Didi Fined Over $1 Billion for Violating Cybersecurity Law

The penalty may signal the resumption of Didi's normal operations in China.

Image source: China Visual Group

Image source: China Visual Group

BEIJING, July 21 (TMTPOST) – At 1 pm on Thursday, one statement and one Q&A were posted on the official website of the Cyberspace Administration of China simultaneously, saying that a huge fine was slapped on Didi Global, the dominant player of China’s ride-hailing sector.

The fine of 8.026 billion yuan (about US$1.19 billion) meted out to the company and 1 million yuan (about US$147,710) each to Cheng Wei, the firm's Chairman and CEO, and Liu Qing, the firm's President, marked the end of a probe of slightly over 12 months into alleged data security malpractices of the company, which was hastily listed in the New York Stock Exchange in June 2021 and delisted in December 2021.

Didi violated the Internet Security Law, the Data Security Law and the Personal Information Protection Law, according to the statement. 

The Internet watchdog said in the Q&A that the probe was launched to “prevent national data security risks, safeguard national security and protect the interest of the public” in July 2021. After an in-depth investigation, the conclusion was that evidence for the violations was clear and solid and the nature of the violations was serious, according to the statement.

In the Q&A, the regulator listed 16 counts of violations in eight aspects. First, it illegally collected 11.96 million of snapshots from users’ cellphone photo albums; second, it collected unnecessarily information from users’ pasteboards and application list for 8.323 billion times; third, it collected information on passenger face recognition for 107 million times, on the age range for 53.50 million times, on occupations for 16.33 million times and on relationship for 13.83 million times. It also overly collected information on “home” and “office” for 153 million times. Fourth, it illegally collected users’ information on user’s real-time location for 167 million times. Fifth, it collected information on driver’s education background for 142,900 times and on drivers’ identification cards for 57.8 million times; sixth, it collected the purpose of a passenger’s travel without notifying the passenger for 53.97 billion times; seventh, it often demanded the right to access a passenger’s phone number unnecessarily; eighth, it did not provide a clear and accurate explanation on the purpose of collecting information on a user’s devices.

The Q&A also said that the Internet security review found that Didi’s data processing activities severely affected national security negatively and Didi refused to meet explicit requirements of the regulator by pretending to abide by but actually dodging supervision. Didi’s malpractices have caused risks to information infrastructure and data critical to national security. Because it concerns national security, findings in this regard are not disclosed to the public, according to the statement.

The Q&A emphasized that Didi’s violations were serious because it turned a deaf ear to cybersecurity concerns from the regulator. Second, Didi’s violations dated back to June 2015 or lasted as long as seven years. The company violated the Internet Security Law that came into force in June 2017, the Data Security Law that took effect in September 201 and the Personal Information Protection Law that become effective in November 2021.

The wide range and high frequency of the company’s violations listed by the Internet regulator shocked many netizens. Meanwhile, they also wonder whether other companies engaged in similar activities to violate the privacy of application users.

Specter of Incompliance

Didi was founded in June 2014 with the capital of 800,000 yuan (about US$114,000) in a computer warehouse in Beijing. Its business model was similar to Uber. However, its business expansion was faster than Uber thanks to the massive China market. In the 12 months to March 2021, Didi had China’s largest ride-hailing platform, with 377 million active users and 13 million drivers. After years of subsidizing its passengers and drivers lavishly with money from its deep-pocketed investors such as SoftBank, it forced its rivals to agree to a merger or a takeover. But it still reported net losses of 10.6 billion yuan in 2021 after years in red. 

On June 30, Didi made a debut in the U.S. capital market. However, the debut was quiet, even without a NYSE bell-ringing ceremony. Didi floated a US$4.4 billion initial public offering in New York on June 30, 2021, the second largest U.S. IPO by a Chinese firm ever and only after Alibaba’s, despite Chinese regulators’ opposition to its public listing plan and concerns over its cybersecurity practices.

In less than 48 hours after the IPO, a review of its cyber security practices was launched. On July 5, Didi’s 25 applications were removed from app stores in China and no users were allowed to sign up. Regulatory officials visited Didi headquarters in person. With the plunge of the stock price, Didi was sued by many investors in a few class actions.

Didi’s management, led by Cheng and Liu, hold a 9.78 percent stake. The top three institutional shareholders are SoftBank (20.10%), Uber (11.90%) and Tencent (6.4%).

Didi had faced two options: its privatization or delisting from the U.S. market and listing in the Hong Kong Stock Exchange. It delisted from the U.S. market in December 2021, when its stock price was about half of its issue price. Didi’ failure to comply with regulations was still a major concern to Hong Kong’s regulator as they strove to protect investors. Didi’s compliance was 70% below regulatory standards in China and 95% below regulatory standards in Beijing and Shanghai, according to a research report. Didi’s major rival Dida also faced a similar problem and thus its IPO plan did not go through in Hong Kong.

The hefty fine may not signal a new round of clampdown on tech giants in the face of a slowing economy. After paying the fine, the ride-sharing giant may get its apps back in the apps stores, paving the way for its IPO in Hong Kong. The return of Didi's apps to the stores also would mark the first step towards its normal operations.

本文系作者 Chelsea_Sun 授权钛媒体发表,并经钛媒体编辑,转载请注明出处、作者和本文链接
本内容来源于钛媒体钛度号,文章内容仅供参考、交流、学习,不构成投资建议。
想和千万钛媒体用户分享你的新奇观点和发现,点击这里投稿 。创业或融资寻求报道,点击这里

敬原创,有钛度,得赞赏

赞赏支持
发表评论
0 / 300

根据《网络安全法》实名制要求,请绑定手机号后发表评论

登录后输入评论内容

快报

更多

17:17

中国五矿中国三冶集团有限公司原党委书记、董事长赵广利接受纪律审查和监察调查

17:16

国务院批复同意《残疾人保障和发展“十五五”规划》

17:14

中国央行6月公开市场国债买卖净投放100亿元

17:11

证监会同意宇树科技科创板IPO注册申请

17:10

兴业证券:有关Meta对外租售算力的新闻不宜过度悲观地解读为算力过剩

17:08

国务院批复:原则同意《体育强国建设“十五五”规划》,推进“三大球”振兴发展

17:04

欧元区5月失业率为6.2%,低于预期

17:01

万科A:聘任黄宇为公司总裁

16:59

小摩策略师预警:美股AI股走势分化,再现互联网泡沫破裂前相似趋势

16:58

福蓉科技:预计上半年净利同比增长69%,可阳极7系铝合金高端新材料订单增加

16:57

全日空与日本航空上调7至8月燃油附加费

16:56

沪电股份今日跌10.00%,财通证券绍兴柯桥湖西路净卖出4.35亿元

16:55

博威合金:Rubin微通道液冷材料已经验证成功,等待放量

16:54

巨人网络参投VAST新一轮超10亿元融资

16:54

至纯科技:不涉及洁净室业务,客户包括长鑫科技等

16:53

北方华创今日跌10.00%,4家机构专用席位净卖出7.98亿元

16:53

亚马逊低地轨道卫星计划新一批卫星发射升空

16:52

美元兑日元日内跌超1%

16:51

石药创新:与阿斯利康达成新型小干扰核酸药物战略合作

16:51

兴欣新材:年产10,500吨4,4'-联苯二酚系列产品及150吨负载金属催化剂项目相关审批进度尚存在不确定性

扫描下载App