Indian government asks VPN providers to share customer data
The Indian government has now ordered virtual private network providers to record user data and share it with government agencies, including user purpose and identity information. Responsible for the matter is the Indian Computer Emergency Response Team, and VPN providers to log and hand over customer data. At the same time, the VPN provider must keep the data for five years and share it with the Indian government, or allow Indian government departments to access the data at any time to query user information. The person in charge could face jail time if the VPN provider does not comply with the relevant order, but the order is not yet in effect for the provider to adjust in time.
- Validated names of subscribers or customers hiring the services.
- Period of hire including dates.
- IPs allotted are being used by the members.
- Email address and IP address and time stamp used at the time of registration or onboarding.
- The purpose for hiring services.
- Validated address and contact numbers.
- Ownership pattern of the subscribers or customers hiring services.
A VPN not only encrypts all traffic to improve security but also helps users hide their real IP addresses from being tracked by ad networks. And based on privacy considerations, most VPN providers currently provide a no-log mode, that is, the provider does not record any data when users register and use related services. This no-log mode is still very popular, but the new regulations undermine the main selling point of having a VPN. The new policy will take effect on June 27, 2022, and most providers currently do not meet the policy requirements, so the next may be a change of terms.