Chinese consumer electronics company Xiaomi is planning to enter the consumer lending business in India with Mi Credit, reported Reuters. The company plans to offer loans up to Rs 100,000 ($1,451) with the interest rates starting at 1.8%. The product is operating in India in beta and will debut in the “coming weeks”. Xiaomi has declined to comment.

The product was initially announced in May 2018. At the time, the company had said Mi Credit would be introduced in partnership with instant personal loan platform KreditBee.

Xiaomi collects data from phone activities

According to the report, Xiaomi collects data from the user’s phone activities to set up their credit profile. It collects personal data such as identity, life stage, lifestyle, social relationships, and brand loyalty. Thus, users signing up for the service will have to sign agreements to allowing sharing of their personal information with the company including “professional and educational backgrounds, temporary messages history and information on the use of certain apps and websites”. The company may also share user’s personal information with Xiaomi-affiliated companies or third-party service providers.

This was also highlighted earlier in the company’s privacy policy which states that the company transfers personal data of Indian users to third-party service providers outside the users’ jurisdiction. The privacy policy is quoted thus: “As such complying with applicable laws, we may transfer your personal data to any subsidiary of the Xiaomi group worldwide when processing that information for the purpose described in this privacy policy. We may also transfer your personal data to our third-party service providers, who may be located in a country or area outside the area of the European Economic Area (EEA)”.

The report also revealed that a potential bank partner from Indonesia back out from the deal in a part because of its privacy concerns about “about invasive data collection”.

Xiaomi stores Indian user data locally

In September 2018, it was reported that Xiaomi is migrating data of Indian users to “highly secure” cloud services Amazon Web Services (AWS) and Microsoft Azure, from its US and Singapore service. The company touts its move toward localisation as a “step towards data security and privacy”. Manu Jain, Vice President of Xiaomi and Managing Director at Xiaomi India said, “With the data stored locally and encrypted end to end, users will be able to enjoy greater access speed. According to the company, the migration would be across Xiaomi’s services — its e-commerce platform, Mi TV, Mi Cloud, MIUI and Mi Community. Xiaomi had also said that all new Indian user data since July is being stored in local servers.

The draft Data Protection Bill 2018, which was submitted to the Union government in July 2018, requires all data fiduciaries to store a copy of users’ personal data in India and more worryingly, the bill also requires mandatory storage of ‘critical personal data’ within India only. Meanwhile, the RBI has mandated all payments system operators working in India to ensure that data related to payment systems operated by them is stored in the country.