Xiaomi Accused of AI-Driven User Data Tracking and Privacy Violations

Thumbnail Image

The information displayed in the AIM should not be reported as representing the official views of the OECD or of its member countries.

Security researchers found that Xiaomi smartphones and browsers collect and transmit extensive user data—including browsing history and device identifiers—even in incognito modes, without user consent. The data, processed by AI-enabled systems, is sent to remote servers, raising serious privacy concerns for millions of users. Xiaomi denies wrongdoing.[AI generated]

Why's our monitor labelling this an incident or hazard?

The event involves the use of AI systems insofar as the browsers collect and process user data, likely using AI or algorithmic methods for data collection and analysis. The harm is a violation of user privacy rights, which falls under violations of human rights or breach of obligations protecting fundamental rights. Since the data collection is ongoing and affects millions, it constitutes realized harm. Therefore, this qualifies as an AI Incident due to the direct involvement of AI-enabled data collection leading to privacy violations.[AI generated]
AI principles
Privacy & data governanceTransparency & explainabilityRespect of human rightsRobustness & digital securityAccountability
Industries
Consumer productsDigital security
Affected stakeholders
Consumers
Harm types
Human or fundamental rights
Severity
AI incident
Business function:
Marketing and advertisement
AI system task:
Organisation/recommenders

Articles about this incident or hazard

Thumbnail Image

安全研究员Gabi Cirlig:小米记录并发送大量用户的Web和手机使用数据 - Xiaomi 小米科技 - cnBeta.COM

2020-05-01
cnBeta.COM
Why's our monitor labelling this an incident or hazard?
The event involves the use of AI systems insofar as the browsers collect and process user data, likely using AI or algorithmic methods for data collection and analysis. The harm is a violation of user privacy rights, which falls under violations of human rights or breach of obligations protecting fundamental rights. Since the data collection is ongoing and affects millions, it constitutes realized harm. Therefore, this qualifies as an AI Incident due to the direct involvement of AI-enabled data collection leading to privacy violations.
Thumbnail Image

被指责收集私人浏览数据后 小米发布浏览器产品更新 - Xiaomi 小米科技 - cnBeta.COM

2020-05-05
cnBeta.COM
Why's our monitor labelling this an incident or hazard?
The Xiaomi browser software, which involves AI components for data aggregation and processing, has been reported to collect extensive private browsing data, including in private mode, which directly harms user privacy rights. The company's defense that it complies with local laws does not negate the harm caused by invasive data collection practices. The involvement of AI in processing and aggregating this data makes it an AI system causing harm through its use. Hence, this is an AI Incident involving violation of rights due to the AI system's use leading to harm.
Thumbnail Image

小米国外被指控追踪用户一举一动,小米已回应

2020-05-02
新浪财经
Why's our monitor labelling this an incident or hazard?
The event describes Xiaomi smartphones collecting and transmitting detailed user data without consent, including in privacy modes, which constitutes a violation of privacy rights (a human rights violation). The data collection and processing involve automated, AI-like systems for tracking and profiling users. The harm is realized, not just potential, as user privacy is compromised. Xiaomi's denial does not remove the fact that the data collection occurred as per the security researcher's findings. Hence, this is an AI Incident involving violation of human rights through AI-enabled data tracking.