Another of the world’s best VPN providers has announced its decision to pull the plug on its Indian servers.
After ExpressVPN exited India last week, Surfshark has now followed suit, stating that the country’s new CERT-In regulations ‘go against the core ethos of the company’.
Expected to come into force on June 27, India’s new data retention law will force VPN companies to keep users’ data – like IP addresses, real names and usage patterns – for up to five years. They will also be required to hand this information over to authorities upon request.
Surfshark Head of Legal Gytis Malinauskas said that the company, which operates under a strict no-log policy, is not willing to compromise its values nor its technical base.
Collect and store customer data? NO! We value people’s privacy – that’s why we stand against India’s new data regulation law ⚖️ We’ll shut down our physical Indian servers. Still, you’ll be able to connect to virtual servers through Singapore and London – check our server list 🌏June 7, 2022
What does this change for Surfshark users in India?
After the new regulations come into effect, Surfshark is set to introduce virtual Indian servers to replace its physical ones in the country, claiming these will be ‘functionally identical to physical ones’.
Until then, Surfshark subscribers will be still able to connect to physical servers located in the country as usual.
Once the virtual servers are available, the provider’s users will find those browsing its regular server list. They will have the option to choose to reroute their connection via Singapore or London, while still getting an Indian IP address. The only difference is that the physical server will be located outside the country so that users’ data will be secure from Indian authorities’ control.
“Meanwhile, Surfshark will continue to closely monitor the government’s attempts to limit internet freedom and encourage discussions intended to persuade the government to hear the arguments of the tech industry,” the provider wrote in an official statement.
What is India’s new data retention law?
India’s new data retention law doesn’t affect only VPNs but also cloud storage services, virtual private servers (VPS), data centers, and cryptocurrency exchanges. An attempt to fight back cybercrime, it has been sparking many concerns across the tech sector and privacy advocate groups.
Commentators are worried that a country with regressive media freedom – India just dropped to 150th out of 180 countries in the 2022 Reporters Without Borders’ Press Freedom Index – can easily misuse these directives to enforce their grip on the wider public.
At the same time, experts believe that this climate could have a negative impact on the fast-growing India IT sector too. As Future Market Insights Chief Operating Officer Sudip Saha told TechRadar: “Bans on VPNs will primarily hurt corporate interests by acting as a disincentive to investments and doing business in India.”
