In India, VPN or Virtual Private Network usage will not be private anymore. This is because, in a recent direction, the country’s Computer Emergency Response Team which is popularly known as CERT-In, directed the VPN companies to store their customer’s data and keep it for five years or more.
As per this direction, from now on the VPN companies have to store their customer’s name, physical, and I.P. address, usage pattern, and identity proof. Further, non-compliance with this order may lead to a one-year prison term for the authorities of the VPN companies.
The instruction is not limited to VPN service providers only. Both data center and cloud service providers are also listed under the same provision. Companies must retain Customers’ information even after the Customer cancels his/her subscription or account. In all cases, CERT-In will require companies to report “unauthorized access to social media accounts” of their users.
Most VPNs operate on a no-logging policy
Most VPNs operate on a no-logging policy. The companies promise that customer usage and browsing data will not be logged, collected, or shared. Major service providers like ExpressVPN and Surfshark only work with RAM-disk servers and other log-less technology, meaning VPNs would theoretically be unable to monitor URLs.
The Indian Computer Emergency Response Team or CERT-In is an office within the Ministry of Electronics and Information Technology of the Government of India. It is the nodal agency to deal with cyber security threats like hacking and phishing. It strengthens the security-related defense of the Indian Internet domain. CERT-IN was formed in 2004 by the Government of India under the Information Technology Act, 2000 Section (70B) under the Ministry of Communications and Information Technology. However, at present, it works under the Ministry of Electronics and Information Technology (MeitY), Government of India.
To get all the updates from our website, enable the notification by pressing the bell button.