India will compel VPN providers to hand over user data

India will compel VPN providers to hand over user data

Using your favorite VPN in India may soon become impossible due to new regulations requiring VPN providers to collect and store a wide range of data on their customers for a five-year period.
India will compel VPN providers to hand over user data

According to ENTRACKR, the country's Ministry of Electronics and Information Technology's Computer Emergency Response Team (CERT-in) has issued a new set of guidelines in an effort to "coordinate response activities as well as emergency measures with respect to cyber security incidents."

However, VPN providers are not the only businesses that will be required to store customer data; the guidelines also apply to data centers, cryptocurrency exchanges, and Virtual Private Server (VPS) providers.

Companies in these industries will be required to register customer names, customer ownership patterns, customer contact information, and the reason they purchased their services in the first place beginning in June of this year.

At a cost, improving cyber incident response

The new order from CERT-in appears to be designed to ensure that the government agency can respond to all types of cyber incidents within six hours of their discovery. While the order is well-intended, the amount of data CERT-in is asking organizations to store and provide upon request is quite unusual.

CERT-in mandates that organizations report data breaches, bogus mobile apps, server infrastructure attacks, and even unauthorized access to a user's social media accounts. Furthermore, failure to provide the necessary information is punishable by up to a year in prison under Section 70B(7) of the IT Act.

Another stumbling block in the Indian government's plan is that most VPNs have a "no-logs policy" or, at the very least, only keep user data temporarily. Many VPN providers and other IT companies may cease doing business in India as a result of CERT-new in's directions, as they can no longer legally operate in the country.

The new guidelines will take effect at the end of June, unless the compliance window is extended, which could happen. Until then, however, consumers and businesses in the country should take advantage of one of the best India VPNs while they can.
Comments
No comments
Post a Comment



    Reading Mode :
    Font Size
    +
    16
    -
    lines height
    +
    2
    -