VPN Companies In India Ordered To Collect, Store, Hand Over User Data

VPN companies in India are now the subject of a new government order. This time, they're required to collect user data and store it for five years or more.

Narendra modi
GLASGOW, SCOTLAND - NOVEMBER 02: India's Prime Minister Narendra Modi speaks during the World Leaders' Summit "Accelerating Clean Technology Innovation and Deployment" session on day three of COP26 on November 02, 2021 in Glasgow, Scotland. Ian Forsyth/Getty Images

The new order comes from the country's Computer Emergency Response Team, otherwise called CERT-in. According to CNET, this policy is likely to make using VPNs more difficult there. But it's not just VPN companies covered by this new directive: it also includes data centers and cloud service providers.

As for the type of user data that these companies are ordered to store for at least half a decade, it includes customer names, validated IP and home addresses, personal usage patterns, and all other information that could be used to identify people. Anybody who doesn't comply with the law will serve up to a year of prison time.

Here's another kicker: even if the customer cancels their subscription or deletes their account, their information will still be stored in the company's servers as per the directive. This definitely goes against the "no logging" policies of several well-known VPN providers, which is part of what they mostly do as a whole.

The original report comes from Entracker, who also mentioned that the directive was to help "coordinate response activities as well as emergency measures with respect to cyber security incidents." But with people who use VPNs no longer being anonymous online, a handful of critics of the directive are worried about its implications on cryptocurrency - which relies a lot on anonymity.

According to CoinTelegraph, it actually also covers crypto exchanges. While several users received it negatively, some crypto exchange owners were actually fine with it. Among these is Sathvik Vishwanath, CEO of Unocoin, who says that the directive will help prosecute tax evaders quicker.

It is also not made clear whether the directive will only apply to companies in India, or also to external companies who serve the Indian market. Either way, it is scheduled to be enforced starting late June of this year, unless CERT-in extends the compliance window for the companies covered by the law.

How Does VPN Hide My IP Address?
Pexels

India's History Of Heavy-Handed Acts Against Internet Usage

Forcing VPN providers to collect and store critical user data can easily be chalked up by anyone as an attack on user privacy. And they'd be right. However, this isn't even new to India considering its history of heavy-handed sanctions over using the web.

Back in 2019, the Indian government actually proposed some sort of a Chinese-style internet censorship, as reported by The New York Times. If it pushes through, the censorship will give Indian government officials the power to order the likes of Facebook, Twitter, TikTok, or even Google to take down content which they might deem libelous, hateful, or deceptive, to name a few. Aside from that, Indian users could also be blocked from consuming "unlawful content."

INDIA-HEALTH-VIRUS
A teacher conducts an online class at a school in Mumbai on January 24, 2022, after schools were reopened that were closed as a preventive measure to curb the spread of the Covid-19 coronavirus. INDRANIL MUKHERJEE/AFP via Getty Images

Two years later, the critics sounded the alarm over this proposal. In a report by AlJazeera, they reported fearing that putting social media platforms under direct government oversight can lead to outright internet censorship, as well as a direct attack on user privacy and online free speech.

This article is owned by Tech Times

Written by RJ Pierce

ⓒ 2024 TECHTIMES.com All rights reserved. Do not reproduce without permission.
Tags:VPNIndia
Join the Discussion
Real Time Analytics