Senior official in MeitY says there is a need to bring in more accountability; VPN companies express displeasure over directives to keep personal data of users
The government has begun work on stricter Information Technology (IT) Rules and will soon start discussions with industry leaders and other stakeholders to bring in more accountability for these platforms.
“There isn’t much accountability right now, but whatever is good for the country and society, whatever has to happen, should happen. The government will soon start discussions with intermediary companies, especially on such accountability and safe harbour issues,” a senior official at the Ministry of Electronics and IT (MeitY) told BusinessLine.
For instance, recently, the Indian Computer Emergency Response Team (CERT-In) issued fresh directions mandating compliance in relation to cyber security incidents, ranging from the requirement to report incidents within six hours to storing system logs locally in India.
Keeping personal data
However, some virtual private network (VPN) companies are against the CERT-In directives, which also require keeping the personal data of users for five years or longer. The data must be given to the government when asked.
The MeitY official said, “Protection of personal data has become a key part of our ecosystem today. That has to be a part of the entire unit. Then comes the whole concept of “Safe Internet”. Twenty years ago, when the IT Act was created, the world was different from today’s. So we have to create legislation keeping all these in mind.”
He added that the government is asking VPN companies to keep personal data for five years so that if necessary, in case of cybersecurity issues, it can be traced.
The new VPN rules kick in next month and services providers who don’t comply with them may be declared illegal in India. The Parliamentary Standing Committee of Home Affairs had called for a ban on VPNs last year.
When asked about safe harbours, the official said that the concept of safe harbour is pretty old and now there is a need for change.
“There is a question mark world-over on the concept of safe harbour. It is a construction of the late-1980s when the Internet and social media were not strong. If you look at the Digital Services Act (DSA), the concept of safe harbour is completely gone. Safe harbour is a construct from when social media did not exist. Many places are now moving to newer legislations where there is no concept of complete safe harbour. Take for example Australia or South Korea,” he added.