According to a new report released last week, the Indian IT Ministry has forced VPN businesses to gather and preserve customer data for at least five years. CERT-in, or the Computer Emergency Response Team, has also requested that data centres and crypto exchanges collect and preserve user data for the same time period in order to coordinate response actions and emergency cyber security measures in the country.
According to the new governing law, failing to meet the expectations of the Ministry of Electronics and IT can result in a year in prison. Companies must also keep track of and maintain user details long after a user has discontinued his or her service subscription.
To preserve their privacy, many Indians use VPN services. Users can use VPNs (virtual proxy networks) to protect themselves from website trackers that can track information such as a user’s location. Paid VPN services, as well as a few good free ones, all have no-log policies. Because the services run on RAM-only servers, no data is stored beyond a reasonable transitory scale, users have perfect anonymity.
If the new amendment is passed, businesses would be compelled to transition to storage servers, which will allow them to log in user data and keep it for at least five years. Switching to storage servers will result in increasing costs for businesses.
This means less privacy and possibly higher costs for the end-user. If data was logged, it would be easy to track your browsing and download history. Meanwhile, paid VPN services may increase their subscription charges to cover the costs of the new storage servers they must now employ.
The new regulations are likely to take effect 60 days after they are passed, which means they might take effect on July 27, 2022.