India Demands User Data from VPN Companies

The Indian government demands virtual private companies to collect and store user data for at least five years under a new national directive in India.

VPNs in India will have to save customer names, validated physical and IP addresses, usage trends, and other personally identifiable information under CERT-In in a new national directive issued on April 28.

The Indian Computer Emergency Response Team, also known as CERT-In, is India’s primary agency on cyber security threats and works under the Ministry of Information Technology.

The new directive in India will be effective in 60 days from April 28 and will apply to cloud service providers and virtual private server providers.

CERT-In said that cryptocurrency exchanges have also been directed to keep a record of users’ financial transactions for five years.

“The virtual asset service providers, virtual asset exchange providers, and custodian wallet providers (as defined by the Ministry of Finance from time to time) shall mandatorily maintain all information obtained as part of Know Your Customer (KYC) and records of financial transactions for a period of five years,” CERT-In said in its order.

CERT-In added that the new directive was made to ensure the security of payments and financial markets for consumers while protecting their data, fundamental rights, and economic freedom because of the expansion of virtual assets.


© Fourth Estate® — All Rights Reserved.
This material may not be published, broadcast, rewritten or redistributed.