Following the issuance of the cybersecurity directive by the Indian government last month, there have been multiple media reports and Twitter conversations alleging that Virtual Private Network (VPN) providers have to store web activity logs of users to comply with the directive. This goes against the very premise of why customers use VPNs: privacy. But the directive does not explicitly have any such requirement. So, why is this concern floating around? There's no clear answer to whether VPN providers have to maintain a log of websites visited by a user, and the recently released FAQs by the Ministry of Electronics and Information Technology (MeitY) also do not clear the air on this issue. But, here are the two sides of the debate. No, web activity does not have to be logged The provision in the directive that specifically applies to VPN, cloud service,…
