“This is against everything we stand for,” Proton VPN exits India over new data law

The Swiss-based company behind Proton VPN has decided to shut down all its servers in India.

This comes amid concerns about the new CERT-In regulations that are about to come into effect.

Proton is just the last of the best VPN providers to leave the country to protect the privacy of its customers. In June, we saw ExpressVPN’s departure from India, Surfshark’s promise to remove its physical servers, Hide.me’s announcement to pull the plug, along with NordVPN last joining the exciting group that feared for freedom of expression.

Under India’s new law, VPN companies must keep users’ real names, IP addresses assigned to them, usage patterns and other identifying data for up to five years. They will also have to hand over this information to the authorities upon request.

The new legislation was initially supposed to come into effect on June 28, but will come into effect on September 25.

Smart Routing Servers to Get India IP Address

Talking about his decision in a blog post (opens in new tab)the provider said: “This is against everything we stand for.

“We have no intention of complying with this invasive mass surveillance law, leaving us no choice but to remove our VPN servers from Indian jurisdiction.”

However, this does not mean that people in India cannot enjoy the protection of the software. On the contrary, actually.

Users can still opt for one of the many secure international servers available in 64 countries. And those who need a secure connection through an India IP address can enjoy the security of its Smart Routing Network.

Like other providers who have gone virtual to protect the privacy of their users, Proton Smart Routing servers are physically located in Singapore. However, these are the same in terms of functionality, allowing users to get an Indian IP address.

“If you live in India or have connected to our India-based VPN servers from elsewhere, you can switch to these Smart Routing servers and use Proton VPN as before,” assures the provider.

Therefore, while safely browsing the web locally, users in India will still have their data secured by a no-logs type VPN service.

Why is the new data retention law in India controversial?

While India’s new data retention law is an effort to tackle cybercrime, its regulations have raised a lot of concern in the tech sector and privacy advocacy groups.

“It will have a chilling effect. I think it’s really sad that the world’s largest democracy is going down this road,” Proton AG Chief Executive Andy Yen told The Wall Street Journal (opens in new tab)adding that the move will also expose activists and whistleblowers to dangers.

However, concerns that such intrusive regulations could be easily misused to promote mass surveillance and undermine citizens’ civil liberties are not unfounded. India is indeed notorious for its declining media freedom (opens in new tab) and the shame of recording more internet outages than any other country (opens in new tab) in the world.

In addition, VPN providers are just some of the companies subject to the new CERT-In guidelines. Other services include data centers, cloud storage services, virtual private servers (VPS), and cryptocurrency exchanges.

The amount of private information stored will then be enormous, across thousands of different companies. This does not raise many doubts about the feasibility of new regulations.

At this point, Laura Tyrylyte, head of public relations at NordVPN, told TechRadar, “It’s hard to imagine that everyone, especially small and medium-sized businesses, will have the right resources to ensure the security of such data.”

And it’s not just privacy concerns. India’s new data law is also believed to have a negative impact on the burgeoning IT sector, perhaps translating into higher fees for Indian VPN users in general.