.
The procedure for fulfilling the obligation to provide information
In paragraph 6 of paragraph 1 of Art. 44 of Federal Law No. 126-FZ stipulates that the subscriber (IP) provides the telecom operator with information about users of communication services in accordance with the rules for the provision of communication services. At the stage of concluding an agreement for the provision of cellular communication services, the specified information of the management company and the homeowners association does not need to be submitted. According to clause 19 of the Rules for the provision of telephone communication services, a person authorized to conclude an agreement in the interests of a legal entity sends to the telecom operator a document confirming his authority to represent the interests of the legal entity when concluding an agreement, a certificate of state registration legal entity or its notarized copy.
In an agreement concluded in writing with legal entity, the following information and conditions must be indicated:
date and place of conclusion of the contract;
name (company name) of the telecom operator;
details of the telecom operator's current account;
information about the subscriber - name (company name) of the organization, location (legal address and actual location), main state registration number, TIN;
address, procedure and method of providing an invoice for telephone services provided;
the period for providing access to the local or mobile communication network.
In addition, the contract stipulates such essential terms as:
subscriber number (subscriber numbers) or unique identification code (unique identification codes);
telephone services provided;
payment system for telephone services;
procedure, terms and form of payments.
As you can see, data about users of the subscriber’s communication services is not included in the information that must be included in the contract for the provision of communication services.
Information on how the obligation to transfer information about users must be fulfilled by the subscriber is set out in paragraphs. “d” clause 25 of the Rules for the provision of telephone services.
So, the subscriber is obliged to submit quarterly to the telecom operator a duly certified list of persons using the equipment of the subscriber - a legal entity, containing the last names, first names, patronymics, places of residence, details of identification documents of these persons. Information about new users (in the event of a change in the actual users of the legal entity’s equipment) must be provided to the telecom operator no later than 15 days from the day this became known.
Based on the draft prepared by the Ministry of Telecom and Mass Communications on amendments to the Rules for the provision of telephone services, information will most likely need to be provided to the telecom operator within a month from the date of conclusion of the contract for the provision of services (when transferring a SIM card to a new user - within 15 days).
Or an old duty?
Please note that the subscriber’s obligation, stated in paragraphs. “d” clause 25 of the Rules for the provision of telephone services, exists from the moment these rules came into force - from 01/15/2015. However, management companies and homeowners associations that did not fulfill the obligation to provide information about users of communication services before 06/01/2018 acted correctly if they did not have the users’ consent to transfer personal data. Personal data is any information relating to a directly or indirectly identified or identifiable individual (subject of personal data).
Relations related to the processing of personal data are regulated by Federal Law dated July 27, 2006 No. 152-FZ “On Personal Data.” Article 7 of this law provides the following.
Please note: operators and other persons who have access to personal data are obliged not to disclose to third parties or distribute personal data without the consent of the subject of personal data, unless otherwise provided by federal law.
Therefore, the transfer of personal data individuals– users of the subscriber’s communication services were prohibited in the absence of their consent. The restriction has been lifted. Based on para. 7 clause 1 art. 53 of Federal Law No. 126-FZ, introduced by Federal Law No. 245-FZ, it is not necessary to obtain the consent of the user of the subscriber’s communication services - a legal entity (IP) to transfer his personal data to the telecom operator.
The information provided is incorrect
Updated clause 6 of Art. 44 of Federal Law No. 126-FZ, telecom operators are required to verify the accuracy of information not only about the subscriber, but also about users of the subscriber’s communication services - a legal entity (IP). The verification is carried out by establishing the last name, first name, patronymic (if any), date of birth, as well as other data on the identity document of the user of communication services. For this purpose, the telecom operator is provided with access to the Unified System of Identification and Authentication (Federal State Information System “Unified System of Identification and Authentication in the Infrastructure that Ensures Information Technology Interaction of Information Systems Used to Provide State and Municipal Services in Electronic Form”, ESIA), Single portal state and municipal services, other information systems of government bodies. The period during which the telecom operator verifies the accuracy of the information received about users of communication services has not been established. The draft amendments allot 30 days for this from the date of receipt of data from subscribers.
If, as a result of the verification, the reliability of the information provided about the users of the subscriber's communication services is not confirmed, the telecom operator suspends the provision of communication services in the manner established by the Rules for the provision of telephone communication services.
User information not provided
Clause 3 of Art. 44 of Federal Law No. 126-FZ the telecom operator is provided right suspend the provision of communication services if the user of communication services violates the requirements established by the specified law, the rules for the provision of communication services or the agreement on the provision of communication services until the violation is eliminated. In the Rules for the Provision of Telephone Services, this norm is essentially duplicated: telecom operator has the right suspend the provision to the subscriber only of those telephone services in respect of which this subscriber violated the requirements established by Federal Law No. 126-FZ, these rules and the agreement (clause 44). It also follows from the law that the telecom operator must notify the user of communication services in writing about the planned suspension of the provision of communication services. In turn, if the user does not eliminate the violation within six months from the date of receipt of the notification, the telecom operator has the right to unilaterally terminate the contract for the provision of communication services.
Thus, if the management company, homeowners association (subscribers) do not provide the telecom operator with data about users of communication services, the operator may suspend the provision of services. In the future, the situation may change, since according to the draft amendments, suspension of the provision of telephone services in the event of a subscriber’s failure to fulfill the obligation to provide information about users is already the responsibility of the telecom operator.
It should also be taken into account that if a subscriber – a legal entity – fails to fulfill the obligation to transfer user data to the telecom operator, payment for mobile radiotelephone communication services is carried out only in the form of non-cash payments by transferring funds from the settlement accounts of such a subscriber. That is, they are unacceptable. This follows from paragraph 6 of Art. 54 of Federal Law No. 126-FZ, which also applies to relations arising from contracts concluded before the date of entry into force of Federal Law No. 245-FZ, that is, before 06/01/2018.
If a management company or a homeowners' association concludes (has a concluded) agreement with a telecom operator for the provision of mobile communication services, they must provide it with information about users of communication services - individuals using communication services under a subscriber agreement - the management company or the homeowners' association. This obligation is unconditional from 06/01/2018. If you ignore it, the telecom operator may suspend the provision of communication services, while the communication services themselves must be paid only in non-cash form. Communication services will also not be provided if the telecom operator, after checking the information provided about the users of the subscriber's communication services, discovers that it is unreliable.
Let's note one more important point. State Duma in the first reading on September 15, 2017, it adopted draft federal law No. 181342-7, on the basis of which an article may appear in the Code of Administrative Offenses of the Russian Federation providing for liability for failure to provide or untimely provision by a subscriber - a legal entity or individual entrepreneur - of information about users of communication services to a telecom operator. Thus, for failure to provide or untimely provision of data, it is proposed to fine a legal entity in the amount of 50,000 to 70,000 rubles, in case of repeated violation - from 100,000 to 200,000 rubles.
According to Decree of the Government of the Russian Federation dated July 31, 2014 N 758, the organization must transfer data about end users of the Internet to the Internet provider. Do I need to obtain consent from the employee to share this data? What is the liability for failure to provide this data?
In order to transfer information to the provider about which of the organization’s employees uses the Internet, is it necessary to first obtain their consent to process personal data, say Tatyana Troshina and Maxim Kudryashov, experts from the GARANT Legal Consulting Service.
By Decree of the Government of the Russian Federation of July 31, 2014 N 758, changes were made to the Rules for the provision of communication services for data transmission, approved by Government Decree Russian Federation dated January 23, 2006 No. 32 (hereinafter referred to as Rules No. 32) and the Rules for the provision of telematic communication services, approved by Decree of the Government of the Russian Federation dated September 10, 2007 No. 575 (hereinafter referred to as Rules No. 32). The specified Rules No. 32 and Rules No. 575 were adopted in accordance with paragraph 2 of Art. 44 of the Federal Law of July 7, 2003 N 126-FZ “On Communications” (hereinafter referred to as the Law on Communications).
Thus, in accordance with clause 26.1 of Rules No. 32 and clause 22.1 of Rules No. 575, a legal entity or individual entrepreneur is required to provide a telecom operator with a list of persons using its user (terminal) equipment. The specified list must contain information about the persons using its user (terminal) equipment (last name, first name, patronymic (if any), place of residence, details of the main identification document), and be updated at least once a quarter.
In accordance with Art. 3 of the Federal Law of July 27, 2006 N 152-FZ “On Personal Data” (hereinafter referred to as Law N 152-FZ), personal data means any information relating to a directly or indirectly identified or identifiable individual (subject of personal data). Essentially, this is any information with which you can determine (identify) the subject of personal data, which is fully consistent with the provisions of Art. 2 of the Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data, concluded by member states of the Council of Europe on 01/28/1981 (came into force for the Russian Federation on 09/01/2013).
According to Art. 86 of the Labor Code of the Russian Federation, the processing of an employee’s personal data can be carried out solely for the purpose of ensuring compliance with laws and other regulatory legal acts, assisting employees in employment, training and promotion, ensuring the personal safety of employees, monitoring the quantity and quality of work performed and ensuring the safety of property. The employer does not have the right to disclose the employee’s personal data to a third party without the written consent of the employee, except in cases where this is necessary in order to prevent a threat to the life and health of the employee, as well as in other cases provided for by the Labor Code of the Russian Federation or other federal laws (Article 88 of the Labor Code of the Russian Federation) .
As a general rule, the processing of personal data can be carried out with the consent of the subject of personal data (clause 1, part 1, article 6 of Law No. 152-FZ). However, as follows from Art. 6, h.h. 2, 3 tbsp. 9 of Law No. 152-FZ, if there are grounds provided for in paragraphs. 2-11 hours 1 tbsp. 6 of Law N 152-FZ, the consent of the subject of personal data for their processing is not required. So, in particular, the processing of personal data by the employer without the consent of the employee is permitted if it is necessary to achieve the goals provided for by an international treaty of the Russian Federation or the law, to implement and fulfill the functions, powers and duties assigned by the legislation of the Russian Federation to the operator (Clause 2, Part 1, Art. 6 of Law No. 152-FZ).
The employer’s obligation to provide the telecom operator with a list of persons using the operator’s user (terminal) equipment is provided for by the Communications Law, Rules No. 32, Rules No. 575. Thus, the processing of personal data is necessary to achieve the goals provided for by law, to implement and fulfill those assigned by the legislation of the Russian Federation on the operator's responsibilities. Therefore, in our opinion, after making appropriate changes to the contract for the provision of communication services, provision of the above list to the telecom operator by virtue of clause 2, part 1 of Art. 6 of Law No. 152-FZ does not require the consent of employees.
In accordance with paragraph 3 of Art. 44 of the Law on Communications, if a user of communication services violates the requirements established by the Law on Communications, the rules for the provision of communication services or an agreement on the provision of communication services, the telecom operator has the right to suspend the provision of communication services until the violation is eliminated. If such a violation is not eliminated within six months from the date the user of communications services receives a written notice from the communications operator of the intention to suspend the provision of communications services, the communications operator has the right to unilaterally terminate the contract for the provision of communications services. Thus, if the organization does not provide the telecom operator with a list of persons using the operator’s user (terminal) equipment, the operator has the right to suspend the provision of communication services, and after six months has the right to terminate the contract for the provision of communication services.
In conclusion, we note that currently the legislation does not establish administrative, criminal or other liability for failure to provide the telecom operator with a list of persons using the operator’s user (terminal) equipment.
The texts of the documents mentioned in the experts’ response can be found in the reference book legal system GARANT.
Providing information about subscribers corporate clients: State Unitary Enterprise has concluded an agreement with MTS PJSC to provide telephone numbers. communication between company employees. Currently, a letter has been received in which MTS asks to provide data on the list of persons using telephone numbers, registered with MTS PJSC at our enterprise, justifying Art. 64 of the Federal Law “On Communications” No. 126-FZ of 07.07.2003, clause 14 of the Government of the Russian Federation No. 538 of 08.27.2005 and the Conditions for the provision of mobile communication services by MTS, data must be provided in the form of a register certified by an authorized the face of your enterprise with the enterprise seal app. The register must indicate the following data of users of subscriber equipment: last name, first name, patronymic; place of residence; details of the main identification document (passport). Taking into account the above, are the requirements justified and legal, can employees of the enterprise using corporate communications, refuse to provide the specified information, what are the consequences of failure to provide information? If the company's employees agree to provide information, how should it be formatted correctly?
Answer
Yes, the requirements set out in the question are legal and justified (Rules for the provision of telephone services, approved by Decree of the Government of the Russian Federation of December 9, 2014 No. 1342).
Employees of the enterprise using corporate communications have the right to refuse to provide the specified information. If the organization fails to fulfill the obligation to provide the specified register, the telecom operator has the right to suspend the provision of telephone services to the subscriber (Rules for the provision of telephone services, approved by Decree of the Government of the Russian Federation of December 9, 2014 No. 1342).
If the employees of the enterprise agree to provide information, it is necessary to formalize this in writing (Labor Code of the Russian Federation).
The rationale for this position is given below in the materials of the “Lawyer System” .
1. Decree of the Government of the Russian Federation dated December 9, 2014 No. “On the procedure for the provision of telephone services” (together with the “Rules for the provision of telephone services”)
Where to get an answer to any legal question
The Lawyer System has answers to frequently asked questions company lawyers. Lawyer System subscribers also receive individual advice from experts.
About Wi-Fi and passports
Russian citizens really don’t like to read laws, but they really like to watch TV and panic. This is normal - not everyone is an expert in the field of law. It’s a shame that neither the majority of officials, who hand out vague “interpretations” of the legislative initiative, nor (all) journalists, who only give you “hard facts,” are experts. The example of the ban on personal data is confirmation that there is no consensus among experts in the field of information security regarding what is happening. Readers can object with an almost classic phrase: “It cannot be that everyone around is wrong, and you, Volkov, are the only one right.” Well, this time I’m not alone: together with Mikhail Emelyannikov we discussed the “Wi-Fi hysteria”, carefully read the Decree of the Government of the Russian Federation No. 758 of July 31, 2014 and related regulations, and came to the following conclusions.
Let's assume that you are the founder of a limited liability company that owns a cafe, and your LLC has an agreement with a telecom operator to “provide access to information systems of telecommunication networks, including the Internet.” You have installed several wireless access points in the cafe: in the offices - for your work computers, in the hall - for clients with personal devices and public computers (you purchased and installed them for those who do not have personal devices). Thus, you have two categories of users - your employees and customers of the establishment, using two categories of devices - personal and business (owned by the LLC). Attention, question: which of them should be allowed on the Internet using their passport, and is it necessary to do this at all?
Clause 1 of PP-758 amends the “Rules for the provision of universal communication services”, according to which “the provision of universal communication services for data transmission and provision of access to the Internet using public access points carried out universal service operator after carrying out user identification". Journalists, and then citizens, of course, were hooked on the text highlighted in bold, without going into details at all, who is a “universal service operator”, what is a “collective access point”, what does the cafe and its owner have to do with these definitions and whether the “Rules for the provision of universal communication services” apply to it. But you and I, of course, will go into it and look at Art. 57 and 58 of the Federal Law "On Communications". Let's look and read, and this is what we will come to.
A public access point (point) is a place that is specially organized to provide universal communication services to the population (telephony, information kiosks, data transmission, Internet, etc.). A universal service operator, which, in addition to a license, has several other conditions in order to be considered such, provides universal communication services, and is subject to the “Rules for the provision of universal communication services”. Is a café a "community point" or a "hotspot"? No, because it was not organized by a “universal service operator” to provide “universal communication services”, but you are an individual entrepreneur, in your personal interests, and you are subject to clause 1 of PP-758 does not apply. Which, in fact, was what some media outlets were talking about, which in the heat of passion was not noticed by the majority of “alarmists.”
However, it is too early to relax: PP-758 also contains clauses 2 and 3, which make changes to the “Rules for the provision of communication services for data transmission” and “Rules for the provision of telematic communication services”. Both of these documents apply to telecom operators who have the appropriate licenses. Although the Internet, “telematic communication services” and “data transmission” in the understanding of the “techie” are, as they say, “birds of a feather” - they are licensed differently. However, in both cases, the telecom operator is now obliged to identify the user even with a “one-time” connection, but, again, at a public access point.
Are you relaxed? It's early again. In addition to identifying the subscriber in the PCD, the changes require the operator to make changes to contracts for the provision of data transmission services and telematic communication services, which include the Internet. Therefore, in the near future, you, the founder of an LLC that has an agreement with the operator, will receive an additional agreement, which will contain a clause approximately as follows:
"The Customer is obliged to provide the Contractor with a list of persons using the user (terminal) equipment Customer , including last name, first name, patronymic (if available), place of residence, details of the main identification document".
It turns out that identification of users by passport cannot be avoided? Let's figure it out. What is "user (terminal) equipment"? In the "Rules...", links to which are given above, two definitions are given. For data service:
"subscriber terminal" - user (terminal) equipment used by the subscriber and (or) user to connect to the communication node of the data transmission network using subscriber line
This means that the user (terminal) equipment is a “subscriber terminal”. Let's move on to telematic communication services:
"subscriber terminal" - a set of technical and software, used by the subscriber and (or) user when using telematic communication services for transmitting, receiving and displaying electronic messages and (or) generating, storing and processing information contained in information system
Thus, the user (terminal) equipment is what the user uses to transmit, receive and display emails, stores, forms and processes information. In other words, these are tablets, smartphones, PCs and everything that is capable of performing these actions. It turns out that this “list of persons” should include everyone who uses such equipment? No - only those who use the CUSTOMER's terminal equipment. Does wireless point access to user (terminal) equipment? Of course not - and the regulator themselves says so.
As we found out earlier, we have two categories of users - employees and visitors, and two categories of devices - personal and business. Let’s create a matrix of “getting on the list of persons”:
- visitor with personal device - NO
- employee with personal device - NO
- employee with a service device - YES
- visitor with a service device - YES
Read the laws, friends - don't be lazy. This is much more useful and constructive than panicking, being indignant and spreading panic around yourself.