Indian government orders VPN providers to log and hand over customer data or risk jail time

The Indian flag in front of a blue sky

The Government of India has ordered Virtual Private Network (VPN) providers to log and share user data with the government.

According to a new directive (PDF) from the Computer Emergency Response Team (CERT) (via PIB), VPN providers will need to capture and store five years of user data as well as share it with the government. The directive also ask companies to store and maintain a database even if the user cancels the subscription. While VPN providers are the primary target, the notice also covers Data Centres, Virtual Private Server (VPS) and Cloud Service providers. The directive also notes that those who will not comply with the rules can face up to one year in prison.

The new law asks the service providers to store and share the following information with the government:

  • Name, email address and phone number

  • The customer’s purpose for using the VPN service

  • The IP addresses allotted to the customer and the IP address the customer used to sign up with the service

  • The “ownership pattern” of the customer

  • Period of hire including dates

Many VPN providers offer a no-log policy to provide anonymity to their customers. This means that leading VPN providers will be in breach of the government's new directive. Moreover, the law undermines the major selling point of a VPN which is to offer privacy and anonymity to the user.

The new law is slated to go live on June 27 but we may see the government provide an extension allowing companies to modify their business model to comply with the rules.

Report a problem with article
LEGO Star Wars Xbox Sweepstakes - Xbox Series S custom console
Next Article

Star Wars Day brings a chance to win a custom LEGO Star Wars: The Skywalker Saga console

windows server insider preview
Previous Article

Windows Server VNext Insider Preview build 25110 is now available

15 Comments - Add comment

Advertisement