India warns VPNs and platforms to block data leak sites
JournalismPakistan.com | Published 1 hour ago | JP Asia Desk
Join our WhatsApp channel
India’s IT ministry has issued an advisory directing VPN providers and intermediaries to block access to websites exposing personal data, highlighting legal obligations under Indian law.Summary
NEW DELHI — India’s Ministry of Electronics and Information Technology on December 11 issued an advisory directing virtual private network providers and other online intermediaries to block access to websites that expose Indian citizens’ personal data without consent. The advisory identifies platforms that allow the public to query sensitive information using a mobile number as posing a serious privacy risk to users.
The ministry emphasised that these sites remain accessible through VPN services unless providers take action to prevent access and warned that failure to comply could expose service providers to liability under Indian law.
Regulatory duties under Indian law
The advisory from the Ministry of Electronics and Information Technology reminds VPN providers and intermediaries of their due diligence obligations under the Information Technology Act, 2000 and the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021. These rules prohibit hosting or transmitting information that belongs to another person without proper rights, invades privacy, or affects public order and national security.
The ministry explicitly flagged websites such as proxyearth.org and leakdata.org that have been reported to allow users to view names, addresses, phone numbers, and email IDs linked to Indian mobile numbers without authorization. It said such platforms operate in violation of Indian law and pose significant risks to user safety and privacy.
Compliance risks and industry impact
The advisory also underscores that intermediaries and VPN services could lose safe-harbour protections under Section 79 of the IT Act if they neglect their duties to restrict unlawful content. Loss of safe-harbour protections could result in legal action under the IT Act and related legislation.
In past regulatory moves, Indian authorities have required VPN and related service providers to collect and retain verified customer information to support cybersecurity and law enforcement efforts. Some major VPN companies previously withdrew physical servers from India in response to data retention mandates to avoid compliance complexity.
KEY POINTS:
- MeitY issued an advisory for VPN providers and intermediaries to block access to sites leaking Indian citizens’ personal data
- Platforms like proxyearth.org and leakdata.org were highlighted for exposing sensitive information without consent
- Advisory cites due diligence obligations under the IT Act and IT Rules 2021 to prevent privacy violations
- Intermediaries risk losing safe-harbour protections under Section 79 of the IT Act if they fail to act
- The directive reflects growing regulatory scrutiny of online privacy and platform compliance in India
ATTRIBUTION: Reporting based on verified news sources.
