The Czech branch of the Chinese company Huawei is suspected of collecting sensitive data on officials and businessmen through its employees. This material is allegedly gathered during business meetings and subsequently entered into a central database to which the company’s headquarters in China have access. Czech Radio’s investigative team at Radiožurnál broke the story, citing former Huawei employees and Czech intelligence sources.

Photo: laboratorio linux, Flickr, CC BY-NC-SA 2.0

Two former managers who worked at the Czech branch of the Chinese tech and telecommunications giant Huawei recently spoke under condition of anonymity to Czech Radio’s investigative team, which has been analysing how exactly Huawei functions in the Czech Republic.

The company has been under the spotlight due to its bid to roll out the 5G network here and elsewhere in Europe.

The two individuals independently stated that aside from business information, they also had to enter personal details into the company’s internal database. This ranged from things such as the number of children their client has and their personal interests, all the way to the individual’s financial situation.

One of the former managers, who did not wish to disclose his identity, was cited by Radiožurnál in regards to how this database system worked.

“Access to the information, which is stored in this customer relationship management system, is managed exclusively from the headquarters in China. It is very hard to find and prove who has access to this data and what they use it for.”

Furthermore, it was allegedly common practice for Huawei employees to discuss the gathered information at meetings with Chinese Embassy employees. The source was unable to say whether these were spies.

The other source told Radiožurnál that their task was to gather information on state officials, who were then invited to a conference, or on a trip to China.

“Officials on the level of department director or deputy minister were always picked out. I was then given the task of entering the personal details of the individual or group that was supposed to come for a reference visit into a document, which was intended for the company’s Czech management and headquarters in China.”

Czech intelligence services have been aware of this practice, which one source says has been uncommon in business circles for some time.

Photo: John Karakatsanis, Flickr, CC BY-SA 2.0

In fact, BIS, the country’s civilian intelligence branch, conducts special courses for civil servants and politicians on how to protect oneself from these tactics, which can be used by any foreign intelligence service.

BIS spokesman Ladislav Šticha says that his service regularly warns course attendees to be very careful at such meetings, because anyone could be an intelligence officer and whatever they say could end up in the hands of a foreign power.

Huawei has provided Czech Radio with a written statement denying the use of any unlawful practices, saying that all activities and meetings its employees take part in are subject to Czech and European and GDPR rules on privacy, further complemented by the company’s internal guidelines.

These guidelines were then shown to a Czech Radio reporter by Huawei representatives at a personal meeting. However, the guideline does not only concern personal data protection. In fact, it states that personal details, which the company collects, have to be precise and updated. Those individuals who are of particular interest to the company and whose information is gathered are then referred to as “data subjects”.

Huawei has several times publicly denied cooperating with the Chinese government. However, just a few months ago, in the beginning of 2019, one Huawei employee was arrested in Poland under suspicion of spying. The Polish national was fired by the company the following day.