VPN Providers Flee India as a New Data Law Takes Hold

Ahead of the deadline to comply with the Indian government's new data-collection rules, VPN companies from across the globe have pulled their server out of the country.

The, or CERT, a body appointed by the Indian government to deal with cyberattacks and threats, will require VPNs operators to collect and maintain customer information for at least five years after they have canceled their subscription or account.

In April, CERT said it needed to implement these rules because the security provider wouldn't give them the necessary information. The new rules will strengthen cyber security in India according to the CERT.

The move impacts user privacy and freedom of speech, as well as the sole purpose of using a virtual private network, which is to hide users' locations and identities.

"As digital privacy and security advocates, we are concerned about the possible effect this regulation may have on not only our users but people's data in general" The amount of stored private information will be vastly increased. Similar regulations have been introduced by authoritarian governments to gain more control over their citizens.

India became the country with the highest rate of growth in the use of virtual private networks. In the first half of the year, 348.7 million VPNs were installed, a 668 percent increase over the first half of 2020. The need for Indians to protect themselves online is one of the reasons for the huge growth.

According to Tejasi Panjiar, associate policy counsel at the Internet Freedom Foundation, virtual private networks can be used to protect information security in a number of ways. They help secure digital rights under the constitution, especially for journalists and whistle blowers, because the nature of information that is transferred over a virtual private network is mostly ciphers, which allows them not only to secure confidential information but also to safeguard their own identity.

The government said it wouldn't violate user privacy as information would only be sought on a case by case basis. The Indian government has a history of surveilling critics. At least five phones of people who may have been spied on by the government contained malicious software, but the report was not made public. The country's top court recommended that existing surveillance laws include the right to privacy and introduce mechanisms for citizens to complain.