The company said it “refuses to participate in the Indian government’s attempts to limit internet freedom”
New Delhi: ExpressVPN has opted to pull out of India instead of complying with the Indian Computer Emergency Response Team (CERT-In)’s directive asking virtual private network (VPN) providers to store data of users for five years. In a blog post, the company said it “refuses to participate in the Indian government’s attempts to limit internet freedom”.
“With a recent data law introduced in India requiring all VPN providers to store user information for at least five years, ExpressVPN has made the very straightforward decision to remove our Indian-based VPN servers,” the company said.
It added the users will still be able to connect to VPN servers that will give them Indian IP addresses and allow access to the internet as if they were located in India. “These ‘virtual’ India servers will instead be physically located in Singapore and the UK,” the company said.
It said the rules are incompatible with the purpose of VPNs, which are designed to keep users’ online activity private. “The law is also overreaching and so broad as to open up the window for potential abuse. We believe the damage done by potential misuse of this kind of law far outweighs any benefit that lawmakers claim would come from it.”
Rules, which come into effect on June 27, require all cloud service and VPN providers to maintain a series of extensive customer information for at least five years. This includes validated names, addresses, and contact numbers of customers, period of subscription, email addresses and IPs used, and the purpose for using services, etc.
“The failure to furnish the information or non-compliance with the … directions, may invite punitive action,” an order dated April 28 said.
HT reached out to the electronics and information technology ministry for comments but did not receive a response immediately.
Trending Topics to Follow