Xiaomi, the Chinese smartphone maker that rules the budget smartphone market in India has said on record in their privacy policy that the company transfers users personal data outside India's jurisdiction, meaning that personal data of Indian users gets transferred outside the country's jurisdiction.
Also, read: TikTok ban lifted by Madras High Court
Xiaomi in its privacy guidelines said, "As such complying with applicable laws, we may transfer your (users) personal data to any subsidiary of the Xiaomi group worldwide when processing that information for the purpose described in this privacy policy. We may also transfer your personal data to our third party service providers, who may be located in a country or area outside the area of the European Economic Area (EEA)”.
This means that the Indian Ministry of Electronic and Information Technology under which the cyber law and E-security of citizens comprise, does not have any information or idea on the transfer of personal data taking place outside Indian jurisdiction.
The ministry said in a reply to the Right to Information dated April 22, 2019, it does not have any records and the matter was of no concern to it.
RTI filed by Robin Zaccheus, explains the sequence of events that made him seek information from the ministry: "“The son of CRPF martyred soldier Pradeep Kumar, Siddharth Kumar, shared that minutes before the Pulwama attack he spoke to his father over the phone while he was moving from Jammu to Srinagar in a CRPF convoy and his last words were that he was heading to Srinagar base camp and would reach in an hour or so. The rest is known to all.
“This triggered a question in my mind in the quest to understand the possibilities of where we (mobile phone users) could have gone wrong from security and privacy perspective of the soldier’s movements”
Robin Zaccheus says he knew that Google and other Chinese companies present in India were transferring data out of the country jurisdiction and no one looked into this matter critically. “The information like Web and APP Activity, Track Location History, Record Voice and Audio Activity and Tracking of YouTube search history is by default in the Google app,” he says.
Another independent security researcher, Aneesh Sharma says "there will always be the threat of data misuse and also being targets for advertising companies. Countless users receive emails and texts from companies they have never given personal information to and we wonder how they are able to contact us. It is because users’ personal data is being shared or sold globally. Users are advised to read the privacy policies of mobile manufacturers.”
Also, read: Xiaomi Redmi Y3 and Redmi 7, launched in India
