Quick News Bit

NordVPN may remove Indian servers due after CERT directives


India’s new rules for virtual private network (VPN) providers may lead such companies to abandon Indian users on their platforms. In a statement to Mint today, one of the top VPN providers in the world, called NordVPN, said that it may cease operations in India in light of the cybersecurity rules furnished by the Ministry of Electronics and Information Technology (MeitY), on April 28, through the Indian Computer Emergency Response Team (CERT-In).

“At the moment, our team is investigating the new directive recently passed by the Indian government and exploring the best course of action. As there are still at least two months left until the law comes into effect, we are currently operating as usual. We are committed to protecting the privacy of our customers therefore, we may remove our servers from India if no other options are left,” Patricija Cerniauskaite, spokesperson for NordVPN, said.

VPNs, which typically mask a user’s actual internet protocol (IP) address and encrypt a user’s web traffic to add a layer of privacy to browsing, often store and track user data even without any mandate. A research of data parameters collected by private VPNs show how a large section of these services regularly maintain user data logs. NordVPN, in this research, is pegged as one of the few VPNs that do not voluntarily maintain data tracks of its users.

Explaining prevalent data collection and tracking practices by VPNs, Akash Karmakar, partner at law firm Panag & Babu, said, “VPNs did not track users other than for payment data which was stored by the payment gateway. Most VPNs used a double blind approach where they did not collect the user data and any user grievance was raised as an anonymous ticket.”

He added that the statutory limitation period for VPNs for user data tracking was three years, for which a user would be mapped to payments made by respective users for data security practices. “Now, with the five-year retention period, the intention of the government seems to be to mandate that VPNs introduce a traceability requirement to identify their users,” Karmakar added.

The new set of cyber security rules state that companies are required to mandatorily report cyber incidents, which include most forms of threats and breaches, to the Indian Computer Emergency Response Team (Cert-In) within six hours of noticing the same. The rules also urge crypto exchanges to maintain logs similar to what VPNs have been mandated to do.

Subscribe to Mint Newsletters

* Enter a valid email

* Thank you for subscribing to our newsletter.

For all the latest Technology News Click Here 

 For the latest news and updates, follow us on Google News

Read original article here

Denial of responsibility! NewsBit.us is an automatic aggregator around the global media. All the content are available free on Internet. We have just arranged it in one platform for educational purpose only. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials on our website, please contact us by email – [email protected]. The content will be deleted within 24 hours.

Leave a comment