Moldova warns citizens over Russian apps and data privacy
Users of Russian apps in Moldova face significant data security and privacy risks, according to the country’s National Center for Personal Data Protection (CNPDCP).
Platforms like Yandex, Odnoklassniki, and the voice assistant "Alisa" collect a wide range of private data, including banking details, location, and travel history. This information is then stored on servers in Russia.
The CNPDCP advises citizens to be cautious, read privacy policies before installing apps, and avoid transmitting personal data that could be exploited to their detriment.
Russian apps pose a threat to Moldovan citizens' digital security
The use of foreign online platforms, particularly those developed in Russia that do not provide adequate data protection, poses a major risk to the digital security of Moldovan citizens, the CNPDCP said in a statement to Radio Moldova.
Among the main risks associated with using apps managed by non-resident operators whose servers are located outside Moldova are:
Data security: Platforms are frequent targets of cyberattacks like phishing and hacking.
Data privacy: Providers could use collected information—including banking details, contacts, and voice recordings—for purposes other than those stated.
Cross-border data transfer: This reduces the control of both users and national authorities over how data is stored and used.
For example, the "Yandex Go" app gathers data from mobile devices, names, phone numbers, and banking information. The CNPDCP noted that while data can be stored in Russia or the European Economic Area, Moldovan authorities have significant difficulty exercising control over platforms owned by non-resident companies, limiting citizens' ability to defend their digital rights.
Government spokesperson warns criminal groups are collecting data and transmitting it to Russia Users of digital services in Moldova should be careful about how they share their personal data, especially during the election period, warned Government spokesperson Daniel Vodă. He noted that taxi and other online services must be legally registered in Moldova and guarantee that citizens' data remains within Europe.
"Ultimately, the use or non-use of a service is at the citizen's discretion," Vodă said in a comment to Radio Moldova. "But the Government's message is that when we share our information—our name, phone number, banking details, or identity—we must be careful about the apps we use and report any cases of abuse."
He also pointed to risks posed by criminal groups allegedly led by Ilan Șor, who is believed to be in Moscow, which have abusively collected personal data in locations such as Orhei and Chișinău. This data was reportedly sent to Russia, and citizens have reported receiving unwanted calls, fines, and even loans taken out in their names without consent.
Vodă added that recent legislative changes require every company to get a citizen's explicit consent to process personal data.
Greater risks for those travelling to or in Russia
The level of data protection in Russia is strictly tied to the state's national interests, which can endanger the personal information of Moldovan citizens, according to security expert Andrei Curăraru of the Watchdog community.
He pointed to documented cases where access to smart home equipment has allowed Russian authorities to convict individuals in court, including for "discrediting the Russian army." There have also been requests for access to Telegram encryption keys, and the infrastructure of Vkontakte services has been penetrated by the FSB.
"If information about them were sought in FSB databases, they could be tracked, fined, and sanctioned," Curăraru warned. "In a situation like this, any chat with more than two people could be used against citizens."
The warning from the CNPDCP follows repeated scandals in Russia over pressure on Yandex to provide user data to secret services. For example, Russian media outlet Vedomosti reported that a Moscow court fined Yandex 10,000 rubles in May 2025 for not providing the FSB with access to data from its "Alisa" smart home station.
Experts noted that Russian legislation, known as the "Yarovaya Law," has been interpreted more broadly, extending the obligation to provide data access to almost any IT infrastructure.
Translation by Iurie Tataru
