The Indian government has announced a new data collection directive (No. 20(3)/2022-CERT-In) going into effect on June 27, 2022. The passed legislation forces data-handling companies, including VPNs, to collect customers’ personal information. What’s more, it also requires your data to be stored and shared if needed for up to five years – even if you stop using the service.
This affects VPNs directly, since any online service in India has to comply with the new legislation. That’s why you might have seen your usual VPNs making statements about withdrawing from the country.
So, what does it mean for you as a user? Can you use a VPN anonymously despite the sudden changes? Let’s take a look.
Why Is the New Directive Bad News for Indian Residents?
The No. 20(3)/2022-CERT-In rule severely undermines the online privacy of Indian residents. Whether you live in India or are traveling through the country, your online activities will be linked to your personally identifiable information (PII).
The directive is the first step to tougher online censorship, especially since CERT-In specified companies must report “unauthorized access to social media accounts”.
Under the new directive, companies like VPNs, data centers, and cryptocurrency markets have to store your (PII), such as:
Your full name. IP addresses. Online habits and search history. Contact numbers. Dates you started (and stopped) using a service.
CERT-In claims the law was passed as a way to crack down on increasing cybercrime rates. However, it’s not entirely clear how collecting your data