India warns VPNs and platforms to block data leak sites
JournalismPakistan.com | Published: 12 December 2025 | JP Asia Desk
Join our WhatsApp channel
India's Ministry of Electronics and Information Technology has advised VPN providers to block sites that leak personal data without consent. This move emphasizes compliance with legal obligations concerning user privacy.Summary
NEW DELHI — India’s Ministry of Electronics and Information Technology on December 11 issued an advisory directing virtual private network providers and other online intermediaries to block access to websites that expose Indian citizens’ personal data without consent. The advisory identifies platforms that allow the public to query sensitive information using a mobile number as posing a serious privacy risk to users.
The ministry emphasised that these sites remain accessible through VPN services unless providers take action to prevent access and warned that failure to comply could expose service providers to liability under Indian law.
Regulatory duties under Indian law
The advisory from the Ministry of Electronics and Information Technology reminds VPN providers and intermediaries of their due diligence obligations under the Information Technology Act, 2000 and the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021. These rules prohibit hosting or transmitting information that belongs to another person without proper rights, invades privacy, or affects public order and national security.
The ministry explicitly flagged websites such as proxyearth.org and leakdata.org that have been reported to allow users to view names, addresses, phone numbers, and email IDs linked to Indian mobile numbers without authorization. It said such platforms operate in violation of Indian law and pose significant risks to user safety and privacy.
Compliance risks and industry impact
The advisory also underscores that intermediaries and VPN services could lose safe-harbour protections under Section 79 of the IT Act if they neglect their duties to restrict unlawful content. Loss of safe-harbour protections could result in legal action under the IT Act and related legislation.
In past regulatory moves, Indian authorities have required VPN and related service providers to collect and retain verified customer information to support cybersecurity and law enforcement efforts. Some major VPN companies previously withdrew physical servers from India in response to data retention mandates to avoid compliance complexity.
ATTRIBUTION: Reporting based on verified news sources.
Key Points
- MeitY issued advisory for VPN providers to block data leak sites.
- Websites like proxyearth.org pose serious privacy risks without consent.
- Advisory highlights due diligence obligations under IT Act and Rules.
- Intermediaries risk losing safe-harbour protections under Section 79.
- Increased regulatory scrutiny on online privacy and platform compliance in India.
Relevant Topics
Ask AI: Understand this story your way
AI EnabledDig deeper, ask anything — get instant context, background, and clarity.
Disclaimer: This feature is powered by AI and is intended to help readers explore and understand news stories more easily. While we strive for accuracy, AI-generated responses may occasionally be incomplete or reflect limitations in the underlying model. This feature does not represent the editorial views of JournalismPakistan. For our full, verified reporting, please refer to the original article.
