Whilst fixated on the ongoing national elections, India must not take its eye off Chinese tech giant Xiaomi as it makes an aggressive march to capture the huge market (and maybe even data!)

Xiaomi has just invested half a billion dollars in India. That’s a ringing endorsement of Prime Minister Narendra Modi’s Make in India initiative.

This massive investment is expected to help it fight the challenge from Samsung, which has launched a determined effort to wrest back the crown it lost to Xiaomi as India’s top selling mobile phone brand last year. International Data Corporation, which tracks cell phone shipments around the world, says Xiaomi has a 28.9 per cent share of the Indian market… and counting.

On the face of it, Xiaomi’s success looks like a win-win situation for India, for Xiaomi and for the Indian consumer. India gets massive foreign direct investment (FDI) inflows and this generates jobs for its youth and tax revenues for the government. Xiaomi gets a dominant position in the world’s second-largest mobile phone market and Indian consumers get a value proposition – both in terms of technology as well as price – that is currently not matched by any of its rivals.

But at a time when data privacy has emerged as a prime concern in this country – with the government and the Reserve Bank of India (RBI), India’s central bank, mandating the storage of data on Indian citizens in India – and security analysts have raised red flags about Chinese companies getting access to copious amounts of data of Indian users, the fact that Xiaomi accounts for three out of every 10 cell phones sold in India does raise questions.

So, what is the kind of data that Xiaomi has access to?

According to Xiaomi India website, it collects a vast array of personal information about its users. Given that some people have taken the government of India to court over the issue of personal information stored in the Aadhaar servers, the amount of data collected by Xiaomi is bound to make many people uncomfortable. Aadhaar is a 12-digit unique identity number that can be obtained by residents of India based on their biometric and demographic data.

Xiaomi collects, among many other things, information such as its customer’s name, email address, delivery address, ID card, driver license, passport details, mobile phone number, bank account and credit card details (if the customer has made a purchase at Xiaomi online), the entire list of contact store on the phones, photos and other content stored on the phone and a host of other personal details.

That’s a humungous amount of personal information. To be fair, most other phone makers, including Apple and Samsung also require access to similar information. But the key difference is that India does not have any strategic concerns about the home countries of these brands.

And although no one in the government will say this in public, it remains a fact that China is, arguably, India’s biggest strategic challenge.

Since transparency levels are extremely low in China – and there are very real concerns about ties between Chinese corporations and its security establishment – this is a very real security concern for India.

Xiaomi’s cloud storage service Mi Cloud has all its servers in China, where all data is stored. So, it is possible for the Chinese security apparatus to keep tabs on influential Xiaomi users and then use it for unauthorised purposes.

In fact, towards the end of 2014, the Indian Air Force had issued a warning against the use of Xiaomi phones, which, it said, posed a national security challenge as they sent user data to a Chinese government agency. This is a delicate situation for the Government of India. The country obviously welcomes the huge investments being made by Xiaomi in this country. At the same time, the security-related red flags are too serious to be ignored.

But there is a way out: Quickly enforce the government’s diktat on storing data of Indian users in India. It may be a good idea to give Xiaomi a tight deadline to implement this diktat and then hold it strictly to this timeline.

That will address the security concern without killing the hen that is laying golden eggs.

Article first published by Manoj Ladwa. writes India Inc. Founder & CEO