Chinese phone manufacturer Xiaomi is migrating its Indian data to “highly secure” cloud services Amazon Web Services (AWS) and Microsoft Azure, from its current servers in the US and Singapore.

The company said that the migration would be across Xiaomi’s services — its e-commerce platform, Mi TV, Mi Coud, MIUI and Mi Community. According to the company, all new Indian user data since July is already stored in servers within India, and all existing data will be fully migrated to servers in India by mid-September 2018. The company says that localisation will increase access speed.

The company touts its move toward localisation as a “step towards data security and privacy”. Manu Jain, Vice President of Xiaomi and Managing Director at Xiaomi India said, “With the data stored locally and encrypted end to end, users will be able to enjoy greater access speeds.”

VMWare fine with localisation

If a localisation requirement were passed with the data protection law, enterprise software company VMWare would be ready to comply, its COO of customer operations Sanjay Poonen said in Las Vegas. “We don’t go into a country with the idea of taking advantage of local laws. In general, we have to watch them and conform to them,” Poonen told IANS. “We can operate in the region with data being kept there and not exported. We will be happy to provide the government with the information they seek,” another executive said.

Conflicting policy on data localisation

The draft Data Protection Bill 2018, which was submitted to the Union government last month, requires all data fiduciaries to store a copy of users’ personal data in India and more worryingly, the bill also requires mandatory storage of ‘critical personal data’ within India only. Meanwhile, the RBI has mandated all payments system operators working in India to ensure that data related to payment systems operated by them is stored in the country. The move would have come into effect from October 15 this year, according to a report by the Economic Times. There is uncertainty where data will finally be stored, as the RBI’s norms contradict the requirement in the Union government’s draft Data Protection Bill.
  • Just days after the bill was released, Paytm and other domestic e-commerce/payment firms said that 6 months is ‘practical’ enough for companies to adhere to the Reserve Bank of India’s guidelines. Just before the bill was released, Paytm urged the Union government to push for storage of payment system data within the country and not allow mirroring of the data overseas.
  • Offering a ‘potential solution’ to the ongoing saga over the data localisation norms, India’s Economic Affairs Secretary S.C Garg said, a week after the Data Protection Bill 2018 was released, that international payment firms operating in India could keep copies of user data in the country while retaining offshore storage operations.
  • Most foreign companies are worried about how they will comply with the localisation requirements of the draft data protection bill (if passed in current form). Implementing the norms not only would it cost these companies in setting up local data centres, but it may also not be allowed by regulations in their home countries.
  • Amazon India’s plan to launch its own Unified Payments Interface (UPI)-based payments service has been hampered owing to RBI’s concerns regarding the storage of user data in India. The e-commerce giant is reportedly waiting for more clarity on the norms from the central bank.

With inputs from Aroon Deep.