VPN Industry Faces Risk Regarding GDPR Compliance

Even almost a week after the General Data Protection Regulation (GDPR) took effect in the European Union, there is massive confusion surrounding the new law. Many companies don’t understand what the regulation is all about, and many others don’t care about it at all. What about VPN service providers? Are they in compliance with GDPR?

VPN Industry Faces Risk Regarding GDPR Compliance

VPN Industry Faces Risk Regarding GDPR Compliance

Total confusion

Companies belonging to the latter group have already blocked users from the EU to avoid being in compliance with GDPR. This only goes on to show the disregard for data protection in the digital world.

Such confusion and disregard also extend to the VPN industry. Virtual Private Networks have been providing internet users with online privacy, but they get to see every internet activity of the user.

Although reputed VPNs don’t store user activity logs, several free VPNs have come under fire for not only collecting user data but also selling it to third party advertisers. Such VPNs also offer the least secure encryption protocols and make data more vulnerable.


A survey involving nine reputed VPNs in the market has found that several VPN companies aren’t yet fully in compliance with GDPR. Out of the nine companies, only four of them were willing to provide details about their privacy policy, but the rest weren’t.

When top paid VPNs can be vague about their compliance with GDPR, there can be no expectation from small, free VPNs. However, compliance with GDPR isn’t optional. Any organization situated within the EU or dealing with EU citizens’ data must comply with the law.

GDPR tips the balance in favor of ordinary individuals. Every user now has the right to know who is collecting their data and what they are using it for. If they don’t agree to share their personal data with any company, it must be respected.

This has created a big issue for several companies, not only because they have to review their contracts and update their privacy policies, but because they can no longer collect and use private data of users as they wish.

There are huge financial penalties for organizations that don’t comply with the GDPR. The law has been hailed as the most important and significant regulation to ever come into effect.

Lots of Questions Remain

Out of the VPNs involved in the survey, only Private Internet Access, ibVPN, Tunnelbear, Cyberghost, and Buffered were able to provide full details regarding their compliance strategy in answer to a set of rigorous questions. The others were only able to provide a vague assurance that they are working to upgrade their privacy policies.

If VPN companies are unable to provide details about their compliance strategy, they are most likely to continue to collect and sell user data to third parties. In that case, they can be shut down or fined heavily by the EU law. This will weaken the trust that Internet users have come to faith in VPNs.

Europe has always had data protection regulations in place, but the rules weren’t the same in every country. While watchdogs in some countries could levy fines, others couldn’t. This made data protection regulations vary from one European country to another.

With the GDPR, the same regulations apply to entire Europe. Watchdogs in every country can now levy fines. Europe’s data protection laws have always been better than the rest of the world, but with the GDPR, it has shaken every organization that deals with user data.

European Governments Love Laws

European data protection regulations first came about in 1995, but in those days, the world wasn’t data-driven like today. Therefore the rules needed to be reviewed and the GDPR created.

Although the GDPR isn’t flawless and there are still several loopholes that the law hasn’t been able to cover, but it does provide EU citizens with a sense of data security. But is it going to smash creativity and crush initiative? How many more regulations does this socialist continent need?

VPNs are the ordinary Internet user’s last line of defense against online security threats. They allow journalists and activists to anonymously use the Internet, while they provide folks with ways of bypassing Internet censorship and unblocking region-locked content.

VPNs and GDPR Compliance – The Future is Unknown

Given that VPN service providers had two years to prepare for the eventually GDPR implementation, it is disappointing to find out that most of them still are not abiding by the new laws. However, this doesn’t only apply to the VPN industry. Many websites and service around the world are yet to fully comply with GDPR.

If you want privacy on the Internet, be careful what you put out there. Stop depending on government to take care of you.

One Comment

Add a Comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.