Evidence and statement in response to media coverage on Xiaomi Privacy Policy
Evidence and statement in response to media coverage on Xiaomi Privacy Policy.
We at Xiaomi hope you and your loved ones are staying safe during this difficult time. An article was published yesterday regarding Xiaomi’s privacy policy in which there are several inaccuracies and misinterpretations about our process for browser data collection and storage. We are providing important clarifications with backup documentation below that supports our position.
Please find below a public statement in response to a recent article by Forbes on our privacy policy on April 30:
—START—
Xiaomi has reviewed a recent article by Forbes on our privacy policies and believes the reporting to be misrepresentative of the facts. At Xiaomi, our users’ privacy and security are of top priority. We strictly follow and are fully compliant with user privacy protection laws and regulations in the countries and regions we operate in. In light of the misrepresentations, we would like to clarify the following:
1. In all global markets where Xiaomi is officially present, in order to offer the best possible user experience, increase compatibility between the operating system and various apps, as well as undertake the obligation of protecting user privacy, all collected usage data is based on permission and consent given explicitly by our users. Additionally, we ensure the whole process is anonymous and encrypted. The collection of aggregated usage statistics data is used for internal analysis, and we do not link any personally identifiable information to any of this data. Furthermore, this is a common solution adopted by internet companies around the world to improve the overall user experience of various products, while safeguarding user privacy and data security.
2. Xiaomi hosts information on a public cloud infrastructure that is common and well known in the industry. All information from our overseas services and users is stored on servers in various overseas markets where local user privacy protection laws and regulations are strictly followed and with which we fully comply.
3. Prior to publication, the reporter emailed us with questions relevant to the article and Xiaomi responded with full transparency, providing detailed answers regarding our technology and privacy policies. We believe the article published does not accurately reflect the content and facts of these communications. After the article was posted, we contacted the reporter with further clarification and are currently in discussion with the intention of swiftly reassuring him with how our data security works in action. In parallel, we created a live post on Xiaomi’s official blog to share this same information with the public. The Forbes article, which details how we protect users’ privacy and comply with all laws and regulations, has recently been updated to include a link to our blog post. https://blog.mi.com/en/2020/05/02/live-post-evidence-and-statement-in-response-to-media-coverage-on-our-privacy-policy/
4. As an internet company, internet security, safety and user privacy are Xiaomi’s core principles and the foundation of our day-to-day work. Our products, technologies, performance and measures on user privacy protection are constantly being improved. In the latest launch of our operating system, MIUI 12, we have adopted the industry’s most stringent and transparent privacy protection measures, to date. For additional transparency, we always welcome fact-based supervisions, inquiries and discussions from the public to continuously improve our products and services for our beloved users and Mi Fans.
—END—
Xiaomi’s statement for now in response to a Forbes article published on April 30:
—START—
Xiaomi was disappointed to read the recent article from Forbes. We feel they have misunderstood what we communicated regarding our data privacy principles and policy. Our user’s privacy and internet security is of top priority at Xiaomi; we are confident that we strictly follow and are fully compliant with local laws and regulations. We have reached out to Forbes to offer clarity on this unfortunate misinterpretation.”
—END—
The following provides detail on how Xiaomi collects data and protects user privacy:
There are two types of data collection:
1. Collection of aggregated usage statistics data – Data (such as system information, preferences, user interface feature usage, responsiveness, performance, memory usage, and crash reports) is aggregated and cannot alone be used to identify any individual. An example of usage scenario: The URL is collected to identify web pages which load slowly; this gives us insight into how to best improve overall browsing performance.
2. Syncing of user browsing data – An individual’s user browsing data (history) is synced when:
– The user is signed in on Mi Account; and
– The data sync function is set to “On” under Settings
An example of usage scenario: To provide users quick access to previously viewed websites when users switch between different devices after logging in to their Mi Accounts.
Under incognito mode, user browsing data is not synced, however, aggregate usage statistics data (mentioned in point 1 above) is still collected.
Below are screenshots to further demonstrate these points.
1. Above screenshot shows the code for how we create randomly generated unique tokens to append to aggregate usage statistics; and these tokens do not correspond to any individuals.
2. This screenshot shows how the Mi Browser works under incognito mode, where no user browsing data will be synced.
3. The following URL shows that the collected usage statistics data is stored on Xiaomi’s domain and we do not pass any data to Sensor Analytics. (MIUI is the operating system of Xiaomi’s devices).
4. This image shows that usage statistic data is transferred with HTTPS protocol of TLS 1.2 encryption.
Below are four certifications Xiaomi received from widely acclaimed international third-party companies and organizations – TrustArc and British Standard Institution (BSI) – which have certified the security and privacy practices of Xiaomi’s smartphone and its default apps, including Mi Browser.
Details could be found here on Xiaomi Trust Center page.
ISO27001:2013
ISO 27001 is a widely accepted and applied international certification standard for information security management system. This certification indicates that Xiaomi has implemented internationally recognized information security control measures defined in this standard.
ISO27018:2014
ISO 27018 is an international code of conduct that focus on personal data protection on cloud. This certification indicates that Xiaomi Cloud has a complete system for the protection of personal data.
ISO29151:2017
ISO/IEC 29151:2017 is an internationally recognized guide for the personal identity information protection. This certification proves Xiaomi’s capabilities of information security guarantee and privacy data protection.
TRUSTe
TrustTe enterprise privacy certification standards have combined the privacy compliance requirements of countries. This certification shows that Xiaomi has established a complete privacy compliance system and obtained internationally recognized privacy data protection capabilities.
Did this article help you? If so, please tell me in a comment what do you think about it.
Don’t miss any of our future video tutorials, follow us on Youtube. Like us on Facebook. Add us in your circles on Google+. Watch our photo albums on Flickr. Subscribe now to our newsletter.
有角标.gif)
