India’s new policy requiring VPN services to collect and hand over data on customers is prompting NordVPN to consider pulling its servers from the country.
“We are committed to protecting the privacy of our customers; therefore, we may remove our servers from India if no other options are left,” NordVPN told us.
India is implementing the new policy to help it fight cybercrime. But the data-collection requirement also undermines the whole point of installing a VPN, which are often designed to protect a user's privacy.
Under the new policy, VPN providers would need to log data on which IP addresses their customers are using and store the information for at least five years. As a result, the data could be used to map out customers' web activities if it’s ever turned over to Indian authorities.
NordVPN said: “At the moment, our team is investigating the new directive recently passed by the Indian government and exploring the best course of action. As there are still at least two months left until the law comes into effect, we are currently operating as usual.”
Pulling the servers would mean NordVPN users could no longer reroute their encrypted internet connections through the country. However, locals could still use NordVPN; they would just need to encrypt their connections through NordVPN servers based in East Asia or the Middle East.
The bigger issue is if India decides to punish VPN providers that refuse to follow the data-collection policy by blocking local access to offending VPN services.
At the moment, it appears no major VPN provider plans on going along with the new regulations, which take effect on June 27. Four other services—ExpressVPN, ProtonVPN, PureVPN, and Surfshark—told us they plan to prioritize their
Read more on pcmag.com