The Ethical Considerations of Using VPNs in Business

The Ethical Considerations of Business VPN

A Virtual Private Network (VPN) allows an organization to set up a secure and encrypted Internet connection, wherever a user is based. 

By using a VPN, data transmitted between a device and a server is encrypted, providing privacy and security. The ramifications of this on end-user privacy are significant: masking an IP address, securing VPN connections to private networks, and adding a layer of security when on public Wi-Fi. 

In essence, a VPN enhances your online privacy, security, and freedom by creating a virtual secure tunnel for your employee’s internet traffic. However, understanding the ethical intricacies of different countries’ approaches to VPNs is paramount for international enterprises. 

Quick Takeaways

  • VPNs act on a global scale: From India to Europe, VPN providers offer mind-bending quantities of points of presence. Go local for maximum speed, or further afield for tighter security.
  • Regional ethical considerations are numerous: Keeping track of local regulations is the bare minimum, and each country has its own demands on VPN architecture.
  • Choose your best match for a VPN provider: Assess your enterprise’s ethical priorities, before comparing them against the offerings of different VPN providers.

Global Approaches to Online Security: Keep on Top of the Government’s Demands

On the surface, it can appear that the rules and regulations placed upon enterprises are all for the same reason – to keep citizens safe. However, digging into the ethical terrain of VPN and user data shows that it’s not that simple: every government has their own driving ethos.


China still represents massive economic potential: international enterprises are increasingly finding their footing in the market, and the number of externally-invested organizations continues to grow year-on-year. 

For organizations with Chinese offices, VPNs represent a structural piece of network architecture, granting the ability for international collaboration. However, the CCP has a vested interest in maintaining the Great Firewall, which monitors and restricts online content for its citizens. 

They simultaneously acknowledge the fact that foreign investments largely demand VPNs. 

As a middle ground, enterprises may use this tooling, but only with pre-determined providers and services that comply with local censorship laws; this includes backdoor access to the contents of each data packet, which can still be monitored.

Non-compliant services an outright ban: despite this, a black market for unapproved VPNs persists, with some providers openly advertising their ability to bypass government oversight.

The European Union

While it’s tempting to condone the Chinese government’s surveillance as uniquely authoritarian, other governments around the world are placing increasing suspicion upon the exchange of information facilitated by VPNs. 

Understandably so: cyberattacks are spiraling in number, and increasing geopolitical tensions shed a suspicious light on VPN tunnels’ ability to hide internet traffic. In 2018, the EU cracked down on organizations’ security measures. The GDPR’s primary goals are to protect the personal data of EU citizens and to empower them with greater control over how their information is collected, stored, and used. 

By establishing stringent guidelines and robust enforcement mechanisms, enterprises are forced to enhance customer data security. Discussions around encryption directly support the usage of enterprise VPNs.

Come 2024, however, the EU is placing increasing scrutiny upon online visibility. The Electronic Identification, Authentication and Trust Services (eIDAS) decision is an ongoing debate surrounding online accountability. The original eIDAS ruling sought to implement a European Digital Identity Wallet, a government app for storing personal information like driver’s licenses and bank cards. 

More recently, eIDAS 2.0 seeks to not only confirm digital identity – but to change how browsers handle information. One of eIDAS 2.0’s demands is for browser makers to trust government-approved Certificate Authorities (CA). These cannot be blocked or removed from browsers’ trusted certificates, even if websites otherwise fail to meet security requirements of their root stores. 

Requesting a copy of the CA would allow the government to impersonate the website and use a man-in-the-middle attack to intercept and decrypt HTTPS traffic between the site and its individual users. 

Consequently, the government can monitor user’s online activities on the site at any time without the browser being able to block the certificate.

In this scenario, a VPN would become ineffective, as the government would be able to intercept the VPN traffic at the browser level. For now, however, eIDAS 2.0 remains tightly contested – business VPNs are still important methods of enterprise protection.


In 2022, the Indian government released its latest VPN ruling: all VPN providers are required to store extensive user log data, and hand it over when requested by police and law enforcement. While not a blanket ban on VPNs, the Narendra Modi-led government has made one thing explicitly clear to Indian VPN providers: 

“If you want to pull out, frankly, that is the only opportunity you have”.

With otherwise no comment on international VPNs, it’s for now assumed that relying on servers outside of India is safe.

Ethical Considerations When Choosing a VPN Provider

Corporate VPNs encrypt all web traffic, and routes it via an intermediary server. For a piece of technology so architecturally uncomplex, it demands a whole host of ethical considerations. Largely due to the international distribution of VPNs, an organization needs to consider its own cultural fit within a country’s wider VPN rulings.

To work this out, your VPN provider should be a partner. Alongside this, there needs to be a critical ethical and regulatory question to answer:

Who can see the data?

Knowing how your VPN provider protects your employees, data, and assets is vital to assessing its ethical fit. 

End-to-end ownership allows for maximum transparency in this – furthermore, you need to confirm that they have the knowledge and skills to maintain the VPN tooling to the highest degree. An extensive public sector client list is a good sign to look for – those clients typically require the most secure and resilient solutions.

Find a VPN Partner with Perimeter81

Rather than assuming your provider is handling sensitive corporate data ethically, choose a VPN partner. This should strategically align with not just your security goals, but have a similarly cross-borders scope that your organization needs. 

Perimeter81’s VPN replacement offers security beyond mere encryption, by segmenting network access by role, reducing latency of your teams, and bringing access visibility to the edge of your corporate network. 

Get started with a demo today to see how Perimeter81 bulletproofs regulatory compliance.


What are the main ethical concerns of using an enterprise VPN?
The main ethical concerns include data privacy, potential misuse of employee data, and ensuring that the VPN provider adheres to strict security standards to protect sensitive business information.
How does an enterprise VPN impact employee privacy?
An enterprise VPN can impact employee privacy by monitoring and logging internet usage, which could lead to concerns about surveillance and misuse of personal data.
Is it ethical to use an enterprise VPN to monitor employee activity?
VPNs can act as greater security measures to prevent data theft and malicious insiders. While ethical, it must be transparent and comply with privacy laws. Employees should be informed about the extent of monitoring.
What ethical considerations should a business keep in mind when choosing a VPN provider?
Businesses should choose a VPN provider that has a strong privacy policy, logs minimal user data, and complies with data protection regulations to ensure ethical handling of information.
How can an enterprise ensure the ethical use of its VPN?
Enterprises can ensure ethical use by implementing clear policies, educating employees about acceptable use, and regularly auditing VPN usage to prevent abuse and protect privacy.

Get the latest from Perimeter 81