Indian IT Ministry directs crypto exchanges to store user data for 5 years

cointelegraph.com:

The Indian Computer Emergency Response Team (CERT-in), which falls under the Ministry of Electronics and Information Technology, issued a new directive on Thursday, forcing crypto exchanges, virtual private network (VPN) providers and data centers to store a wide range of user data for up to five years.

Under the newly issued directive, crypto exchanges operating in India will be required to store customers’ names, ownership patterns, contact information and various other data.

Crypto exchanges and VPN services providers are also required to report any cyber incident within six hours of its occurrence and must hand over the collected data to the authorities upon order. The official directive read:

The new directives will come into force on June 22, which may force many VPN service providers and privacy-focused crypto platforms that don’t collect or store critical user data to shut their operations.

Related: Brain drain: India’s crypto tax forces budding crypto projects to move

CERT-in claims the new directives are intended to help them take action against cyber crimes within six hours, however, the range of data they are asking platforms to store and hand over has raised eyebrows owing to privacy concerns among users. One user wrote:

However, some crypto exchange owners welcomed the step, saying it will help prosecute tax evaders. Unocoin CEO Sathvik Vishwanath told Cointelegraph:

At this point, it is not clear whether the new rules would be applicable to crypto exchanges' operating in India only or to foreign exchanges offering their services to Indians as well. However, looking at the earlier crypto directives, it could well be applicable to all the platforms.

The new data collection directives come at a time when the