The new law requires service providers to store users’ web usage patterns, designated IP addresses, etc. for the past five years and hand it over to CERT India.
Last month Hackread.com reported about the new law in India passed under the Information Technology Act 2000 provisions of sub-section (6) of section 70B, making it compulsory for VPNs and other internet service providers to collect sensitive user data.
The new law has garnered the Indian Computer Emergency Response Team (CERT-In) immense criticism for limiting user privacy. As per the new directions, all internet service providers will collect/store user data for the past five years and hand it over to the agency. This includes VPN service providers, data centers, body corporate, and intermediaries however, ExpressVPN has rejected the new law.
ExpressVPN Removed its Servers in India
VPN service providers view the new directions as a direct violation of a VPN service. ExpressVPN, now owned Kape Technologies, claims that the directions are “incompatible” with the core purpose of using VPNs, designed exclusively to retain users’ online privacy. Hence, the company has removed its servers from India.
The VPN vendor stated that this isn’t just a policy-based decision, and there’s another factor involved. Its servers