India delays controversial regulations that require VPN providers to store customer data

The Indian flag in front of a blue sky

Back in May, India announced a new set of strict rules that demand VPN and cloud service providers to log data about their customers and share it with the government. Although the modified regulations were supposed to go into effect on June 27, they have now been delayed by three months.

The controversial rules enforce VPN providers to collect the following information:

  • Name, email address and phone number
  • The customer’s purpose for using the VPN service
  • The IP addresses allotted to the customer and the IP address the customer used to sign up with the service
  • The "ownership pattern" of the customer
  • Period of hire including dates

The regulation affects Data Centers, VPN, Virtual Private Server (VPS), and cloud service providers, and those who refuse to comply may face up to a year in prison. This directive from India's Computer Emergency Response Team (CERT) has faced much criticism both from consumers and affected providers. In fact, ExpressVPN refused to comply with the rules and has already pulled its servers from the country.

The reason for the three-month delay is to enable affected firms to adapt to the new guidelines and even consider the option of dropping business in the country altogether.

In a joint letter to CERT, local cybersecurity experts have warned of the dangers of the new regulations, saying that:

The Directions, as they stand, will have the unintended consequence of weakening cyber security, and its crucial component, online privacy. We are cognizant of the need for a framework to govern cyber incident reporting, but the reporting timelines and excessive data retention mandates prescribed in the Directions, will have negative implications in practice and impede effectiveness, while endangering online privacy and security.

For its part, the Indian government has refused to budge on its stance with lawmakers saying that they will not cave in to external pressure and will not hold public consultation on the matter either. Following the delay, the new rules will go into effect from September 25, 2022.

Source: TechCrunch

Report a problem with article
The Nvidia GTX 1630 from Asus
Next Article

Nvidia launches GeForce GTX 1630, its cheapest modern graphics card

Bug on Windows Defender
Previous Article

Report: Microsoft Defender is hogging Intel CPUs while AMD Ryzen remains unscathed

11 Comments - Add comment

Advertisement