The Indian IT Ministry has ordered Virtual Private Network (VPN) service providing companies to collect and store information of Indian users for up to five years.
VPN is a service that protects your internet connection and privacy online. A VPN establishes a secure, encrypted connection between your computer and the internet, providing a private tunnel for your data and communications while you use public networks. This protects your online identity by hiding your IP address.
VPN is often used by journalists, activists and others to protect their identity activity.
The union ministry has now ordered VPN companies to collect extensive customer data, and maintain it for five years or more, under a new national directive from the country’s Computer Emergency Response Team, known as CERT-in.
The CERT-in is an office within the Ministry of Electronics and Information Technology. It is the nodal agency to deal with cyber security threats like hacking and phishing.
The new directive will come into effect from the end of June and will also be applicable to cloud service providers and virtual private server providers.
The CERT-in also said that any organisation which fails to comply with the directions can face action under subsection (7) of section 70B of the Information Technology Act. The section has provisions for a jail term of one year, a fine of up to Rs 1 lakh, or both.
VPN services are currently regulated, or are completely banned, in only a few countries like Belarus, China, Iraq, North Korea, Oman, Russia, and the United Arab Emirates, according to internet security services firm Norton.