- VPN providers in India must block access to illegal websites
- MeitY request aims to protect personal data of Indian citizens
- Obligations could conflict with the operation of VPN services without logging
VPN providers operating in India have been asked to block access to websites that illegally leak citizens’ personal information, following an advisory from India’s Ministry of Electronics and Information Technology (MeitY).
The directive, issued on December 11, warns that these websites “pose a significant risk to Indian users”.
Authorities have highlighted several specific sites that allegedly leak sensitive personal data, including full names, addresses, cell phone numbers and email addresses. According to the notice, these platforms remain accessible to users connecting via a virtual private network (VPN).
Under the IT Act 2000 and IT Rules 2021, VPN providers must “use reasonable efforts” to prevent access to websites that operate in violation of the law. The directive also explicitly reminds providers of their obligation to assist authorities by providing information necessary to verify identities or investigate cybercrimes.
What does this mean for VPN users?
Although MeitY’s application aims to protect the personal data of Indian citizens, it fundamentally conflicts with how the best VPN apps work.
Privacy-focused providers operate under a strict no-logging policy. This means that the service does not collect any identifiable information about what users do online while connected to the VPN.
TechRadar has contacted several popular VPN providers to clarify whether and how they intend to comply with these obligations, and we will update this page when we receive a response.
Many companies, including NordVPN, Proton VPN, ExpressVPN and Surfshark, have decided to remove their physical servers from India in 2022. The move was a direct reaction to CERT-In rules requiring VPN and security software providers to store user data – such as IP addresses, real names and usage patterns – and hand it over to authorities upon request.
Unsurprisingly, these requirements were deemed inconsistent with the primary purpose of a VPN by the industry.
The latest advisory threatens to reignite the debate between protecting user anonymity and law enforcement’s need to access data to fight crime. However, if the industry’s response three years ago is any indication, we expect most VPN companies to prioritize their privacy promises to users and refuse to collect or share data with anyone, including the police.
We test and review VPN services in the context of legal recreational uses. For example: 1. Access a service from another country (subject to the terms and conditions of that service). 2. Protect your online security and strengthen your online privacy abroad. We do not support or approve the use of a VPN service to break the law or conduct illegal activities. Consumption of paid pirated content is not endorsed or endorsed by Future Publishing.
Follow TechRadar on Google News And add us as your favorite source to get our news, reviews and expert opinions in your feeds. Make sure to click the Follow button!
