VPN providers in India mandated to collect customer data

The new directive of collecting and storing users’ information questions the very existence of VPNs.

Updated - May 06, 2022 06:06 pm IST

Ethernet cables used for internet connection are seen in Kiev, Ukraine

Ethernet cables used for internet connection are seen in Kiev, Ukraine | Photo Credit: Valentyn Ogirenko

Virtual private network (VPN) companies in India must collect and maintain customer data for at least 5 years, according to a directive from Computer Emergency Response Team (CERT-In).

(Sign up to our Technology newsletter, Today’s Cache, for insights on emerging themes at the intersection of technology, business and policy. Click here to subscribe for free.)

The mandate applies to Virtual Private Server (VPS) providers, VPN service providers, cloud service providers, data centers, and is aimed at maintaining accurate information on customer registrations details.

Details must include names, addresses, contact numbers and email address of customers hiring the services, period of hire, IPs allotted to them, time stamp used at the time of registration, purpose for hiring services and ownership pattern of the customers.

The order will become effective after 60 days and failure to furnish the information or non-compliance with the directions, may invite punitive action, CERT-In said.

The CERT-In serves as the national agency that analyses cyber threats and handles cyber incidents reported to it.

During the course of handling cyber incidents CERT-In has identified certain gaps causing hindrance to threat analysis. These directions issued will help them to address the identified gaps.

These directives challenge the primary function of a VPN which is to hide users’ IP address from their Internet Service Providers and other third parties.

Most VPN services do not store logs of user activities. ISPs and other third parties cannot see which websites users visit or what data they send and receive online.

The new directive of collecting and storing users’ information questions the very existence of VPNs.

0 / 0
Sign in to unlock member-only benefits!
  • Access 10 free stories every month
  • Save stories to read later
  • Access to comment on every story
  • Sign-up/manage your newsletter subscriptions with a single click
  • Get notified by email for early access to discounts & offers on our products
Sign in

Comments

Comments have to be in English, and in full sentences. They cannot be abusive or personal. Please abide by our community guidelines for posting your comments.

We have migrated to a new commenting platform. If you are already a registered user of The Hindu and logged in, you may continue to engage with our articles. If you do not have an account please register and login to post comments. Users can access their older comments by logging into their accounts on Vuukle.