Xiaomi Bows to India Security Concerns

Xiaomi Corp. is now storing data generated in India on local servers, after the nation’s government indicated that concerns about security breaches may lead to rules mandating domestic data storage for overseas smartphone firms.

Since July 1, all new Indian user data have been stored on local servers provided by Amazon.com Inc. and Microsoft Corp., while all existing data will be fully migrated to local servers by mid-September, the world’s fourth-largest smartphone-maker said on its corporate blog Monday, posting a statement dated Friday.

Xiaomi said it had previously been storing user data on Amazon.com servers in the U.S. and Singapore.

The phone-maker “is committed to India and data protection, and using cloud servers in India is another step in that direction,” Manu Jain, managing director of Xiaomi India, said in the statement. “We will continue to work on this aspect and ensure a heightened user experience for all our users in India,” he said.

Xiaomi said the data migration will cover all Indian users’ data generated across Xiaomi’s e-commerce platform, mobile applications, cloud service, community forums, video player and smart TVs.

New Delhi has warned it may demand foreign handset-makers set up servers in India due to concerns about security breaches, especially as many Chinese smartphone vendors use servers in their home country, according to Indian media outlet The Economic Times.

Last year, the central government asked over 20 smartphone firms — mostly from China — to explain how they ensure the security of user data, according to a report from the Times of India.

The Reserve Bank of India, the country’s central bank, wants data related to payment systems to be stored in the country, local media reports said.

India has become one of recently listed Xiaomi’s biggest success stories, after it unseated global leader Samsung Electronics Co. Ltd. to become the nation’s top player last year. India recently overtook the U.S. as the world’s second-largest smartphone market in terms of units sold, with cheap models supplied by Xiaomi and other Chinese brands, such as Vivo Communication Technology Co. and Oppo Electronics Corp., reeling in consumers.

India is not alone in its concern about foreign firms storing data overseas. China has also made rules to ensure data localization and foreign players such as Airbnb Inc. and Apple Inc. have complied with such moves.

Apple in late February handed over the operations of its iCloud data services for Chinese mainland users to a Guizhou province-based company as the country’s cloud-computing rules took effect.

China’s Cybersecurity Law, which took effect in June 2017, requires tech firms to store all of the data they generate within China inside the country’s borders. A policy issued by the Ministry of Industry and Information Technology in January 2017 stipulated cloud services in China must be operated by Chinese companies, and foreign firms must partner with qualified domestic players to launch such services.

Contact reporter Jason Tan (jasontan@caixin.com)