After the intense accusations made by a cybersecurity company of Lithuania final week, Xiaomi launched an announcement on Monday (27) by which it denied the factors raised within the report and that it has employed an impartial audit to research the allegations by the Lithuanian Nationwide Cyber Safety Heart (NCSC),
- Xiaomi questions the allegations within the Lithuanian report and says it has employed an impartial audit;
- Firm was accused by Lithuanian company of together with instrument that would censor content material;
- Producer states that it follows the stipulations of the European knowledge safety regulation (GDPR).
The NCSC cybersecurity report evaluated 5G gadgets from three Chinese language producers – Xiaomi, Huawei and OnePlus – and claims that the Xiaomi Mi 10T 5G gadget features a phrase filter that could possibly be used for censorship in apps, containing phrases linked to political and social teams.
The NCSC report itself, nevertheless, makes it clear that the filter is just not activated on fashions bought in Europe. The response of Xiaomi in flip, doesn’t deny the presence of the thesaurus – that in accordance with the Lithuanian company is distributed in a file named “MiAdBlacklistConfig”. However the producer explains that it makes use of a time period administration system that “can be utilized to guard customers from inappropriate content material equivalent to pornography, violence, hate speech and references that could be offensive to native customers”.
Xiaomi stated within the press launch that it’s searching for an impartial experience to disprove the factors raised by the NCSC, however didn’t say when it expects the evaluation to be launched. As well as, the producer emphasised that respects the requirements of remedy of private knowledge in Europe – gathered within the normal regulation of knowledge safety (GDPR, or RGPD in Portuguese, equal to the Brazilian LGPD).
Full assertion launched by Xiaomi
Xiaomi (“we”) are conscious of the report “Cybersecurity evaluation of 5G-enabled cellular gadgets” (“the report”) lately printed by the Lithuanian Info and Safety Authority (NCSC).
We take severely the allegations made within the report. Whereas we query the characterization of some findings, we’ve got sought an impartial professional to guage the factors raised within the report. We consider within the integrity of our merchandise and our firm’s compliance practices in Lithuania and throughout Europe, and we consider a 3rd celebration will affirm this for our customers and companions.
Particularly, Xiaomi wish to deal with two necessary factors within the report:
1. Alleged censorship
Xiaomi’s merchandise don’t prohibit or filter communications to or from its customers. Xiaomi has by no means restricted or blocked any private actions of its smartphone customers, equivalent to: B. Looking, calling, browsing the Web, or utilizing third-party communications software program. The NCSC report doesn’t state that.
The report factors out that Xiaomi makes use of promoting administration software program with restricted means to handle paid and push promoting despatched to gadgets by way of Xiaomi’s apps, equivalent to Mi Video and Mi Browser.
This can be utilized to guard customers from inappropriate content material equivalent to pornography, violence, hate speech and references that could be offensive to native customers. This apply is widespread within the smartphone and web industries around the globe.¹
We assessment our promoting administration system tips once in a while to make sure that they meet our customers’ wants and expectations.
Xiaomi is dedicated to appearing responsibly and transparently in all nations. We’re dedicated to steady enchancment and innovation and welcome exchanges with customers, regulators and different stakeholders.
2. Knowledge processing and knowledge transmission
The report additionally falsely suggests [an inadequate] knowledge processing process. The truth is, Xiaomi complies with all necessities of the Basic Knowledge Safety Regulation [GDPR], together with the use, processing and transmission of end-user knowledge. Our compliance applies to all techniques, functions and companies. Any use of private knowledge requires the legitimate consent of the top consumer and is at all times performed in accordance with native or regional legal guidelines and rules of the European Union and its member states.
Xiaomi works in accordance with ISO / IEC 27001 data safety administration requirements and ISO / IEC 27701 privateness data administration system. Xiaomi has additionally acquired the TrustArc Company Privateness Certification yearly since 2016. This ensures the absolute best privateness and safety safety for the top consumer.
Xiaomi wish to emphasize as soon as once more that we’re dedicated to the privateness and safety of our customers. We work to the very best requirements and adjust to all native and regional rules.
¹ please see Article 13: Controversial content material of Fb Advertisements insurance policies, obtainable at https://www.fb.com/insurance policies/advertisements/; Political content material clause of Google Advertisements insurance policies, obtainable at https://assist.google.com/adspolicy/reply/6008942