The first salvo has been fired in the fight between the Indian government and VPN service providers over the new IT rules requiring them to maintain logs of customer data — ExpressVPN announced on Thursday that it was shutting down its Indian servers.
"With a recent data law introduced in India requiring all VPN providers to store user information for at least five years, ExpressVPN has made the very straightforward decision to remove our Indian-based VPN servers.
The new rules — effective from June 27 — require VPN service providers, among others, to maintain logs of user data for a rolling period of 180 days; five years in some cases. Service providers have 60 days from June 27 to comply, and Union Minister of State for Electronics and Information Technology Rajeev Chandrasekhar and ruled out any extension on this front.
ExpressVPN has called the new rules "overreaching" and said it opens up a window for potential abuse. "ExpressVPN refuses to participate in the Indian government’s attempts to limit internet freedom ... we will continue to fight to keep users connected to the open and free internet with privacy and security, no matter where they are located. We will never collect logs of user activity or connection logs," the VPN provider said.
Also read:
ExpressVPN said this move will not disrupt service to its Indian users.
"Rest assured, our users will still be able to connect to VPN servers that will give them Indian IP addresses and allow them to access the internet as if they were located in India. These 'virtual' India servers will instead be physically located in Singapore and the UK," ExpressVPN said in a blog post.
ExpressVPN has become the first VPN service provider to take tangible action ever since the new rules were announced in April. Nord VPN has threatened to exit India, while Surfshark said it is considering all options and legal remedies before taking a decision.
"Internet users based in India ... can use ExpressVPN confident that their online traffic is not being logged or stored, and that it’s not being monitored by their government," the company added.
The new data law was notified by the Indian Computer Emergency Response Team (CERT-In), and is intended to help fight cybercrime. Under the rules, companies will be required to store users’ real names, IP addresses assigned to them, usage patterns, and other identifying data.
(Edited by : Abhishek Jha)
Check out our in-depth Market Coverage, Business News & get real-time Stock Market Updates on CNBC-TV18. Also, Watch our channels CNBC-TV18, CNBC Awaaz and CNBC Bajar Live on-the-go!
Lok Sabha Election 2024: Issues raised by Prime Minister Modi have not resonated with people of Tamil Nadu, says Congress
Apr 19, 2024 11:38 PM
West Bengal Lok Sabha elections 2024: A look at Congress candidates
Apr 19, 2024 8:45 PM