Atlas VPN is removing India-based servers due to the new data law
India's Computer Emergency Response Team has initiated a new law for data-handling companies, including virtual private networks, which says that businesses must collect and store client data for up to five years and disclose it to the government upon request. The new law will affect companies with physical infrastructure in India and is set to come into effect on June 27, 2022.
This new rule directly hinders the privacy of our users, which is one of the primary reasons people choose to use a VPN. Consequently, Atlas VPN will remove all of its India-based servers as of June 27. Continuing to maintain our servers in India would mean we have to comply with the law putting our user's anonymity at risk, and we refuse to do that.
As for users in India, they can continue using our services without the fear of being monitored, by connecting to servers outside of their country.
Why we chose to remove our servers in India
While countries' laws and legislations change, our priority to safeguard user privacy remains. Therefore, in light of India's upcoming data collection directive, the way we can continue to do so is by removing our India-based infrastructure.
One of the main motives why Atlas VPN came into the market was to provide all users, irrespective of their budget or tech-savviness, with the possibility to browse the web more anonymously. This law stands directly in opposition to that mission.
Besides, we operate under a strict no-logs policy. It means that we don't collect or share and, therefore, wouldn’t be able to provide any information that could identify an individual or their online activity.
The implications of new directive for online privacy
With cybercrime numbers rising in the country, the Indian government wants to put mechanisms in place to address the problem. However, requiring companies to retain large amounts of sensitive user data puts companies and their users at risk of the very thing it aims to combat — data breaches.
After all, the statistics are worrying. Accroding to the 2021 year data, nearly 73 percent of organizations in India expect to experience a data breach that impacts customer data in the next 12 months.
Moreover, it is also not the first time the Indian government has imposed broad obligations on tech companies. In the past, it issued rules requiring social media companies to censor online content and undermine end-to-end encryption to reveal the first originator of the information. It also imposed blocks on PUBG and TikTok, among hundreds of other apps.
These are just some of the reasons why the internet freedom index in India has been declining for four years in a row. With the new regulations forcing companies to log India's internet user data, digital freedom will be further diminished.
India's internet users have long recognized the importance of VPNs for protecting their freedom and privacy and ensuring their web security. According to our 2021 VPN adoption numbers, a fifth of India's population use a VPN. With a new data collection directive in effect, VPNs will be more important than ever.
