Since Monday, VPN providers in India have had to collect extensive data on users. The big players in the industry have dismantled their servers.
Because VPN providers in India now have to collect extensive personal data about their users, many have moved their servers out of the country. After NordVPN, ExpressVPN and Tunnelbear, the Swiss company Proton AG recently announced that it intends to shut down its own hardware in good time before the deadline, reports Telegraph India.
However, the majority of services have assured that users in India can continue to use the VPN offers. Representatives of the companies have in some cases clearly criticized the legal requirements in India.
Rules after deadline extension now in force
In spring, the Indian CERT (Indian Computer Emergency Response Team) ordered that VPN services use, among other things, “confirmed names”, the time of use, the assigned IP addresses, the respective email addresses and the number used during registration IP address, the purpose of use, as well as a confirmed address and telephone numbers. They must be stored for five years, and non-compliance is punishable by up to one year in prison. The rules should actually apply from June, but then the deadline for introduction was extended by three months. The regulations have been in effect since Monday.
The Indian regulations will undermine internet freedom and put activists and whistleblowers at risk, Proton CEO Andy Yen told The Wall Street Journal. They would often turn to VPN services to keep their identities secret from governments. He finds it very sad that the largest democracy in the world is choosing this path. Similar rules would also apply in Russia and China. We have no intention of ever complying with these or similar laws on mass surveillance. ExpressVPN’s Harold Li said his company refuses to “put user data at risk,” according to Telegraph India.
Internet in India increasingly unfree
The Indian CERT, which is based at the Ministry of Electronics and Information Technology, justified the requirement with its assigned task of coordinating the necessary emergency measures in the event of cyber security incidents. Sometimes the information needed to do this is not available or cannot be made readily available, even if it is fundamental to one’s work.
According to Freedom House, India is considered “partially free” when it comes to the Internet, and the situation has been deteriorating for years. Internet bans are particularly common in the country, but thousands of websites are also blocked. VPN services offer a way to view the blocked content anyway. If the guidelines ensure that the providers withdraw from the country, it would be another setback for internet freedom in the country, which is only behind China in terms of the number of internet users worldwide.
