If you are following the announcements made by the Indian Computer Emergency Team (CERT-In), you might have heard about the new VPN rules. If you haven’t, well, CERT-In has directed all the VPN companies to store user data for up to five years. This data needs to be maintained even when the user has deleted the account inside the VPN application/platform. Along with VPN companies, the same direction has been given to data centers, crypto exchanges, and more.
Now, VPN companies will have to maintain crucial data such as IP addresses, user names, and usage patterns, amongst other things. Parties which don’t comply with the new rules announced by the CERT-In can face jail time of up to one year.
Specifically, VPN companies will need to maintain KYC data of the users which include – the name of subscriber/customers, IP addresses allotted to the customer, email address and IP address at the time of registration, the purpose of hiring services, validated address and contact numbers, and ownership pattern of the subscribers.
Sounds really bad right? Well, there’s a reason behind everything that the government decides to do. There is a pretty good one behind this decision as well.
India Wants to Reduce Financial Frauds
VPN hides the IP address and location of the user when sharing a network. It is useful in cases when you are online banking using public Wi-Fi networks. With a VPN active, another layer of encryption is added to your data. This helps with more secure communication.
With VPN data stored for up to five years, money laundering will go down significantly. Stolen identities and bank frauds would go down and cybercriminals would be tracked down. VPNs are helping a lot of fraudsters to engage in online banking frauds and hide their identities and location.
However, this won’t be possible once the VPN data is stored with the companies which is a good thing and have consumer interest in mind.
But as I said, the new rules are a double-edged sword.
With VPN data tracking, consumers will have no privacy. While remaining legal, VPNs will be regulated by the Indian government. VPN users will now be targets of surveillance and lose all the privacy they had while browsing the internet.
The new rules for VPNs could very well be in violation of the “Right to Privacy” for the users.