After India, US could be the next country to crack down on VPN service providers for deceptive data practices

• US lawmakers urge FTC to stop hundreds of VPN providers’ abusive and deceptive data practices.
• According to US lawmakers, VPN providers exploit, mislead, and take advantage of unwitting consumers.
• Earlier, VPN service providers NordVPN, Surfshark, and ExpressVPN removed their servers from India.

After India, US lawmakers have now asked the Lina Khan-led Federal Trade Commission (FTC) to address abusive and deceptive data practices by hundreds of companies providing individuals with Virtual Private Network (VPN) services.
A VPN is an online service that gives users more security when connecting to the Internet.
However, said the lawmakers, the consumer VPN industry is rife with deceptive advertising and abusive data practices.
The letter by Anna G. Eshoo (D-CA) and Ron Wyden (D-OR) describes several abusive practices in the consumer VPN industry, including promoting false and misleading claims about their services, selling user data, and providing user activity logs to law enforcement, despite promises of 'total anonymity,' and a lack of oversight of the industry in general.
"We urge you to use your authority to take enforcement actions against the problematic actors in the consumer VPN industry, focusing particularly on those that engage in deceptive advertising and data collection practices," they said.
The lawmakers added that the VPN industry is extremely opaque, and many VPN providers exploit, mislead, and take advantage of unwitting consumers.
In India, a directive from the Indian Computer Emergency Response Team (CERT-In) has also sought additional compliance requirements for all VPN providers whose users are in the country.
The new rules, to be effective from September 25, require VPN service providers, along with data centers and cloud service providers, to store information such as names, email IDs, contact numbers, and IP addresses (among other things) of their customers for five years.
Leading VPN service providers NordVPN, Surfshark and ExpressVPN have removed their servers from India over the new directions.
The US lawmakers said it is extremely difficult for someone to decipher which VPN service to trust, especially for those in crises.
"There are hundreds, if not thousands, of VPN services available to download, yet there is a lack of practical tools or independent research to audit VPN providers' security claims," the letter read.
Many popular VPN services also spread inaccurate information on their websites.
In December 2021, Consumer Reports (CR) found that 75 per cent of leading VPN providers misrepresented their products and technology or made hyperbolic claims about the protection they provide users on their websites, such as advertising a 'military-grade encryption' which doesn't exist.
Advocacy groups have also found that leading VPN services intentionally misrepresent the functionality of their product and fail to provide adequate security to their users.
"VPN services have also been exposed for collecting, and, in some cases, abusing, user data. In 2020 it was revealed that a leading analytics firm used personal data from over 35 million people who had downloaded one of their 20 VPN and ad-blocking apps to power their analytics platform without consent," the letter said.

SEE ALSO:
Murmu vs Sinha: Voting begins to elect the next President of India
India’s duty cuts on edible oil will offset rupee fall but it will widen gap between healthy and unhealthy choices