The Indian government has just announced a new order asking VPN companies to collect and provide them with user data. The step is regarded as a violation of data privacy.

Entrackr recently published a report highlighting that the Indian government wants VPNs to collect the data of users for five years on their servers and then hand it over to the government. Computer Emergency Response Team (CERT-in), a department of the Ministry of Electronics and IT issued the order which also applies to Cloud and Crypto-based firms.

Firm managements that fail to comply with the order will a face prison sentence of up to a year under Section 70B(7).

Under the order, user data, including their names, will be validated and stored along with their IP addresses, usage patterns, and other forms of identifiable information. The department clarified that the measures taken are an effort to “coordinate response activities as well as emergency measures concerning cyber security incidents.” However, it is a major violation of user rights and data privacy.

VPN, cloud, and crypto firms are due to collect data starting later in June this year.