Expanded data privacy laws in India drove a slew of VPN companies out. This follows recent Ministry of Electronics and Information Technology (MeitY) rulings requiring VPN companies and other online platforms to collect critical information from clients under the pretext of a cyber security procedure.
Heightened Data Guidelines Drive Out VPN Companies
VPN providers in India did not bother to wheel and deal with the country's information technology agencies because doing so would be a direct violation of their own privacy protection standards. Based on a Wired report, VPN companies are now intending to unplug their servers in the South Asian country.
Concerning the country's heightened data privacy legislation, a contingency team has been formed to ensure that online platforms dealing with client information log critical information such as names, email addresses, and IP addresses for at least five years. This new registration law even applies to data from users who have opted out of specific subscriptions.
Read Also: VPN Companies In India Ordered To Collect, Store, Hand Over User Data
The Indian Computer Emergency Response Team (CERT) explained in an April directive that the said measures must be obtained because the government requires them in various investigations. That said, critical information is required "in order to coordinate response activities and emergency measures in relation to cyber security incidents." This new legislation is effective today, Sept. 25, said CERT.
In accordance with the Indian government's new data privacy guidelines, all service providers, intermediaries, data centers, corporate bodies, and governments must enable logs of all their ICT systems and keep them secure for a rolling period of 180 days, and the logs must be kept within Indian jurisdiction.
Platforms Concerned Over Massive Data Seize
In a report, courtesy of the Wall Street Journal, a Nord Security spokesperson said that such rulings are "typically introduced by authoritarian governments in order to gain more control over their citizens." NordVPN is one of the VPN firms affected by the harsh government-backed data law. In 2020, New Delhi also started a crackdown on China-based apps, shutting down various apps and online games.
The VPN platform is also concerned that a government seizing control of a massive database of user data could affect not only users but the entire user base in general. To put it another way, this new regulation will seize critical data from hundreds to thousands of web companies.
As reported by the Hindustan Times, ExpressVPN, one of the leading cloud service providers in India, has already announced that it is going to shut down its servers in the country, making it one of the first companies to scale back operations in the country after CERT issued directives requiring extensive user data logs.
The Indian government may portray its latest data rules as advantageous to India's "sovereignty or integrity," but they can possibly impact some of its online industries and economy. According to Atlas VPN, India had 342 million VPN users in the first half of 2021. As VPN companies plug out their servers, it will be interesting to see how the data privacy concern in India plays out.
Related Article: Major VPN Firms to Discontinue Servers in India as Country Launches its New VPN Guidelines
