New VPN Norms - Government's Take On Privacy

New VPN Norms – Government’s Take On Privacy

VPN has always been a subject of debate in India. 

As per AtlasVPN’s report, India had over 348 million VPN downloads in 2021. Despite having such popularity in 2021, the government recommended a VPN ban in India for privacy concerns. Although the ban didn’t occur, the Indian government has introduced some new VPN norms or regulations for users, mainly for VPN companies. 

In April 2022, India’s Computer Emergency Response Team (CERT) announced a new regulation that VPN companies in India will have to collect and store customers’ data for at least five or more years. 

Unsurprisingly, these new VPN Norms are creating a lot of buzzes. How will this new law affect VPNs? How will it impact users? Are VPNs illegal in India? There are lots of questions arising. 

To answer all your questions, we’ve compiled everything you need to know about the new VPN norms in India. But before digging deeper, let’s start with the basics: What is a VPN? 

What Is A VPN?

A virtual private network (VPN) is a technology that allows you to connect securely to private networks over public networks. It creates an encrypted connection between your computer and a server so that your internet traffic is encrypted and can’t be intercepted by anyone else.

With a VPN, you can access websites in countries where they might not be available, or you can use it to get around censorship (a lot of countries have strict firewalls that block specific sites), secure remote work, and browse the internet anonymously.

What Are The New VPN Norms?

The key takeaways from the new VPN rules are:

  • According to the new law, all VPNs must gather and store user data (user names, physical address, email address, and phone numbers) for five or more years. 
  • VPN companies also have to keep a log of the reason behind using the service. 
  • VPNs should record all the IP addresses used by users to register. 
  • Along with VPN services, virtual service network providers, data centers, and cloud service providers have also been requested to keep track and store similar user data. 
  • VPN services must report cybersecurity incidents to CERT within six hours of becoming aware of them. 

What Is the Government’s Take On These New VPN Norms?

The main purpose of the government behind imposing these new VPN rules is to improve the “cyber security posture” and ensure people have access to a “safe and trusted internet”.

The CERT also informed that they had identified gaps in safeguarding against online threats. That’s why they’ve published the new norms to prevent cyber attacks. 

“If you are a VPN provider, if you are a data centre operator, if you are a cloud provider, and if you’re an enterprise, you have an obligation to know who’s using your VPN infrastructure… If there is a detected cyber incident or cyber breach — from one of the people using your VPN or your cloud or your data centre, it is your obligation to produce the data,”Rajeev Chandrasekhar,  Union Minister of State for Electronics and Information Technology

How The New VPN Norms Impact Users & Companies 

The new rules received a lot of backlashes from the VPN companies. After all, the primary goal of VPN services is not to collect users’ personal information. 

The new norms will force these companies to store customer data which will increase costs and affect user privacy. 

India is among the top 10 VPN users around the globe. Various companies and individuals use VPN services to safely access private WiFi networks, remain anonymous, and many more. 

Several techies, students, and companies use VPNs to protect their data from third-party apps.

But with the new norms, they must go through a KYC process while registering a VPN. So, all VPN users will have their private data exposed to the government. 

It is also unclear how the government may use this data in the future. This raises a concern about the right to privacy for every individual. 

The Internet Freedom Foundation said the new norms lead to more concerns, such as the private enterprises and government “having more data than necessary”.

Several VPN companies like NordVPN, ProtonVPN, SurfShark, and ExpressVPN, have said that they are planning not to follow the newly imposed rules of India. After all, privacy is the main reason behind users investing in their premium plans. 

As per several VPN companies, they’ll continue to offer their no-logs policy to the users and threaten to pull back their service from India. 

The Bottom Line 

Despite all the backlashes from cybersecurity experts, stakeholder companies, and business advisory groups, the Indian government is pretty much firm on their new VPN norms. 

“If you don’t want to go by these rules, and if you want to pull out, then frankly … you have to pull out.” – Rajeev Chandrasekhar,  Union Minister of State for Electronics and Information Technology

The privacy experts have sought public consultation on this matter, asking for more tech industry involvement to find a solution that suits every individual. Lastly, it’s needless to say that it will be interesting to see if the VPN companies manage to implement the new norms before the deadline of September 25, 2022.   

About Signzy

Signzy is a market-leading platform redefining the speed, accuracy, and experience of how financial institutions are onboarding customers and businesses – using the digital medium. The company’s award-winning no-code GO platform delivers seamless, end-to-end, and multi-channel onboarding journeys while offering customizable workflows. In addition, it gives these players access to an aggregated marketplace of 240+ bespoke APIs, easily added to any workflow with simple widgets.

Signzy is enabling ten million+ end customer and business onboarding every month at a success rate of 99% while reducing the speed to market from 6 months to 3-4 weeks. It works with over 240+ FIs globally, including the 4 largest banks in India, a Top 3 acquiring Bank in the US, and has a robust global partnership with Mastercard and Microsoft. The company’s product team is based out of Bengaluru and has a strong presence in Mumbai, New York, and Dubai.

Visit www.signzy.com for more information about us.
You can reach out to our team at reachout@signzy.com

Written By:

Signzy

Written by an insightful Signzian intent on learning and sharing knowledge.

online gamers draft by Ministry of Electronics and Information Technology

Why Mandatory Verification of Online Gamers?

As online gamers in India grows, the Ministry of Electronics and Information Technology has drafted amendments to the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021, to guarantee that games & gamers adhere to Indian laws and provide users with protection against potential harm.

Gaming has become a part of everyday life for many people, from casual mobile games to more hardcore console and PC gaming. As the popularity of gaming continues to grow, so does the importance of having an appropriate level of safety and security for gamers.

In this blog post, let’s explore what this proposal entails and why it is important. We will also discuss how it may affect both casual and professional gamers.

What is the government proposing for the Industry & Gamers?

The Ministry of Electronics and Information Technology (MeitY) proposed an amendment to bring online gaming under the ambit of the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021

The amendments seek to ensure due diligence from online gaming intermediaries so that users are not exposed to any activities breaching Indian law – such as gambling or betting – and also require a registration mark on all online games registered by self-regulatory bodies.

The Draft Rules

  1. A gamer must be informed of all online games offered by the gaming intermediary, as well as its policy regarding withdrawals and refunds of deposits made with the expectation of winnings. Also, how winnings will be determined and distributed, as well as the fees the user will have to pay for each game. 
  2. There should be a mandatory know-your-customer norm for verification (KYC).
  3. A user will need to be aware of the potential for addiction and the financial risks associated with each game.
  4. As part of the registration process of the game, the self-regulatory body must set up criteria for its content to protect the gamer from harm, including self-harm.
  5. Only games that are approved by the self-regulatory body will be permitted to operate legally in India.
  6. Five members will create the self-regulatory body’s board of directors, with expertise in online gaming, public policy, IT, psychology, and medicine.
  7. It is responsible for ensuring that the registered games do not contain anything that is not in the interest of India’s sovereignty, integrity, defense, security, friendly relations with foreign countries, or public order or that incites a cognizable offense.
  8. The Centre should be informed about the online games registered by all self-regulatory bodies, along with a report detailing the criteria for registering a particular game.

Why is there a need for such rules?

It is for protecting users from potential harm caused by skill-based games. 

  1. Innovation: As online gaming platforms are getting regulated as intermediaries and are subject to due diligence requirements, the online gaming sector will be promoted and innovation will be encouraged.
  2. Women Gamers Safety: Approximately 40 to 45% of Indian gamers are women, which makes keeping the gaming ecosystem safe all the more important.
  3. Because they generate revenue that needs proper regulation: In 2025, the Indian mobile gaming industry is to generate $5 billion in revenue. The industry grew at a CAGR of 38 percent between 2017 and 2020, versus 8% in China and 10% in the US.
  4. Credibility & Transparency: In addition to ensuring greater transparency, consumer protection, and investor confidence, this framework will boost the legitimate domestic online gaming industry.

What are the pros of the proposed mandatory verification of online gamers?

The proposed mandatory verification of online gamers has generated a lot of debate, with some people arguing that it is a necessary step to prevent underage gaming and others asserting that it will infringe on the privacy of gamers. Here, we take a look at the pros of the proposed policy: 

1) It would help to prevent underage gaming & Fraud: The proposed policy would require online gamers to verify their age before being able to play, which would help to prevent minors from accessing age-inappropriate content.

2) It could help combat cheating: By mandating age verification, it would become more difficult for people to create multiple accounts to cheat in online games.

3) It would promote responsible gaming: Making online gamers verify their age would encourage them to play responsibly and not engage in excessive gaming.

Our take

The government’s proposed mandatory verification of online gamers is a step in the right direction toward protecting citizens from online threats and fraud. With the implementation of this measure, users can be assured that their identities are secure when engaging with other players or playing games online. It will also help prevent illegal activities such as money laundering and identity theft which have been particularly rampant on gaming websites lately. In essence, this proposed measure could be immensely beneficial for both players and regulatory authorities alike by promoting safety and security in the digital world.

About Signzy

Signzy is a market-leading platform redefining the speed, accuracy, and experience of how financial institutions are onboarding customers and businesses – using the digital medium. The company’s award-winning no-code GO platform delivers seamless, end-to-end, and multi-channel onboarding journeys while offering customizable workflows. In addition, it gives these players access to an aggregated marketplace of 240+ bespoke APIs that can be easily added to any workflow with simple widgets.

Signzy is enabling ten million+ end customer and business onboarding every month at a success rate of 99% while reducing the speed to market from 6 months to 3-4 weeks. It works with over 240+ FIs globally, including the 4 largest banks in India, a Top 3 acquiring Bank in the US, and has a robust global partnership with Mastercard and Microsoft. The company’s product team is based out of Bengaluru and has a strong presence in Mumbai, New York, and Dubai.

Visit www.signzy.com for more information about us.
You can reach out to our team at reachout@signzy.com

What’s All The Fuss About The Digital Personal Data Protection Bill 2022?

The Ministry of Electronics and IT(MeitY) has released the Digital Personal Data Protection Bill 2022, and the government is currently seeking public feedback and consultations. The measure is intended to lay out the procedures and guidelines for data collecting for businesses and the rights and obligations of “digital nagriks,” or citizens.

The measure also establishes severe penalties for breaking any law’s rules, and the Data Protection Board of India—which the new law has set up—will make these determinations. However, board orders may be contested in a High Court.

 

The Data Protection Bill Focuses On Seven Fundamental Principles

The Bill’s explanatory note states that it is founded on seven principles. The first is that organizations must use personal data in a way that is legitimate, fair to the individuals involved, and transparent to individuals.  The second principle states that personal data must only be used for the purposes for which it was collected. The third principle discusses data minimization, while the fourth principle emphasizes data accuracy when it comes to collection.

The fifth principle states that personal information cannot be stored perpetually by default and should only be kept for a specific time. According to the sixth principle, there should be enough protections to guarantee that no unauthorized collection or use of personal data occurs.

Seventh principle: The person who determines the nature, scope, and means of personal processing data shall be liable for such processing.

 

Defining Definitions- What Data Principal And Data Fiduciary Implies

The person whose data is being gathered is referred to throughout the Bill as the “Data Principal.”

The purpose and means of processing an individual’s data are determined by the “Data Fiduciary,” which may be a person, business, government agency, or other entity.

The law also acknowledges that parents or legal guardians will be regarded as children’s Data Principals in cases where they are children, defined as all users under 18.

According to the law, all data by or in connection to which an individual can be identified is considered personal data. Processing is the full range of processes that may be applied to personal data. According to the Bill, data processing would include data collection and storage.

The measure also guarantees that people should have access to essential information in the languages included in the Indian Constitution’s eighth schedule. Furthermore, the Bill stipulates that consent must be obtained from the subject before their data is processed and that each individual should be aware of the specific personal data that a Data Fiduciary wishes to collect and the purposes for such collection and further processing.

Additionally, the notification of data collection must be written in language that is both explicit and understandable. Additionally, people can revoke their consent from a data fiduciary.

 

Two Rights Of Action- The Rights To Erase Data And To Nominate

Data principals can request the deletion and updating of data that the data fiduciary has acquired. If the data principal passes away or becomes incapable, they can also designate a person to act on their behalf.

The measure also grants customers the ability to protest to the Data Protection Board about a Data Fiduciary if they do not receive a sufficient response from the business.

 

What Are The Relevant Data Fiduciaries In Data Protection?

Furthermore, the Bill refers to Significant Data Fiduciaries, who handle a sizable amount of personal data. The Central government will decide who falls under this group based on various considerations, including the amount of personal data collected, the risk of harm, and the potential impact on India’s sovereignty and integrity.

The Bill’s explanatory note states that this category must fulfill additional duties to permit wider scrutiny of its actions.

Such organizations will be required to designate a “Data protection officer” to act on their behalf. They will serve as the focal point for grievance redress. They must also choose an impartial data auditor to assess their compliance with the statute.

 

Financial Punishments And Penalties

The draught also suggests that businesses that experience data breaches or fail to notify customers when breaches occur face harsh penalties. Entities that do not implement “reasonable security safeguards” to prevent personal data violations could face fines of Rs 250 crore.

 

Data Protection For Data Transfer Across International Borders

The measure also permits storing and transferring data across international borders to certain notified countries and territories. 

The memo further states that the Central Government would consider essential criteria before such notification.

Bottomline

The government may also exempt specific enterprises from complying with the Bill’s provisions based on the number of users and the volume of personal data collected by the firm. When doing this, the national startups that complained that the prior version of the Bill was compliance intensive have been taken into account.

 

About Signzy

Signzy is a market-leading platform redefining the speed, accuracy, and experience of how financial institutions are onboarding customers and businesses – using the digital medium. The company’s award-winning no-code GO platform delivers seamless, end-to-end, and multi-channel onboarding journeys while offering customizable workflows. In addition, it gives these players access to an aggregated marketplace of 240+ bespoke APIs that can be easily added to any workflow with simple widgets.

 

Signzy is enabling ten million+ end customer and business onboarding every month at a success rate of 99% while reducing the speed to market from 6 months to 3-4 weeks. It works with over 240+ FIs globally, including the 4 largest banks in India, a Top 3 acquiring Bank in the US, and has a robust global partnership with Mastercard and Microsoft. The company’s product team is based out of Bengaluru and has a strong presence in Mumbai, New York, and Dubai.

 

Visit www.signzy.com for more information about us.

You can reach out to our team at reachout@signzy.com.

 

Written By:

Mahesh Mohan

Mahesh is a Creative Writer intent on learning and sharing knowledge. He ensures to deliver well-researched and precise information to the reader without squandering their time or tag. He is well versed in financial technology and digital marketing with a passion for stories of all forms.

 

 

 

 

 

 

Crypto’s Coming Crash: here’s what you need to know

FTX, the price of bitcoin (BTC) has tumbled again. It is now about $16,500 – a far cry from the all-time high of $66,000 just a year ago. Why such a significant drop in value? It’s because of the highly toxic combination of exchange (an electronic platform for buying and selling) called Binance.

Binance is a stablecoin (a crypto whose price is pegged 1:1 to the US dollar or another “fiat” currency) called tether – The skilled professional traders running high-frequency algorithms. Unlike stocks, bitcoin can be traded on many different exchanges. But Binance has more than 50% of the entire crypto market, and as a result, it sets the price of bitcoin and other cryptocurrencies

To buy cryptocurrencies, traders must convert fiat money into a stablecoin-like tether. Bitcoin-tether has by far the most significant volume of all products on Binance. Since one dollar usually equals one tether, trading on bitcoin-tether sets the dollar price of bitcoin. But when bitcoin crashes, the entire crypto ecosystem does. 

How did the FTX Crash Happen?

The FTX crash has its roots in the manipulation of tether (USDT), the most commonly used stablecoin. USDT is supposed to be backed by one dollar for each USDT coin, but these claims have not been verified. The primary technique used to manipulate the price of USDT is called “wash trading”. What is wash trading you ask? Easy explanation – you buy and sell USDT simultaneously from different accounts you control.

When you do this, USDT prices go up and down, creating the false impression that there is a massive demand for USDT. For example, a trader buys 100 USD T for $100, then sells 100 USD T for $120. The trader has made a profit of $20, but the price of USDT has risen from $1 to $1.20. This creates a misleading impression that the market needs a lot more USDT, which it may not.

Why Does the Crypto Market and FTX Crash?

In most normal markets, a large number of buyers and sellers set the price of a product. If a product is overpriced, more sellers will offer their product. But in the crypto world, only a few significant exchanges set the price.  No one buys or sells unless they want to make a profit! When a considerable stock exchange like Binance has a high percentage of the market, it can control the price of bitcoin and other cryptocurrencies.

A high-frequency trader can buy bitcoin on Binance, then sell it on Binance again to someone who has just bought bitcoin on Binance. In addition, Binance does not require a trader to buy or sell an entire bitcoin. Instead, the trader can buy or sell 0.00000001 bitcoin, or $0.0001.

What Should Happen Next?

As in any crash, the best thing to do is stay calm and not panic sell. The FTX crash will probably have a similar outcome to the dot-com crash. The time when the internet was still in its infancy, but the companies were still around – just later in their life cycles.

The FTX crash will, however, cost investors a lot of money. But it will be good for the market’s long-term future, as the weak hands will be weeded out. There are no signs of a healthy correction in the crypto market, but these events always take longer than expected. In 2000, the dot-com crash began in March, but the Nasdaq didn’t bottom out until October 2002, more than two years later.

The Bottom Line

The FTX crash is a healthy correction for the crypto market. But given the lack of proper regulation, the extreme volatility, and the high percentage of inexperienced traders who entered the market, the crash could last for a long time.

Nevertheless, the crypto market will likely go through a healthy correction and come out on the other side of a more robust and mature marketplace. The FTX crash was entirely predictable, and it was only a matter of time before it happened.

 

About Signzy

Signzy is a market-leading platform redefining the speed, accuracy, and experience of how financial institutions are onboarding customers and businesses – using the digital medium. The company’s award-winning no-code GO platform delivers seamless, end-to-end, and multi-channel onboarding journeys while offering customizable workflows. In addition, it gives these players access to an aggregated marketplace of 240+ bespoke APIs that can be easily added to any workflow with simple widgets.

Signzy is enabling ten million+ end customer and business onboarding every month at a success rate of 99% while reducing the speed to market from 6 months to 3-4 weeks. It works with over 240+ FIs globally, including the 4 largest banks in India, a Top 3 acquiring Bank in the US, and has a robust global partnership with Mastercard and Microsoft. The company’s product team is based out of Bengaluru and has a strong presence in Mumbai, New York, and Dubai.

Visit www.signzy.com for more information about us.

You can reach out to our team at reachout@signzy.com.

 

Cross-Country Payments With RBI’s UPI- A Detailed Look At The Central Bank’s Future For International Remittance

India was the top recipient of remittances in the world in 2021, receiving over USD 87 billion. This represented a 4.6% increase above its remittance inflows from prior years. This is because remittances only represented 3.1% of the nation’s GDP in 2020.

Cross-country remittances are growing, and the Reserve Bank Of India(RBI) acknowledges this as they are deciding to act on it. Their initial plan is to add newer options to the 6-year-old Universal Payments Interface(UPI) that includes international payments. Prima facie is undoubtedly a step in the right direction. Yet we must look closely to see how it will impact the sector.

What Is RBI’s Initiative?

The Reserve Bank of India (RBI) stated in its annual report for FY21 that it is working on using UPI for cross-country transfers among jurisdictions.

RBI has looked into the idea of connecting UPI with comparable systems in other jurisdictions, particularly in the G20 countries, to improve cross-country and international payment arrangements. In addition, the apex bank claims to participate in the discussions over the fundamentals and roadmap of UPI and cross-country remittance with the Committee on Payments & Market Infrastructures (CPMI) and Financial Stability Board (FSB).

What Are Cross-Country Remittances?

For the uninitiated, cross-country remittances are transactions between individuals, companies, or banks in at least two countries. At the moment, cross-country and international payments are settled through a bank with branches in both nations. The bank converts money to local currency and charges users a commission of up to 10%. As a result, the procedure is time- and money-consuming.

What Is The Future Of Cross-Country Remittances In India?

The cornerstone of the cross-country payments ecosystem in India is likely to be laid by a similar agreement between PayNow, based in Singapore, and UPI’s governing organization, the National Payments Corporation of India (NPCI). The integration of UPI with PayNow has been formally announced, even though the efforts with different nations are at varying levels. According to the RBI, it should start operating in the second half of 2022.

The interlinking lowers the cost of cross-country remittances and will further anchor commerce, travel, and remittance flows between the two nations. It might also be used as an illustration of how different fast payment systems can be linked to sending money quickly and cheaply.

Essentially,

  • NPCI, an RBI initiative, has collaborated with several foreign organizations to share the UPI infrastructure but prevents cross-country payments.
  • The cross-country payments ecosystem in India is likely to be built around PayNow, a Singapore-based company, which is the sole partner of UPI.
  • According to the RBI, efforts are in various phases with different countries, but cross-country remittance via PayNow will start after July 2022.

UPI For Cross-Country Remittances

One of India’s payment settlement infrastructures with the quickest growth is UPI. The interface enables peer-to-peer payments across banks and platforms with a single pin. UPI recorded transactions of INR 10.4 Lakh Cr. in May 2022 alone because of its scalability and simplicity of usage.

As a result, numerous nations took note of the stack and made plans to implement the UPI functioning model in their countries. For this, NPCI’s international division, NIPL, has agreements with several banks in nations like the UAE, the US, Nepal, China, Japan, and several regions of Africa. However, so far, these partnerships have been signed to share the infrastructure and not enable cross-country payments.

For instance, in August 2021, NIPL announced its partnership with UAE-based Mashreq Bank to benefit 2 Mn+ Indians who travel to UAE for business or leisure every year.

In July 2021, NPCI partnered with the Royal Monetary Authority (RMA) of Bhutan to initiate UPI-based payments in Bhutan and benefit an estimated 200,000 tourists from India who travel to the mountain nation annually.

Other successful international partnerships in this space include Discover Financial Services (DFS) USA, Japan Credit Bureau (JCB) Japan, Union Pay International (UPI) China, PPRO Financial, UK, and Network for Electronic Transfers (NETS), Singapore, and Liquid Group, Singapore.

Bottomline

Once RBI implements this aspect of UPI, transactions will boom, and fintech enterprises need to be ready. A simple digital adaptation to accommodate the transforming technology won’t cut it. All processes will have to qualify for international standards, and better security measures must be implemented. All this needs to be done without compromising the experience of the customer.

If you seek to improve your processes and be ready for the looming change, we at Signzy might be able to help out. Our No-code AI-driven resources that are fully customizable are built for your needs. Check it out here.

About Signzy

Signzy is a market-leading platform redefining the speed, accuracy, and experience of how financial institutions are onboarding customers and businesses – using the digital medium. The company’s award-winning no-code GO platform delivers seamless, end-to-end, and multi-channel onboarding journeys while offering customizable workflows. In addition, it gives these players access to an aggregated marketplace of 240+ bespoke APIs that can be easily added to any workflow with simple widgets.

Signzy is enabling ten million+ end customer and business onboarding every month at a success rate of 99% while reducing the speed to market from 6 months to 3-4 weeks. It works with over 240+ FIs globally, including the 4 largest banks in India, a Top 3 acquiring Bank in the US, and has a robust global partnership with Mastercard and Microsoft. The company’s product team is based out of Bengaluru and has a strong presence in Mumbai, New York, and Dubai.

Visit www.signzy.com for more information about us.

You can reach out to our team at reachout@signzy.com.

Written By:

Signzy

Written by an insightful Signzian intent on learning and sharing knowledge.

 

1 2 3 6