Service providers will be required to maintain a database that includes user IP addresses, names, period of subscription, user email addresses, validated addresses, and contact information. India’s junior IT minister Rajeev Chandrasekhar released a frequently asked questions document on Wednesday addressing concerns aimed at the new rules – particularly around the requirement that tech companies provide information on data breaches to government within six hours of the incident occurring. “The nature of user harms and risks in 2022 are different from what it used to be a decade back … Rapid and mandatory reporting of incidents is a must and a primary requirement for remedial action for ensuring stability and resilience of cyber space,” said Chandrasekhar. According to Reuters, Chandrasekhar also said that tech companies should “pull out” of the country if they do not want to comply with the new government directive. Meanwhile, VPN provider ProtonVPN expressed concerns regarding the new rules, claiming that the regulations are “an assault on privacy and threaten to put citizens under a microscope of surveillance”, and that the company remains committed to its “no-logs policy”.
Related Coverage
The fall of Paytm: Warren Buffett’s only Indian investmentScams, terror, and national security: Problems with Chinese microloan apps in IndiaIndia’s homegrown messenger Hike signals its demise and a missed opportunityIndian digital pay arena gets more convoluted with opaque 30% cap on transactionsWill Google destroy Indian entrepreneurship? Many tech startups think so