In April, the Indian government announced its new VPN policy that will significantly impact the VPN market in the region and the overall online privacy of Indian users. The rules were originally set to take effect from July 27. However, last week, The Indian Computer Emergency Response Team (CERT), the body appointed by the government to protect India’s information infrastructure, extended the policy to September 25.
What Is the New Policy and Why Is It Bad News for Indian Residents?
According to the new regulations by CERT-In, any security software companies are now legally obliged to store user data:
- Full names.
- IP addresses.
- Physical addresses.
- Contact details (phone numbers, email addresses, etc.).
- Online activities and search history.
This information will be stored for at least five years, even if the user is no longer using the services. ISPs and all data centers will now keep logs of users’ activities for 180 days as means of cybersecurity control.
CERT-In claims the law is meant to crack down on increasing cybercrime rates. However, it’s unclear how access to user data will help fight cybercrime and not abuse privacy. Over the last few years, we’ve already witnessed sensitive user data breaches. The more data is stored on servers, the bigger the breach threat is.
Software companies in India will also face severe repercussions. CERT-In requires them to report data breaches within six hours of discovery, and failure to comply results in fines.
How Will the New Policy Affect VPN services?
Because the new regulation requires data centers to keep logs of users’ activities, VPN services are now facing a dilemma. The no-log policy is the core principle of most of the trustworthy VPNs out there. The whole concept of user privacy is now shattered. What’s worse, VPNs will be required to hand the user data over to Indian authorities upon request.
The new India VPN policy is an apparent attack on internet freedom. VPNs can either shift their servers from India or comply with the new rules and compromise user privacy and safety. That’s why most of the top VPNs on the market are already moving their servers outside India.
How Is ClearVPN Planning to Protect User Privacy?
As the ClearVPN team, we are doing our best to provide a secure browsing experience while enhancing user privacy. ClearVPN has a strict no-log policy, which means the app doesn’t collect any information related to the activity of its users: no IP addresses, browsing history, DNS queries, etc.
Last week, we moved our servers outside India to comply with our principles — the security and privacy of our users are our top priorities at ClearVPN. Regardless of the extended date for the India VPN policy to take effect, we feel obliged to take care of our users and act before any damage is done.
Should You Still Use a VPN in India?
Of course, a good VPN can still protect your privacy. However, if the service has its physical servers in India, we recommend staying away. Once the new rules take effect on September 25, your online privacy will become a target of the Indian government and face a high risk of a data breach. Learn more about anonymous browsing to always stay private and secure on the web.