- The Indian government has issued a directive mandating
VPN service providers to retain user data. - India currently has over 270 million
VPN users , a majority of whom use it to connect to their company network. - VPN service providers may leave India as it’s not possible to comply with the government’s directive.
The directive was issued by the country’s cyber watchdog - the Indian Computer Emergency Response Team (CERT-In). The new guidelines come into effect after 60 days of issue, which is around June end.
The directive has come under criticism from various sections of society, including
The directive issued by the government mandates VPN providers to maintain the following data as part of the know your customer (KYC) policy for a period of five years –
- Validated name of subscribers/customers
- Period of hire
- IPs allotted to the user
- Email address, IP address and time stamp used at the time of registration.
- Purpose of hiring services
- Validated address and contact numbers
- Ownership pattern of the subscribers
In addition to removing anonymity, this may have a much larger impact on the country. According to a VPN adoption Index maintained by AtlasVPN, India recorded over 270 million VPN users in 2021, which is around 20% of the population. This number has likely increased by now.
The increase in VPN users in the country has been due to an increase in people working from home due to the pandemic. There are several uses of VPN, including employees using it to connect to company networks securely while working from home, accessing geo-restricted content or simply staying anonymous.
VPN companies are against the directive from the government as recording user data goes against the main principles of VPN as they are designed to protect user privacy.
NordVPN, one of the largest VPN service providers in the world, is reportedly considering pulling its servers out of India in response to the directive from the government.
“We are committed to protecting the privacy of our customers therefore, we may remove our servers from India if no other options are left,” Patricija Cerniauskaite, an official from NordVPN told Entrackr. The company reportedly has 28 servers in the country, which cater to both Indian and international users.
“PureVPN is a no-log VPN, user anonymity and security is a central priority but if that is compromised by this policy then we will have to consider our position in India,” Uzair Gadit, chief executive officer of PureVPN told Business Insider India in a statement.
“PureVPN stores no identifiable information, nor does it record or store user activity so this presents a significant risk for our users. More widely, this will impact the wider VPN industry,” Gadit added.
“VPNs are critical for user safety and the preservation of user's right to online privacy and are fundamentally opposed to any efforts to undermine such technologies,” ExpressVPN said in a statement to Economic Times.
In addition to being opposed to the new guidelines from the government, some VPN providers have claimed that the guidelines do not apply to them as they do not come under the jurisdiction of Indian laws.
“We are operating under the jurisdiction of the Netherlands, and there are no laws requiring us to log user activity,” Surfshark said in a statement to ET.
SEE ALSO:
Explained: Indian government makes user data collection mandatory for VPNs
Boris Johnson urges Russians to download VPNs to get round Putin's censorship of mass killings in Ukraine
Internet censorship cost the global economy $5.5 billion in 2021, report says