#FactCheck: Fake Claim on Delhi Authority Culling Dogs After Supreme Court Stray Dog Ban Directive 11 Aug 2025

What Is a VPN and its Significance 

A Virtual Private Network (VPN) creates a secure and reliable network connection between a device and the internet. It hides your IP address by rerouting it through the VPN’s host servers. For example, if you connect to a US server, you appear to be browsing from the US, even if you’re in India. It also encrypts the data being transferred in real-time so that it is not decipherable by third parties such as ad companies, the government, cyber criminals, or others.

All online activity leaves a digital footprint that is tracked for data collection, and surveillance, increasingly jeopardizing user privacy. VPNs are thus a powerful tool for enhancing the privacy and security of users, businesses, governments and critical sectors. They also help protect users on public Wi-Fi networks ( for example, at airports and hotels), journalists, activists and whistleblowers, remote workers and businesses, citizens in high-surveillance states, and researchers by affording them a degree of anonymity. 

What VPNs Do and Don’t 

‍

•  What VPNs Can Do:
  
  • Mask your IP address to enhance privacy.
  • Encrypt data to protect against hackers, especially on public Wi-Fi.
  • Bypass geo-restrictions (e.g., access streaming content blocked in India).
•  What VPNs Cannot Do:
  
  • Make you completely anonymous and protect your identity (websites can still track you via cookies, browser fingerprinting, etc.).
  • Protect against malware or phishing.
  • Prevent law enforcement from tracing you if they have access to VPN logs.
  • Free VPNs usually even share logs with third parties. 

VPNs in the Context of India’s Privacy Policy Landscape 

In April 2022, CERT-In (Computer Emergency Response Team- India) released Directions under Section 70B (6) of the Information Technology (“IT”) Act, 2000, mandating VPN service providers to store customer data such as “validated names of subscribers/customers hiring the services, period of hire including dates, IPs allotted to / being used by the members, email address and IP address and time stamp used at the time of registration/onboarding, the purpose for hiring services, validated address and contact numbers, and the ownership pattern of the subscribers/customers hiring services” collected as part of their KYC (Know Your Customer) requirements, for a period of five years, even after the subscription has been cancelled. While this directive was issued to aid with cybersecurity investigations, it undermines the core purpose of VPNs- anonymity and privacy. It also gave operators very little time to carry out compliance measures. 

Following this, operators such as NordVPN, ExpressVPN, ProtonVPN, and others pulled their physical servers out of India, and now use virtual servers hosted abroad (e.g., Singapore) with Indian IP addresses. While the CERT-In Directions have extra-territorial applicability, virtual servers are able to bypass them since they physically operate from a foreign jurisdiction. This means that they are effectively not liable to provide user information to Indian investigative agencies, beating the whole purpose of the directive. To counter this, the Indian government could potentially block non-compliant VPN services in the future. Further, there are concerns about overreach since the Directions are unclear about how long CERT-In can retain the data it acquires from VPN operators, how it will be used and safeguarded, and the procedure of holding VPN operators responsible for compliance. 

Conclusion: The Need for a Privacy-Conscious Framework

The CERT-In Directions reflect a governance model which, by prioritizing security over privacy, compromises on safeguards like independent oversight or judicial review to balance the two. The policy design renders a lose-lose situation because virtual VPN services are still available, while the government loses oversight. If anything, this can make it harder for the government to track suspicious activity.  It also violates the principle of proportionality established in the landmark privacy judgment, Puttaswamy v. Union of India (II) by giving government agencies the power to collect excessive VPN data on any user. These issues underscore the need for a national-level, privacy-conscious cybersecurity framework that informs other policies on data protection and cybercrime investigations. In the meantime, users who use VPNs are advised to choose reputable providers, ensure strong encryption, and follow best practices to maintain online privacy and security.

References 

• https://www.kaspersky.com/resource-center/definitions/what-is-a-vpn 
• https://internetfreedom.in/top-secret-one-year-on-cert-in-refuses-to-reveal-information-about-compliance-notices-issued-under-its-2022-directions-on-cybersecurity/#:~:text=tl;dr,under%20this%20new%20regulatory%20mandate. 
• https://www.wired.com/story/vpn-firms-flee-india-data-collection-law/#:~:text=Starting%20today%2C%20the%20Indian%20Computer,years%2C%20even%20after%20they%20have

‍

Introduction

Cybercrimes have been traversing peripheries and growing at a fast pace. Cybercrime is known to be an offensive action that either targets or operates through a computer, a computer network or a networked device, according to Kaspersky.  In the “Era of globalisation” and a “Digitally coalesced world”, there has been an increase in International cybercrime. Cybercrime could be for personal or political objectives. Nevertheless, Cybercrime aims to sabotage networks for motives other than gain and be carried out either by organisations or individuals. Some of the cybercriminals have no national boundaries and are considered a global threat. They are likewise inordinately technically adept and operate avant-garde strategies. 

The 2023 Global Risk Report points to exacerbating geopolitical apprehensions that have increased the advanced persistent threats (APTs), which are evolving globally as they are ubiquitous. Christine Lagarde, the president of the European Central Bank and former head of the International Monetary Fund (IMF), in 2020 cautioned that a cyber attack could lead to a severe economic predicament. Contemporary technologies and hazardous players have grown at an exceptional gait over the last few decades. Also, cybercrime has heightened on the agenda of nation-states, establishments and global organisations, as per the World Economic Forum (WEF). 

The Role of the United Nations Ad Hoc Committee 

In two shakes, the United Nations (UN) has a major initiative to develop a new and more inclusive approach to addressing cybercrime and is presently negotiating a new convention on cybercrime. The following convention seeks to enhance global collaboration in the combat against cybercrime. The UN has a central initiative to develop a unique and more inclusive strategy for addressing cybercrime. The UN passed resolution 74/247, which designated an open-ended ad hoc committee (AHC) in December 2019 entrusted with setting a broad global convention on countering the use of information and Communication Technologies (ICTs) for illicit pursuits. 

The Cybercrime treaty, if adopted by the UN General Assembly (UNGA) would be the foremost imperative UN mechanism on a cyber point. The treaty could further become a crucial international legal framework for global collaboration on arraigning cyber criminals, precluding and investigating cybercrime. There have correspondingly been numerous other national and international measures to counter the criminal use of ICTs. However, the UN treaty is intended to tackle cybercrime and enhance partnership and coordination between states. The negotiations of the Ad Hoc Committee with the member states will be completed by early 2024 to further adopt the treaty during the UNGA in September 2024.

However, the following treaty is said to be complex. Some countries endorse a treaty that criminalises cyber-dependent offences and a comprehensive spectrum of cyber-enabled crimes.  The proposals of Russia, Belarus, China, Nicaragua and Cuba have included highly controversial recommendations. Nevertheless, India has backed for criminalising crimes associated with ‘cyber terrorism’ and the suggestions of India to the UN Ad Hoc committee are in string with its regulatory strategy in the country. Similarly, the US, Japan, the UK, European Union (EU) member states and Australia want to include core cyber-dependent crimes. 

Nonetheless, though a new treaty could become a practical instrument in the international step against cybercrime, it must conform to existing global agencies and networks that occupy similar areas. This convention will further supplement the "Budapest Cybercrime Convention" on cybercrime that materialised in the 1990s and was signed in Budapest in the year 2001.

Conclusion

According to Cyber Security Ventures, global cybercrime is expected to increase by 15 per cent per year over the next five years, reaching USD 10.5 trillion annually by 2025, up from USD 3 trillion in 2015. The UN cybercrime convention aims to be more global. That being the case, next-generation tools should have state-of-the-art technology to deal with new cyber crimes and cyber warfare. The global crevasse in nation-states due to cybercrime is beyond calculation. It could lead to a great cataclysm in the global economy and threaten the political interest of the countries on that account. It is crucial for global governments and international organisations. It is necessary to strengthen the collaboration between establishments (public and private) and law enforcement mechanisms. An “appropriately designed policy” is henceforward the need of the hour.

References

• https://www.kaspersky.co.in/resource-center/threats/what-is-cybercrime
• https://www.cyberpeace.org/
• https://www.interpol.int/en/Crimes/Cybercrime
• https://www.bizzbuzz.news/bizz-talk/ransomware-attacks-on-startups-msmes-on-the-rise-in-india-cyberpeace-foundation-1261320
• https://www.financialexpress.com/business/digital-transformation-cyberpeace-foundation-receives-4-million-google-org-grant-3282515/
• https://www.chathamhouse.org/2023/08/what-un-cybercrime-treaty-and-why-does-it-matter
• https://www.weforum.org/agenda/2023/01/global-rules-crack-down-cybercrime/
• https://www.weforum.org/publications/global-risks-report-2023/
• https://www.imf.org/external/pubs/ft/fandd/2021/03/global-cyber-threat-to-financial-systems-maurer.htm
• https://www.eff.org/issues/un-cybercrime-treaty#:~:text=The%20United%20Nations%20is%20currently,of%20billions%20of%20people%20worldwide.
• https://cybersecurityventures.com/hackerpocalypse-cybercrime-report-2016/
• https://www.coe.int/en/web/cybercrime/the-budapest-convention
• https://economictimes.indiatimes.com/tech/technology/counter-use-of-technology-for-cybercrime-india-tells-un-ad-hoc-group/articleshow/92237908.cms?utm_source=contentofinterest&utm_medium=text&utm_campaign=cppst
• https://consultation.dpmc.govt.nz/un-cybercrime-convention/principlesandobjectives/supporting_documents/Background.pdf
• https://unric.org/en/a-un-treaty-on-cybercrime-en-route/

‍

Introduction 

The Data Protection Data Privacy Act 2023 is the most essential step towards protecting, prioritising, and promoting the users’ privacy and data protection. The Act is designed to prioritize user consent in data processing while assuring uninterrupted services like online shopping, intermediaries, etc. The Act specifies that once a user provides consent to the following intermediary platforms, the platforms can process the data until the user withdraws the rights of it. This policy assures that the user has the entire control over their data and is accountable for its usage.

‍

A keen Outlook 

The Following Act also provides highlights for user-specific purpose, which is limited to data processing. This step prevents the misuse of data and also ensures that the processed data is being for the purpose for which it was obtained at the initial stage from the user.

1. Data Fudiary and Processing of Online Shopping Platforms: The Act Emphasises More on Users’ Consent. Once provided, the Data Fudiary can constantly process the data until it is specifically withdrawn by the Data Principal.

• Detailed Analysis

• Consent as a Foundation: The Act places the user's consent as a backbone to the data processing. It sets clear boundaries for data processing. It can be Collecting, Processing, and Storing, and must comply with users’ consent before being used.
• Uninterrupted Data processing: With the given user consent, the intermediaries are not time-restrained. As long as the user does not obligate their consent, the process will be ongoing.

2. Consent and Order Fulfillment: Consent, once provided, encloses all the activities related to the specific purpose for which it was meant to the data it was given for subsequent actions such as order fulfilment. 

• Detailed Analysis

• Purpose-Limited Consent: The consent given is purpose-limited. The platform cannot misuse the obtained data for its personal use.
• Seamless User Experience: By ensuring that the user consent covers the full transactions, spared from the unwanted annoyance of repeated consent requests from the actual ongoing activities. 

3. Data Retention and Rub Out on Online Platforms: Platforms must ensure data minimisation post its utilisation period. This extends to any kind of third-party processors they might take on.

• Detailed Analysis

• Minimization and Security Assurance: By compulsory data removal on post ultization,This step helps to reduce the volume of data platforms hold, which leads to minimizing the risk to data.
• Third-Party Accountability, User Privacy Protection. 

‍

Influence from Global frameworks

The impactful changes based on global trends and similar legislation( European Union’s GDPR) here are some fruitful changes in intermediaries and social media platforms experienced after the implementation of the DPDP Act 2023.

1. Solidified Consent Mechanism: Platforms and intermediatries need to ensure the users’ consent is categorically given, and informed, and should be specific to which the data is obtained. This step may lead to user-friendly consent forms activities and prompts. 
2. Data Minimizations: Platforms that tend to need to collect the only data necessary for the specific purpose mentioned and not retain information beyond its utility.
3. Transparency and Accountability: Data collecting Platforms need to ensure transparency in data collecting, data processing, and sharing practices. This involves more detailed policy and regular audits.
4. Data Portability: Users have the right to request for a copy of their own data used in format, allowing them to switch platforms effectively.
5. Right to Obligation: Users can have the request right to deletion of their data, also referred to as the “Right to be forgotten”.
6. Prescribed Reporting: Under circumstances of data breaches, intermediary platforms are required to report the issues and instability to the regulatory authorities within a specific timeline.
7. Data Protection Authorities: Due to the increase in data breaches, Large platforms indeed appoint data protection officers, which are responsible for the right compliance with data protection guidelines.
8. Disciplined Policies: Non-compliance might lead to a huge amount of fines, making it indispensable to invest in data protection measures.
9. Third-Party Audits: Intermediaries have to undergo security audits by external auditors to ensure they are meeting the expeditions of the following compliances.
10. Third-Party Information Sharing Restrictions: Sharing personal information and users’ data with third parties (such as advertisers) come with more detailed and disciplined guideline and user consent.

‍

Conclusion 

The Data Protection Data Privacy Act 2023 prioritises user consent, ensuring uninterrupted services and purpose-limited data processing. It aims to prevent data misuse, emphasising seamless user experiences and data minimisation. Drawing inspiration from global frameworks like the EU's GDPR, it introduces solidified consent mechanisms, transparency, and accountability. Users gain rights such as data portability and data deletion requests. Non-compliance results in significant fines. This legislation sets a new standard for user privacy and data protection, empowering users and holding platforms accountable. In an evolving digital landscape, it plays a crucial role in ensuring data security and responsible data handling.

‍

References:

• https://www.meity.gov.in/writereaddata/files/Digital%20Personal%20Data%20Protection%20Act%202023.pdf
• https://www.mondaq.com/india/privacy-protection/1355068/data-protection-law-in-india-analysis-of-dpdp-act-2023-for-businesses--part-i
• https://www.hindustantimes.com/technology/explained-indias-new-digital-personal-data-protection-framework-101691912775654.html

‍