Delhi: CERT-In (Indian Computer Emergency Response Team) has extended the deadlines for VPS, VPN service, data centre and cloud service providers to comply with new privacy rules to Sept 25.
With this new extension, VPN, data centres and cloud service providers get three months period to implement the new privacy rules. The new privacy rules were supposed to come into effect on June 27 but now the deadline has been extended for three months.
The new privacy rules as directed by CERT-In require VPS (virtual private server), VPN (virtual private network), data centre and cloud service providers to store user information for at least five years. They will have to maintain records of users’ logs for 180 days and store customer data such as their validated names, IP addresses, email addresses and other details.
“The recent regulation for VPN service providers by CERT is mostly aimed at B2C or personal VPN service providers. Quite often these kinds of services are also used for anti-national activities which a government body might not be able to track easily,” said Sandip Kumar Panda, Co-Founder of Instasafe Technologies.
Interestingly, these VPN, data centres and cloud service providers legally operating in India have to comply with the new privacy laws along with other Indian laws and regulations.
However, the Indian government also need to re-look at those providers that are operating outside India but whose services are available or used in the country.
“If India wants to extend their authority over offshore VPN companies, it might have to collaborate with existing Spy alliances like “The Five Eyes / FVEY” between US, UK, Canada, Australia and New Zealand who monitor electronic communications of their citizens and have similar data retention laws,” pointed out Panda.
“It is also not entirely possible to apply this regulation as all VPN service providers might be operating from different countries,” concluded the security industry veteran.