The IT Ministry of India has ordered the VPN companies to collect as well as store the users’ data for 5 years. Moreover, data centers and crypto exchanges have also been asked by the CERT-in or the Computer Emergency Response Team to to collect and to store the user data to coordinate along with the response activities and emergency measures connected to the cyber security in India.
According to the new government law, if anybody fails to meet the Ministry of Electronics and IT demands, it will lead to an imprisonment for upto one year. Even if the user has cancelled the subscription to the VPN service, the companies still have to maintain the records of the users.
Identity theft, spoofing, phishing attacks, attacks on servers like databases (mail, DNS and network service like routers), data breach, data leak, fake mobile apps, unauthorized access to social media accounts are some of the data that the VPN companies will be sending to the government.