The action is in response to a government mandate on storing information about customers to boost cybersecurity.
Several virtual private network (VPN) providers, including Surfshark and ExpressVPN, have removed their physical servers from India in response to a government mandate on storing information about customers to boost cybersecurity.
NordVPN has also threatened to remove its infrastructure from the country unless the mandate is reversed.
The new directive issued by the Indian Computer Emergency Response Team (Cert-In) requires that from June 27 onwards, VPN and cloud service providers must hold customers' names, email addresses, IP addresses, financial transactions and know-your-customer (KYC) checks for a period of five years. The VPN providers claim this compromises the privacy of their customers.
"Collect and store customer data? NO! We value people's privacy – that's why we stand against India's new data regulation law. We'll shut down our physical Indian servers. Still, you'll be able to connect to virtual servers through Singapore and London – check our server list," says a tweet by Surfshark.
Collect and store customer data? NO! We value people's privacy – that's why we stand against India's new data regulation law ⚖️ We'll shut down our physical Indian servers. Still, you'll be able to connect to virtual servers through Singapore and London – check our server list 🌏
— Surfshark (@surfshark) June 7, 2022
A statement by ExpressVPN says, "The law is also overreaching and so broad as to open up the window for potential abuse. We believe the damage done by potential misuse of this kind of law far outweighs any benefit that lawmakers claim would come from it."
Surfshark said, "Taking such radical action that highly impacts the privacy of millions of people living in India will most likely be counterproductive and strongly damage the sector's growth in the country. Ultimately, collecting excessive amounts of data within Indian jurisdiction without robust protection mechanisms could lead to even more breaches nationwide."
Figure 1: The new directive requires that from June 27 onwards, VPN and cloud service providers must hold customers' names, email addresses, IP addresses, financial transactions and KYC checks for five years.
(Source: Per Bengston/Alamy Stock Photo)
A VPN allows a user to hide their IP address and encrypt browsing history, thus preventing Internet service providers (ISPs) and governments from tracking the online activities of the user.
The outbreak of COVID-19 led to a massive increase in the use of VPNs by enterprises in India, as employees started to access company data while working from home. By using a VPN, they were able to access company information remotely in a secure fashion.
India emerged as one of the top users as the penetration rate grew from just 3% in 2020, to more than 25% in the first half of 2021, according to the Atlas VPN report. VPN installs hit 348.7 million in the first half of 2021, recording a growth of 671% over 2020.
Related posts:
— Gagandeep Kaur, contributing editor, special to Light Reading
About the Author(s)
You May Also Like