A new government order requires VPN companies in India to collect and store users’ data for five years or longer. IT Ministry of India now wants VPN companies to accumulate and keep users’ data for at least five years. Aside from this, the CERT-in (Computer Emergency Response Team) has ordered crypto exchanges and data centers to collect and store data of users for five years or longer. Notably, this will enable the CERT-in to arrange emergency measures and response activities relating to cyber security incidents.
As part of the new government order, virtual private network companies in India will now collect and store the name of the user. Aside from this, the VPN companies will have to verify the user’s home address, as well as their IP address. On top of that, VPN companies will have to store the usage patterns of the user. Furthermore, failure to meet the new governing law could lead to up to one year of imprisonment. The new law also comes at the time when Microsoft is prepping to offer a free VPN on its Edge web browser. The law will be effective starting from July 27, 2022.
India Orders VPN Companies To Store Users’ Data For At Least 5 Years
Moreover, it is worth mentioning that the virtual private network companies will have to track and maintain records of users even after they cancel the subscription. Likewise, the companies will have to maintain records of users that have de-activated their accounts. For those who are unaware, a VPN comes in handy for connecting securely to the internet since the users’ IP address is disguised. Moreover, it hides the location from everyone to protect against external attacks. VPNs also have a no-logging policy.
They do not collect or share data of its users since they establish a connection using RAM-only servers. In other words, it only stores data for a short time. However, the new government order would require VPN companies to use storage servers. As a result, the cost quota for the service is also likely to increase. To recall, Brazil had announced that the government will penalize those using VPNs to access Telegram earlier this year. CERT-in will require VPN companies to report twenty vulnerabilities that will have different impacts on the company’s services.
One of these vulnerabilities includes “Unauthorized access to social media accounts.” Using VPN services can sometimes prove to be perilous, especially when you are using a free VPN service. Last year, the personal information of millions of free VPN users leaked online. So, VPN users need to ensure they do not end up jeopardizing their privacy by using a VPN service. Now, it looks like India is sparing no effort to tighten VPN companies. India is forcing VPN service providers to store and share users’ data. However, it is unclear whether other countries will follow suit.