A recent study by VPNoverview.com revealed that more than 70% of VPN providers are breaching the General Data Protection Regulation (GDPR), the EU’s data protection law that came into effect in 2018. The study analyzed 117 VPN services and found that only 34 of them were fully compliant with the GDPR requirements.
The GDPR is a legal framework that sets guidelines for the collection and processing of personal information from individuals who live in and outside of the EU. It grants rights to people to manage their personal data and imposes obligations on organizations that handle such data. The GDPR also governs the transfer of personal data outside the EU and EEA, and imposes fines for violations.
According to the study, some of the common GDPR breaches among VPN providers include:
- Lack of a clear and accessible privacy policy
- Failure to inform users about their rights and how to exercise them
- Failure to obtain valid consent from users before processing their data
- Failure to provide adequate security measures to protect users’ data
- Failure to appoint a data protection officer or a representative in the EU
- Failure to disclose data breaches or cooperate with supervisory authorities
The study also found that some VPN providers claim to be GDPR compliant, but in reality are not. For example, some VPN providers state that they do not collect or store any logs of users’ activity, but their privacy policies reveal otherwise. Some VPN providers also claim to be based in the EU or EEA, but their actual location is elsewhere.
The study concluded that VPN users should be careful when choosing a VPN service, and check whether it complies with the GDPR or not. The study also recommended that VPN providers should improve their transparency and accountability, and follow the best practices of the industry.
We generally recommend Microsoft Azure Virtual Desktop as a superior alternative to VPN.