The headlines misleading. They have to store any data they store on Russian inside Russia. Not in a foreign (to Russia) server. If they stored no data they would be okay.
This type of policy is generally good for privacy. If a company is limited to storing users data in the user’s country, that country can enforce their privacy laws.
Imagine a Chinese company that operates in the EU. GDPR provides citizens in the EU protections on how they data can be handled and the right to have it deleted. So this Chinese company can’t sell or misuse customer data without the users permission. However, if the company has no assets in the EU then EU courts have no real remedy to GDPR abuses. The Chinese company with EU citizens data in Chinese servers will tell the court to ‘jog on’. However, if the company has to use EU servers then there are assets to target and in extreme cases data to be wiped manually.
Whilst this type of law can protect users privacy when organisation are abusing data (which is the usual situation in liberal countries). It can also aid governments in abusing their citizens data. A company can’t protect their customers from the state the data is stored in very well (if the courts are complicit in the privacy invasion).
If Russia wants access to a Google’s users data their only option is a strongly worded letter, if the data is stored in the US. If the data is stored in Russia the threat of violence or imprisonment can be used.