Last week, the Indian government issued an order which required VPN (Virtual Private Network) based companies to collect and provide it with user data.

India

The order, issued by the Computer Emergency Response Team (CERT-in), which is a department under the Ministry of Electronics and IT requires these companies to collect sensitive user data like IP addresses, usage patterns, etc, and store it for up to 5 years before eventually handing it over to the government whenever asked. Failing to comply with these orders can result in prison sentences of up to a year under Section 70B(7).

The government has stated that this move is aimed at “coordinate response activities as well as emergency measures with respect to cyber security incidents.”

India

As you can imagine, this is a direct step against data privacy. And it appears that major VPN companies operating in India are unlikely to comply with these orders according to recent statements issued by them.

Laura Tyrylyte, who is the security spokesperson for NordVPN said “We are committed to protecting the privacy of our customers, therefore, we may remove our servers from India if no other options are left.”

Express VPN also issued a statement saying “VPNs are critical for user safety and the preservation of user’s right to online privacy and are fundamentally opposed to any efforts to undermine such technologies.”

Shurfshark VPN’s legal head Gytis Malinauskas has said that “We operate only with RAM-only servers, which means that at this moment, even technically, we would not be able to comply with the logging requirements.

Going by the statements of these major VPN service providers and their firm stance against the Indian Government’s mandate, it could be possible that these companies might soon stop providing their services in India. The last date for complying with the CERT-in’s directive is June 27th, 2022, so stay tuned for more updates on the matter.

 

RELATED:

 

RELATED ARTICLESMORE FROM AUTHOR