VPN Providers Threaten To Quit India Over New Data Law

VPN companies are squaring up for a fight with the Indian government over new rules designed to change how they operate in the country. Wired: On April 28, officials announced that virtual private network companies will be required to collect swathes of customer data -- and maintain it for five years or more -- under a new national directive. VPN providers have two months to accede to the rules and start collecting data. The justification from the country's Computer Emergency Response Team (CERT-In) is that it needs to be able to investigate potential cybercrime. But that doesn't wash with VPN providers, some of whom have said they may ignore the demands. "This latest move by the Indian government to require VPN companies to hand over user personal data represents a worrying attempt to infringe on the digital rights of its citizens," says Harold Li, vice president of ExpressVPN. He adds that the company would never log user information or activity and that it will adjust its "operations and infrastructure to preserve this principle if and when necessary." Other VPN providers are also considering their options. Gytis Malinauskas, head of Surfshark's legal department, says the VPN provider couldn't currently comply with India's logging requirements because it uses RAM-only servers, which automatically overwrite user-related data. [...] ProtonVPN is similarly concerned, calling the move an erosion of civil liberties.

Read more of this story at Slashdot.