• The Ministry of Electronics and Information Technology has created an updated rule that does not be a hindrance to internet privacy.
  • VPS VPNs, VPS Data centers, Intermediaries, VPS, and crypto exchanges are required to retain the data of their clients for five years. This applies to every user, even those who are active, but not active, and have utilized the services.
  • MeitY rule was introduced in April and will be effective in June 2022. However, VPN service providers that have no-log policies, for example, ExpressVPN claim they will not comply with the MeitY rule.

One advantage of using reliable VPN services and cryptocurrency exchanges is that they do not retain users’ information. This means that VPNs safeguard their users from being harmed and exposed even to surveillance by the government. This is among the primary reasons that Internet users turn on these services.
Now, however, India’s MeitY (Ministry of Electronics and Technologies), as well as CERT-In (Indian Computer Emergency Response Team), require that these companies track and collect data from users that could ultimately affect the privacy of users.

The new law was announced in the latter part of April and is expected to start in June of this year and just one month. These Indian government agencies are mandating VPNs as well as data centers crypto exchanges, VPS as well as intermediaries to store the data of users.

Five years is the time frame any information you provide to the service providers will be kept within their databases for five years. Additionally, regardless of whether you’re making use of it or not, all your information should remain until the five years expire. As per CERT-In and MeitY, the reason is to facilitate a speedier resolution to issues related to cybersecurity.

How will implementation go and what will be the resulting challenges

To ensure that these new rules be effective, CERT-In demands the parties affected create an effective Point of Contact for easy communication. This means that all data centers VPS providers, India-based VPN companies, Crypto exchanges, and Government agencies must be in contact through CERT-In to ensure compliance.

On the other hand, There are also lawful ways to penalize non-compliant parties. The new direction will come into effect on June 27, 2022.

However, there are several debates about the new rules as well as how the new rule could affect the service providers. Most importantly, VPN services make sure that third-party websites don’t have access to their users’ location as well as browsing history and IP addresses. These methods help maintain the privacy of users.

However, now, CERT-In mandates them to collect and keep such data as IP addresses, emails and intent for usage, and even contact numbers. Additionally, Cloud services and Datacenters are expected to follow the new rules. What do these companies perform in light of this new policy?

Additionally, certain VPN services also operate under the “no-log” policies, which means they don’t record data or track users’ information. What’s more, how do they keep the trust of their users when they’re collecting sensitive personal data which could expose users to a risk?

The new MeitY rule

Numerous well-known people in the world of business have expressed their opinions on the impact of the new rule. First, Apar Gupta, the Director of the Internet Freedom Foundation, stated that the rule could make certain VPNs exempt from the Indian market. This is because all VPN providers that offer”no-log” policy “no-log” policy do not comply with the rules.

Gupta added that this new 90-day period of log management on ICT systems will impact security. This means that individuals’ personal information could fall into the hands of cybercriminals.

Because of these modifications to the way they operate, top VPN services such as ExpressVPN, Surfshark, and ProtonVPN have stated that they aren’t the requirement to collect data from users. These VPNs adhere to their “no-log” rule and plan to maintain this policy.