The Personal Data Protection Service of Georgia has fined Ridetech Georgia LLC, the company which provides the Yandex taxi apps, ₾4,000 ($1,500) for sharing the personal information of users and drivers in Georgia with Russia.
On Monday, the agency said they had discovered during an inspection that the Yandex GO app for passengers and the Yandex Pro app for drivers connected to servers in Russia as part of the process of verifying users had an internet connection. In doing so, the IP addresses of users were reportedly unlawfully transferred to the Russian servers.
On top of the fine, the agency ordered the company to terminate further data transfers.
They also noted that before the inspection, Ridetech Georgia had applied for permission to transfer personal data processed on the territory of Georgia to Russia, a request that was rejected.
‘The Service […] considered that in the Russian Federation, there was no real expectation of adequate guarantees of the protection of the rights of the data subject, including the protection of the principle of data security’, their statement read.
Ridetech Georgia has said they will appeal the fine, BM.ge reported on Tuesday.
According to them, they ‘work in full compliance with Georgian legislation’.
‘The rights of users of our services are our priority’, they stated. ‘To store data, we use reliable servers located in the European Union — a jurisdiction that, according to the Personal Data Protection Service of Georgia, provides adequate protection of Yandex Go user data’.
According to an article published last August by Meduza, the Russian Federal Security Service (FSB) would have access to the data of Yandex users abroad from 1 September 2023.
At the time of the article’s publication, Yandex denied the claim. They said that their taxi app and other apps used in EU countries were operated by a Dutch company that adhered to EU legislation, including the General Data Protection Regulation (GDPR).
Read in Armenian on CivilNet.
