The government recently released an order according to which Virtual Private Network (VPN) service providers are required to keep user data for at least five years and share records with authorities when required. This has resulted in these service providers being worried about their position and major companies like NordVPN have also considered leaving the country if they don’t get privacy to serve their customers. Let’s know more.
The Problem with the New Order
The order was originally issued by the Ministry of Electronics and Information Technology's agency CERT-In last week and will come into effect from June 28. According to the new guidelines VPN service providers are required to preserve data including the validated names, email IDs, and IP addresses of their users for five years or longer "as mandated by the law" even after cancellation or withdrawal of their registration.
The order further states that "all service providers" should "mandatorily enable logs" of their systems and maintain them securely for a rolling period of 180 days and this shall be maintained within the Indian jurisdiction. These logs are required to be submitted to CERT-In when ordered or directed by the agency. It is explained that the latest order has been designed to prevent cybercrime and cybersecurity incidents in the country. However, privacy is the key element for VPN service providers to attract their customers.
The Head of the Legal department at Surfshark, Gytis Malinauskas in a statement said that the company follows a no-log policy as it doesn’t involve itself in the practice of collecting or sharing customer browsing data or any useful information. He added that Surfshark for now is analysing the order and what it implies, however, has no plans to compromise on user privacy.
Nord Security which is the parent company of the very popular Nord VPN is also currently scrutinising the order released by CERT-In which was quite unexpected. The Head of Public Relations at Nord Security, Laura Tyrylyte stated that the company, for now, is operating without any changes as there is still some time left before the order comes into the effect.
India has been one of the biggest markets for VPN service providers and ranks second globally according to a report. This is due to the ever-growing internet censorship in the country. A report suggests that around 45% of users in the country rely on a VPN and hence the latest released order raises a lot of questions for the VPN service providers in the country.